KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > derby > iapi > sql > dictionary > StatementColumnPermission


1 /*
2
3    Derby - Class org.apache.derby.iapi.sql.dictionary.StatementColumnPermission
4
5    Licensed to the Apache Software Foundation (ASF) under one or more
6    contributor license agreements. See the NOTICE file distributed with
7    this work for additional information regarding copyright ownership.
8    The ASF licenses this file to you under the Apache License, Version 2.0
9    (the "License"); you may not use this file except in compliance with
10    the License. You may obtain a copy of the License at
11
12       http://www.apache.org/licenses/LICENSE-2.0
13
14    Unless required by applicable law or agreed to in writing, software
15    distributed under the License is distributed on an "AS IS" BASIS,
16    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17    See the License for the specific language governing permissions and
18    limitations under the License.
19
20  */

21
22 package org.apache.derby.iapi.sql.dictionary;
23
24 import org.apache.derby.iapi.error.StandardException;
25 import org.apache.derby.catalog.UUID;
26 import org.apache.derby.iapi.sql.conn.Authorizer;
27 import org.apache.derby.iapi.reference.SQLState;
28 import org.apache.derby.iapi.services.io.FormatableBitSet;
29 import org.apache.derby.iapi.sql.conn.LanguageConnectionContext;
30
31 /**
32  * This class describes a column permission used (required) by a statement.
33  */

34
35 public class StatementColumnPermission extends StatementTablePermission
36 {
37     private FormatableBitSet columns;
38
39     /**
40      * Constructor for StatementColumnPermission. Creates an instance of column permission requested
41      * for the given access.
42      *
43      * @param tableUUID UUID of the table
44      * @param privType Access privilege requested
45      * @param columns List of columns
46      *
47      */

48     public StatementColumnPermission(UUID tableUUID, int privType, FormatableBitSet columns)
49     {
50         super( tableUUID, privType);
51         this.columns = columns;
52     }
53
54     /**
55      * Return list of columns that need access
56      *
57      * @return FormatableBitSet of columns
58      */

59     public FormatableBitSet getColumns()
60     {
61         return columns;
62     }
63
64     /**
65      * Method to check if another instance of column access descriptor matches this.
66      * Used to ensure only one access descriptor for a table/columns of given privilege is created.
67      *
68      * @param obj Another instance of StatementPermission
69      *
70      * @return true if match
71      */

72     public boolean equals( Object JavaDoc obj)
73     {
74         if( obj instanceof StatementColumnPermission)
75         {
76             StatementColumnPermission other = (StatementColumnPermission) obj;
77             if( ! columns.equals( other.columns))
78                 return false;
79             return super.equals( obj);
80         }
81         return false;
82     }
83     
84     /**
85      * @see StatementPermission#check
86      */

87     public void check( LanguageConnectionContext lcc,
88                        String JavaDoc authorizationId,
89                        boolean forGrant)
90         throws StandardException
91     {
92         DataDictionary dd = lcc.getDataDictionary();
93
94         if( hasPermissionOnTable(dd, authorizationId, forGrant))
95             return;
96         FormatableBitSet permittedColumns = null;
97         if( ! forGrant)
98         {
99             permittedColumns = addPermittedColumns( dd,
100                                                     false /* non-grantable permissions */,
101                                                     Authorizer.PUBLIC_AUTHORIZATION_ID,
102                                                     permittedColumns);
103             permittedColumns = addPermittedColumns( dd,
104                                                     false /* non-grantable permissions */,
105                                                     authorizationId,
106                                                     permittedColumns);
107         }
108         permittedColumns = addPermittedColumns( dd,
109                                                 true /* grantable permissions */,
110                                                 Authorizer.PUBLIC_AUTHORIZATION_ID,
111                                                 permittedColumns);
112         permittedColumns = addPermittedColumns( dd,
113                                                 true /* grantable permissions */,
114                                                 authorizationId,
115                                                 permittedColumns);
116                                                 
117         for( int i = columns.anySetBit(); i >= 0; i = columns.anySetBit( i))
118         {
119             if( permittedColumns != null && permittedColumns.get(i))
120                 continue;
121
122             // No permission on this column.
123
TableDescriptor td = getTableDescriptor( dd);
124             ColumnDescriptor cd = td.getColumnDescriptor( i + 1);
125             if( cd == null)
126                 throw StandardException.newException( SQLState.AUTH_INTERNAL_BAD_UUID, "column");
127             throw StandardException.newException( forGrant ? SQLState.AUTH_NO_COLUMN_PERMISSION_FOR_GRANT
128                                                   : SQLState.AUTH_NO_COLUMN_PERMISSION,
129                                                   authorizationId,
130                                                   getPrivName(),
131                                                   cd.getColumnName(),
132                                                   td.getSchemaName(),
133                                                   td.getName());
134         }
135     } // end of check
136

137     /**
138      * Add one user's set of permitted columns to a list of permitted columns.
139      */

140     private FormatableBitSet addPermittedColumns( DataDictionary dd,
141                                                   boolean forGrant,
142                                                   String JavaDoc authorizationId,
143                                                   FormatableBitSet permittedColumns)
144         throws StandardException
145     {
146         if( permittedColumns != null && permittedColumns.getNumBitsSet() == permittedColumns.size())
147             return permittedColumns;
148         ColPermsDescriptor perms = dd.getColumnPermissions( tableUUID, privType, false, authorizationId);
149         if( perms != null)
150         {
151             if( permittedColumns == null)
152                 return perms.getColumns();
153             permittedColumns.or( perms.getColumns());
154         }
155         return permittedColumns;
156     } // end of addPermittedColumns
157

158     /**
159      * @see StatementPermission#getPermissionDescriptor
160      */

161     public PermissionsDescriptor getPermissionDescriptor(String JavaDoc authid, DataDictionary dd)
162     throws StandardException
163     {
164         //If table permission found for authorizationid, then simply return that
165
if (oneAuthHasPermissionOnTable( dd, authid, false))
166             return dd.getTablePermissions(tableUUID, authid);
167         //If table permission found for PUBLIC, then simply return that
168
if (oneAuthHasPermissionOnTable( dd, Authorizer.PUBLIC_AUTHORIZATION_ID, false))
169             return dd.getTablePermissions(tableUUID, Authorizer.PUBLIC_AUTHORIZATION_ID);
170         
171         //If table level permission not found, then we have to find permissions
172
//at column level. Look for column level permission for the passed
173
//authorizer. If found any of the required column level permissions,
174
//return the permission descriptor for it.
175
ColPermsDescriptor colsPermsDesc = dd.getColumnPermissions(tableUUID, privType, false, authid);
176         if( colsPermsDesc != null)
177         {
178             if( colsPermsDesc.getColumns() != null){
179                 FormatableBitSet permittedColumns = colsPermsDesc.getColumns();
180                 for( int i = columns.anySetBit(); i >= 0; i = columns.anySetBit( i))
181                 {
182                     if(permittedColumns.get(i))
183                         return colsPermsDesc;
184                 }
185             }
186         }
187         return null;
188     }
189     
190     /**
191      * This method gets called in execution phase after it is established that
192      * all the required privileges exist for the given sql. This method gets
193      * called by create view/trigger/constraint to record their dependency on
194      * various privileges.
195      * Special code is required to track column level privileges.
196      * It is possible that some column level privileges are available to the
197      * passed authorizer id but the rest required column level privileges
198      * are available at PUBLIC level. In this method, we check if all the
199      * required column level privileges are found for the passed authorizer.
200      * If yes, then simply return null, indicating that no dependency is
201      * required at PUBLIC level, because all the required privileges were found
202      * at the user level. But if some column level privileges are not
203      * available at user level, then they have to exist at the PUBLIC
204      * level when this method gets called.
205      */

206     public PermissionsDescriptor getPUBLIClevelColPermsDescriptor(String JavaDoc authid, DataDictionary dd)
207     throws StandardException
208     {
209         ColPermsDescriptor colsPermsDesc = dd.getColumnPermissions(tableUUID, privType, false, authid);
210         FormatableBitSet permittedColumns = colsPermsDesc.getColumns();
211         boolean allColumnsCoveredByUserLevelPrivilege = true;
212         for( int i = columns.anySetBit(); i >= 0 && allColumnsCoveredByUserLevelPrivilege; i = columns.anySetBit( i))
213         {
214             if(permittedColumns.get(i))
215                 continue;
216             else
217                 allColumnsCoveredByUserLevelPrivilege = false;
218         }
219         if (allColumnsCoveredByUserLevelPrivilege)
220             return null;
221         else
222             return (dd.getColumnPermissions(tableUUID, privType, false, Authorizer.PUBLIC_AUTHORIZATION_ID));
223     }
224 }
225
Popular Tags