KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > derby > impl > sql > execute > TablePrivilegeInfo


1 /*
2
3    Derby - Class org.apache.derby.impl.sql.execute.TablePrivilegeInfo
4
5    Licensed to the Apache Software Foundation (ASF) under one or more
6    contributor license agreements. See the NOTICE file distributed with
7    this work for additional information regarding copyright ownership.
8    The ASF licenses this file to you under the Apache License, Version 2.0
9    (the "License"); you may not use this file except in compliance with
10    the License. You may obtain a copy of the License at
11
12       http://www.apache.org/licenses/LICENSE-2.0
13
14    Unless required by applicable law or agreed to in writing, software
15    distributed under the License is distributed on an "AS IS" BASIS,
16    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17    See the License for the specific language governing permissions and
18    limitations under the License.
19
20  */
21
22 package org.apache.derby.impl.sql.execute;
23
24 import org.apache.derby.iapi.services.sanity.SanityManager;
25 import org.apache.derby.iapi.services.io.FormatableBitSet;
26 import org.apache.derby.iapi.sql.Activation;
27 import org.apache.derby.iapi.error.StandardException;
28 import org.apache.derby.iapi.sql.conn.LanguageConnectionContext;
29 import org.apache.derby.iapi.store.access.TransactionController;
30 import org.apache.derby.iapi.sql.depend.DependencyManager;
31 import org.apache.derby.iapi.sql.dictionary.AliasDescriptor;
32 import org.apache.derby.iapi.sql.dictionary.PermissionsDescriptor;
33 import org.apache.derby.iapi.sql.dictionary.SchemaDescriptor;
34 import org.apache.derby.iapi.sql.dictionary.TablePermsDescriptor;
35 import org.apache.derby.iapi.sql.dictionary.ColPermsDescriptor;
36 import org.apache.derby.iapi.sql.dictionary.TableDescriptor;
37 import org.apache.derby.iapi.sql.dictionary.ViewDescriptor;
38 import org.apache.derby.iapi.sql.dictionary.DataDictionary;
39 import org.apache.derby.iapi.sql.dictionary.DataDescriptorGenerator;
40 import org.apache.derby.iapi.sql.dictionary.TupleDescriptor;
41 import org.apache.derby.iapi.reference.SQLState;
42
43 import java.util.List JavaDoc;
44 import java.util.Iterator JavaDoc;
45
46 public class TablePrivilegeInfo extends PrivilegeInfo
47 {
48     // Action types
49 public static final int SELECT_ACTION = 0;
50     public static final int DELETE_ACTION = 1;
51     public static final int INSERT_ACTION = 2;
52     public static final int UPDATE_ACTION = 3;
53     public static final int REFERENCES_ACTION = 4;
54     public static final int TRIGGER_ACTION = 5;
55     public static final int ACTION_COUNT = 6;
56
57     private static final String JavaDoc YES_WITH_GRANT_OPTION = "Y";
58     private static final String JavaDoc YES_WITHOUT_GRANT_OPTION = "y";
59     private static final String JavaDoc NO = "N";
60
61     private static final String JavaDoc[][] actionString =
62     {{"s", "S"}, {"d", "D"}, {"i", "I"}, {"u", "U"}, {"r", "R"}, {"t", "T"}};
63
64     private TableDescriptor td;
65     private boolean[] actionAllowed;
66     private FormatableBitSet[] columnBitSets;
67     private List JavaDoc descriptorList;
68     
69     /**
70      * @param actionAllowed actionAllowed[action] is true if action is in the privilege set.
71      */
72     public TablePrivilegeInfo( TableDescriptor td,
73                                boolean[] actionAllowed,
74                                FormatableBitSet[] columnBitSets,
75                                List JavaDoc descriptorList)
76     {
77         this.actionAllowed = actionAllowed;
78         this.columnBitSets = columnBitSets;
79         this.td = td;
80         this.descriptorList = descriptorList;
81     }
82     
83     /**
84      * Determines whether a user is the owner of an object
85      * (table, function, or procedure). Note that the database
86      * creator can access database objects without needing to be
87      * their owner.
88      *
89      * @param user authorizationId of current user
90      * @param td table descriptor being checked against
91      * @param sd SchemaDescriptor
92      * @param dd DataDictionary
93      * @param lcc LanguageConnectionContext
94      * @param grant grant if true; revoke if false
95      *
96      * @exception StandardException if user does not own the object
97      */
98     protected void checkOwnership( String JavaDoc user,
99                                    TableDescriptor td,
100                                    SchemaDescriptor sd,
101                                    DataDictionary dd,
102                                    LanguageConnectionContext lcc,
103                                    boolean grant)
104         throws StandardException
105     {
106         super.checkOwnership(user, td, sd, dd);
107         
108         // additional check specific to this subclass
109 if (grant)
110         {
111             checkPrivileges(user, td, sd, dd, lcc);
112         }
113     }
114     
115     /**
116      * Determines if the privilege is grantable by this grantor
117      * for the given view.
118      *
119      * Note that the database owner can access database objects
120      * without needing to be their owner. This method should only
121      * be called if it is a GRANT.
122      *
123      * @param user authorizationId of current user
124      * @param td TableDescriptor to be checked against
125      * @param sd SchemaDescriptor
126      * @param dd DataDictionary
127      * @param lcc LanguageConnectionContext
128      *
129      * @exception StandardException if user does not have permission to grant
130      */
131     private void checkPrivileges( String JavaDoc user,
132                                    TableDescriptor td,
133                                    SchemaDescriptor sd,
134                                    DataDictionary dd,
135                                    LanguageConnectionContext lcc)
136         throws StandardException
137     {
138         if (user.equals(dd.getAuthorizationDatabaseOwner())) return;
139         
140         // check view specific
141 if (td.getTableType() == TableDescriptor.VIEW_TYPE)
142         {
143             if (descriptorList != null )
144             {
145                 TransactionController tc = lcc.getTransactionExecute();
146                 int siz = descriptorList.size();
147                 for (int i=0; i < siz; i++)
148                 {
149                     TupleDescriptor p;
150                     SchemaDescriptor s = null;
151
152                     p = (TupleDescriptor)descriptorList.get(i);
153                     if (p instanceof TableDescriptor)
154                     {
155                         TableDescriptor t = (TableDescriptor)p;
156                         s = t.getSchemaDescriptor();
157                     }
158                     else if (p instanceof ViewDescriptor)
159                     {
160                         ViewDescriptor v = (ViewDescriptor)p;
161                         s = dd.getSchemaDescriptor(v.getCompSchemaId(), tc);
162                     }
163                     else if (p instanceof AliasDescriptor)
164                     {
165                         AliasDescriptor a = (AliasDescriptor)p;
166                         s = dd.getSchemaDescriptor( a.getSchemaUUID(), tc);
167                     }
168                                 
169                     if (s != null && !user.equals(s.getAuthorizationId()) )
170                     {
171                         throw StandardException.newException(
172                                    SQLState.AUTH_NO_OBJECT_PERMISSION,
173                                    user,
174                                    "grant",
175                                    sd.getSchemaName(),
176                                    td.getName());
177                     }
178                                
179                     // FUTURE: if object is not own by grantor then check if
180 // the grantor have grant option.
181 }
182             }
183         }
184     }
185     
186     /**
187      * This is the guts of the Execution-time logic for GRANT/REVOKE of a table privilege
188      *
189      * @param activation
190      * @param grant true if grant, false if revoke
191      * @param grantees a list of authorization ids (strings)
192      *
193      * @exception StandardException Thrown on failure
194      */
195     public void executeGrantRevoke( Activation activation,
196                                     boolean grant,
197                                     List JavaDoc grantees)
198         throws StandardException
199     {
200         LanguageConnectionContext lcc = activation.getLanguageConnectionContext();
201         DataDictionary dd = lcc.getDataDictionary();
202         String JavaDoc currentUser = lcc.getAuthorizationId();
203         TransactionController tc = lcc.getTransactionExecute();
204         SchemaDescriptor sd = td.getSchemaDescriptor();
205         
206         // Check that the current user has permission to grant the privileges.
207 checkOwnership( currentUser, td, sd, dd, lcc, grant);
208         
209         DataDescriptorGenerator ddg = dd.getDataDescriptorGenerator();
210
211         TablePermsDescriptor tablePermsDesc =
212           ddg.newTablePermsDescriptor( td,
213                                        getPermString( SELECT_ACTION, false),
214                                        getPermString( DELETE_ACTION, false),
215                                        getPermString( INSERT_ACTION, false),
216                                        getPermString( UPDATE_ACTION, false),
217                                        getPermString( REFERENCES_ACTION, false),
218                                        getPermString( TRIGGER_ACTION, false),
219                                        currentUser);
220             
221         ColPermsDescriptor[] colPermsDescs = new ColPermsDescriptor[ columnBitSets.length];
222         for( int i = 0; i < columnBitSets.length; i++)
223         {
224             if( columnBitSets[i] != null ||
225                 // If it is a revoke and no column list is specified then revoke all column permissions.
226 // A null column bitSet in a ColPermsDescriptor indicates that all the column permissions
227 // should be removed.
228 (!grant) && hasColumnPermissions(i) && actionAllowed[i]
229                 )
230             {
231                 colPermsDescs[i] = ddg.newColPermsDescriptor( td,
232                                                               getActionString(i, false),
233                                                               columnBitSets[i],
234                                                               currentUser);
235             }
236         }
237
238
239         dd.startWriting(lcc);
240         // Add or remove the privileges to/from the SYS.SYSTABLEPERMS and SYS.SYSCOLPERMS tables
241 for( Iterator JavaDoc itr = grantees.iterator(); itr.hasNext();)
242         {
243             // Keep track to see if any privileges are revoked by a revoke
244 // statement. If a privilege is not revoked, we need to raise a
245 // warning. For table privileges, we do not check if privilege for
246 // a specific action has been revoked or not. Also, we do not check
247 // privileges for specific columns. If at least one privilege has
248 // been revoked, we do not raise a warning. This has to be refined
249 // further to check for specific actions/columns and raise warning
250 // if any privilege has not been revoked.
251 boolean privileges_revoked = false;
252                         
253             String JavaDoc grantee = (String JavaDoc) itr.next();
254             if( tablePermsDesc != null)
255             {
256                 if (dd.addRemovePermissionsDescriptor( grant, tablePermsDesc, grantee, tc))
257                 {
258                     privileges_revoked = true;
259                     dd.getDependencyManager().invalidateFor(tablePermsDesc, DependencyManager.REVOKE_PRIVILEGE, lcc);
260                 }
261             }
262             for( int i = 0; i < columnBitSets.length; i++)
263             {
264                 if( colPermsDescs[i] != null)
265                 {
266                     if (dd.addRemovePermissionsDescriptor( grant, colPermsDescs[i], grantee, tc))
267                     {
268                         privileges_revoked = true;
269                         dd.getDependencyManager().invalidateFor(colPermsDescs[i], DependencyManager.REVOKE_PRIVILEGE, lcc);
270                     }
271                 }
272             }
273             
274             addWarningIfPrivilegeNotRevoked(activation, grant, privileges_revoked, grantee);
275         }
276     } // end of executeConstantAction
277
278     private String JavaDoc getPermString( int action, boolean forGrantOption)
279     {
280         if( actionAllowed[ action] && columnBitSets[action] == null)
281             return forGrantOption ? YES_WITH_GRANT_OPTION : YES_WITHOUT_GRANT_OPTION;
282         else
283             return NO;
284     } // end of getPermString
285
286     private String JavaDoc getActionString( int action, boolean forGrantOption)
287     {
288         return actionString[action][forGrantOption ? 1 : 0];
289     }
290
291     private boolean hasColumnPermissions( int action)
292     {
293         return action == SELECT_ACTION || action == UPDATE_ACTION || action == REFERENCES_ACTION;
294     }
295 }
296
Popular Tags