1 30 31 32 package org.hsqldb; 33 34 import org.hsqldb.lib.HashMappedList; 35 import org.hsqldb.lib.HashSet; 36 import org.hsqldb.lib.HsqlArrayList; 37 import org.hsqldb.lib.IntKeyHashMap; 38 import org.hsqldb.lib.IntValueHashMap; 39 import org.hsqldb.lib.Iterator; 40 import org.hsqldb.lib.StringUtil; 41 import org.hsqldb.lib.Collection; 42 import org.hsqldb.lib.Set; 43 44 57 class GranteeManager implements GrantConstants { 58 59 63 static final String SYSTEM_AUTHORIZATION_NAME = "_SYSTEM"; 64 65 66 static final String DBA_ADMIN_ROLE_NAME = "DBA"; 67 68 69 static final String PUBLIC_ROLE_NAME = "PUBLIC"; 70 71 80 static final String [] emptyRightsList = new String [0]; 81 82 90 static final IntKeyHashMap hRightsLists = new IntKeyHashMap(); 91 92 96 103 104 108 private HashMappedList map = new HashMappedList(); 109 110 114 private HashMappedList roleMap = new HashMappedList(); 115 116 126 public GranteeManager(Database inDatabase) throws HsqlException { 127 addRole(GranteeManager.DBA_ADMIN_ROLE_NAME); 128 getRole(GranteeManager.DBA_ADMIN_ROLE_NAME).setAdminDirect(); 129 } 130 131 static final IntValueHashMap rightsStringLookup = new IntValueHashMap(7); 132 133 static { 134 rightsStringLookup.put(S_R_ALL, ALL); 135 rightsStringLookup.put(S_R_SELECT, SELECT); 136 rightsStringLookup.put(S_R_UPDATE, UPDATE); 137 rightsStringLookup.put(S_R_DELETE, DELETE); 138 rightsStringLookup.put(S_R_INSERT, INSERT); 139 } 140 141 158 void grant(String name, Object dbobject, 159 int rights) throws HsqlException { 160 161 Grantee g = get(name); 162 163 if (g == null) { 164 throw Trace.error(Trace.NO_SUCH_GRANTEE, name); 165 } 166 167 if (isImmutable(name)) { 168 throw Trace.error(Trace.NONMOD_GRANTEE, name); 169 } 170 171 g.grant(dbobject, rights); 172 g.updateAllRights(); 173 174 if (g.isRole) { 175 updateAllRights(g); 176 } 177 } 178 179 182 void grant(String name, String role) throws HsqlException { 183 184 Grantee grantee = get(name); 185 186 if (grantee == null) { 187 throw Trace.error(Trace.NO_SUCH_GRANTEE, name); 188 } 189 190 if (isImmutable(name)) { 191 throw Trace.error(Trace.NONMOD_GRANTEE, name); 192 } 193 194 Grantee r = get(role); 195 196 if (r == null) { 197 throw Trace.error(Trace.NO_SUCH_ROLE, role); 198 } 199 200 if (role.equals(name)) { 201 throw Trace.error(Trace.CIRCULAR_GRANT, name); 202 } 203 204 if (r.hasRole(name)) { 208 209 throw Trace.error(Trace.CIRCULAR_GRANT, 212 Trace.getMessage(Trace.ALREADY_HAVE_ROLE) 213 + " GRANT " + name + " TO " + role); 214 } 215 216 if (grantee.getDirectRoles().contains(role)) { 217 throw Trace.error(Trace.ALREADY_HAVE_ROLE, role); 218 } 219 220 grantee.grant(role); 221 grantee.updateAllRights(); 222 223 if (grantee.isRole) { 224 updateAllRights(grantee); 225 } 226 } 227 228 231 void revoke(String name, String role) throws HsqlException { 232 233 Grantee g = get(name); 234 235 if (g == null) { 236 throw Trace.error(Trace.NO_SUCH_GRANTEE, name); 237 } 238 239 g.revoke(role); 240 g.updateAllRights(); 241 242 if (g.isRole) { 243 updateAllRights(g); 244 } 245 } 246 247 254 void revoke(String name, Object dbobject, 255 int rights) throws HsqlException { 256 257 Grantee g = get(name); 258 259 g.revoke(dbobject, rights); 260 g.updateAllRights(); 261 262 if (g.isRole) { 263 updateAllRights(g); 264 } 265 } 266 267 270 void removeEmptyRole(Grantee role) { 271 272 String name = role.getName(); 273 274 for (int i = 0; i < map.size(); i++) { 275 Grantee grantee = (Grantee) map.get(i); 276 277 grantee.roles.remove(name); 278 } 279 } 280 281 285 void removeDbObject(Object dbobject) { 286 287 for (int i = 0; i < map.size(); i++) { 288 Grantee g = (Grantee) map.get(i); 289 290 g.revokeDbObject(dbobject); 291 } 292 } 293 294 298 void updateAllRights(Grantee role) { 299 300 String name = role.getName(); 301 302 for (int i = 0; i < map.size(); i++) { 303 Grantee grantee = (Grantee) map.get(i); 304 305 if (grantee.isRole) { 306 grantee.updateNestedRoles(name); 307 } 308 } 309 310 for (int i = 0; i < map.size(); i++) { 311 Grantee grantee = (Grantee) map.get(i); 312 313 if (!grantee.isRole) { 314 grantee.updateAllRights(); 315 } 316 } 317 } 318 319 321 public boolean removeGrantee(String name) { 322 323 326 if (isReserved(name)) { 327 return false; 328 } 329 330 Grantee g = (Grantee) map.remove(name); 331 332 if (g == null) { 333 return false; 334 } 335 336 g.clearPrivileges(); 337 updateAllRights(g); 338 339 if (g.isRole) { 340 roleMap.remove(name); 341 removeEmptyRole(g); 342 } 343 344 return true; 345 } 346 347 354 public Grantee addGrantee(String name) throws HsqlException { 355 356 if (map.containsKey(name)) { 357 throw Trace.error(Trace.GRANTEE_ALREADY_EXISTS, name); 358 } 359 360 Grantee pubGrantee = null; 361 362 if (!isReserved(name)) { 363 pubGrantee = get(PUBLIC_ROLE_NAME); 364 365 if (pubGrantee == null) { 366 Trace.doAssert( 367 false, Trace.getMessage(Trace.MISSING_PUBLIC_GRANTEE)); 368 } 369 } 370 371 Grantee g = new Grantee(name, pubGrantee, this); 372 373 map.put(name, g); 374 375 return g; 376 } 377 378 383 boolean isGrantee(String name) { 384 return (map.containsKey(name)); 385 } 386 387 static int getCheckRight(String right) throws HsqlException { 388 389 int r = getRight(right); 390 391 if (r != 0) { 392 return r; 393 } 394 395 throw Trace.error(Trace.NO_SUCH_RIGHT, right); 396 } 397 398 401 static int getRight(String right) { 402 return rightsStringLookup.get(right, 0); 403 } 404 405 409 static String getRightsList(int rights) { 410 411 if (rights == 0) { 413 return null; 414 } 415 416 if (rights == ALL) { 417 return S_R_ALL; 418 } 419 420 return StringUtil.getList(getRightsArray(rights), ",", ""); 421 } 422 423 435 static String [] getRightsArray(int rights) { 436 437 if (rights == 0) { 438 return emptyRightsList; 439 } 440 441 String [] list = (String []) hRightsLists.get(rights); 442 443 if (list != null) { 444 return list; 445 } 446 447 list = getRightsArraySub(rights); 448 449 hRightsLists.put(rights, list); 450 451 return list; 452 } 453 454 private static String [] getRightsArraySub(int right) { 455 456 if (right == 0) { 458 return emptyRightsList; 459 } 460 461 HsqlArrayList a = new HsqlArrayList(); 462 Iterator it = rightsStringLookup.keySet().iterator(); 463 464 for (; it.hasNext(); ) { 465 String rightString = (String ) it.next(); 466 467 if (rightString.equals(S_R_ALL)) { 468 continue; 469 } 470 471 int i = rightsStringLookup.get(rightString, 0); 472 473 if ((right & i) != 0) { 474 a.add(rightString); 475 } 476 } 477 478 return (String []) a.toArray(new String [a.size()]); 479 } 480 481 490 HashSet getGrantedClassNames() throws HsqlException { 491 492 int size; 493 Grantee grantee; 494 HashSet out; 495 Iterator e; 496 497 size = map.size(); 498 out = new HashSet(); 499 500 for (int i = 0; i < size; i++) { 501 grantee = (Grantee) map.get(i); 502 503 if (grantee == null) { 504 continue; 505 } 506 507 e = grantee.getGrantedClassNames(false).iterator(); 508 509 while (e.hasNext()) { 510 out.add(e.next()); 511 } 512 } 513 514 return out; 515 } 516 517 public Grantee get(String name) { 518 return (Grantee) map.get(name); 519 } 520 521 public Collection getGrantees() { 522 return map.values(); 523 } 524 525 public static boolean validRightString(String rightString) { 526 return getRight(rightString) != 0; 527 } 528 529 public static boolean isImmutable(String name) { 530 return name.equals(SYSTEM_AUTHORIZATION_NAME) 531 || name.equals(DBA_ADMIN_ROLE_NAME); 532 } 533 534 public static boolean isReserved(String name) { 535 536 return name.equals(SYSTEM_AUTHORIZATION_NAME) 537 || name.equals(DBA_ADMIN_ROLE_NAME) 538 || name.equals(PUBLIC_ROLE_NAME); 539 } 540 541 560 String addRole(String name) throws HsqlException { 561 562 568 if (name == null) { 569 Trace.doAssert(false, Trace.getMessage(Trace.NULL_NAME)); 570 } 571 572 Grantee g = null; 573 574 if (GranteeManager.validRightString(name)) { 575 throw Trace.error(Trace.ILLEGAL_ROLE_NAME, name); 576 } 577 578 g = addGrantee(name); 579 g.isRole = true; 580 581 boolean result = roleMap.add(name, g); 582 583 if (!result) { 584 throw Trace.error(Trace.ROLE_ALREADY_EXISTS, name); 585 } 586 587 return name; 591 } 592 593 612 void dropRole(String name) throws HsqlException { 613 614 if (name.equals(GranteeManager.DBA_ADMIN_ROLE_NAME)) { 615 throw Trace.error(Trace.ACCESS_IS_DENIED); 616 } 617 618 if (!isRole(name)) { 619 throw Trace.error(Trace.NO_SUCH_ROLE, name); 620 } 621 622 removeGrantee(name); 623 roleMap.remove(name); 624 } 625 626 public Set getRoleNames() { 627 return roleMap.keySet(); 628 } 629 630 633 Grantee getRole(String name) throws HsqlException { 634 635 if (!isRole(name)) { 636 Trace.doAssert(false, "No role '" + name + "'"); 637 } 638 639 Grantee g = (Grantee) roleMap.get(name); 640 641 if (g == null) { 642 throw Trace.error(Trace.MISSING_GRANTEE, name); 643 } 644 645 return g; 646 } 647 648 boolean isRole(String name) throws HsqlException { 649 return roleMap.containsKey(name); 650 } 651 } 652 | Popular Tags |