use of org.apache.derby.iapi.sql.conn.LanguageConnectionContext in project derby by apache.
the class CurrentOfResultSet method getCursor.
//
// class implementation
//
/**
* Because the positioned operation only gets one location
* per execution, and the cursor could be completely different
* for each execution (closed and reopened, perhaps), we
* determine where caching the cursor could be applied.
* <p>
* When cached, we check if the cursor was closed'd,
* and if so, throw it out and
* see if there's one in the cache with our name.
*/
private void getCursor() throws StandardException {
// need to look again if cursor was closed
if (cursor != null) {
if (cursor.isClosed()) {
cursor = null;
target = null;
}
}
if (cursor == null) {
LanguageConnectionContext lcc = getLanguageConnectionContext();
CursorActivation cursorActivation = lcc.lookupCursorActivation(cursorName);
if (cursorActivation != null) {
cursor = cursorActivation.getCursorResultSet();
target = cursorActivation.getTargetResultSet();
/* beetle 3865: updateable cursor using index. 2 way communication between
* update activation and cursor activation. Cursor passes index scan to
* update and update passes heap conglom controller to cursor.
*/
activation.setForUpdateIndexScan(cursorActivation.getForUpdateIndexScan());
if (cursorActivation.getHeapConglomerateController() != null)
cursorActivation.getHeapConglomerateController().close();
cursorActivation.setHeapConglomerateController(activation.getHeapConglomerateController());
}
}
if (cursor == null || cursor.isClosed()) {
throw StandardException.newException(SQLState.LANG_CURSOR_NOT_FOUND, cursorName);
}
}
use of org.apache.derby.iapi.sql.conn.LanguageConnectionContext in project derby by apache.
the class DDLConstantAction method findRoleUsage.
/**
* We have determined that the statement permission described by statPerm
* is not granted to the current user nor to PUBLIC, so it must be granted
* to the current role or one of the roles inherited by the current
* role. Find the relevant permission descriptor and return it.
*
* @return the permission descriptor that yielded the privilege
*/
private static PermissionsDescriptor findRoleUsage(Activation activation, StatementPermission statPerm) throws StandardException {
LanguageConnectionContext lcc = activation.getLanguageConnectionContext();
DataDictionary dd = lcc.getDataDictionary();
String role = lcc.getCurrentRoleId(activation);
PermissionsDescriptor permDesc = null;
if (SanityManager.DEBUG) {
SanityManager.ASSERT(role != null, "Unexpected: current role is not set");
}
// If not found in current role, get transitive
// closure of roles granted to current role and
// iterate over it to see if permission has
// been granted to any of the roles the current
// role inherits.
RoleClosureIterator rci = dd.createRoleClosureIterator(activation.getTransactionController(), role, true);
String graphGrant;
while (permDesc == null && (graphGrant = rci.next()) != null) {
permDesc = statPerm.getPermissionDescriptor(graphGrant, dd);
}
if (SanityManager.DEBUG) {
SanityManager.ASSERT(permDesc != null, "Unexpected: Permission needs to be found via role");
}
return permDesc;
}
use of org.apache.derby.iapi.sql.conn.LanguageConnectionContext in project derby by apache.
the class DDLConstantAction method storeConstraintDependenciesOnPrivileges.
/**
* This method saves dependencies of constraints on privileges in the
* dependency system. It gets called by CreateConstraintConstantAction.
* Views and triggers and constraints run with definer's privileges. If
* one of the required privileges is revoked from the definer, the
* dependent view/trigger/constraint on that privilege will be dropped
* automatically. In order to implement this behavior, we need to save
* view/trigger/constraint dependencies on required privileges in the
* dependency system. Following method accomplishes that part of the
* equation for constraints only. The dependency collection for
* constraints is not same as for views and triggers and hence
* constraints are handled by this special method.
*
* Views and triggers can depend on many different kind of privileges
* where as constraints only depend on REFERENCES privilege on a table
* (FOREIGN KEY constraints) or EXECUTE privileges on one or more
* functions (CHECK constraints).
*
* Another difference is only one view or trigger can be defined by a
* sql statement and hence all the dependencies collected for the sql
* statement apply to the view or trigger in question. As for constraints,
* one sql statement can defined multiple constraints and hence the
* all the privileges required by the statement are not necessarily
* required by all the constraints defined by that sql statement. We need
* to identify right privileges for right constraints for a given sql
* statement. Because of these differences between constraints and views
* (and triggers), there are 2 different methods in this class to save
* their privileges in the dependency system.
*
* For each required privilege, we now register a dependency on a role if
* that role was required to find an applicable privilege.
*
* @param activation The execution environment for this constant action.
* @param dependent Make this object depend on required privileges
* @param refTableUUID Make sure we are looking for REFERENCES privilege
* for right table
* @param providers set of providers for this constraint
* @exception StandardException Thrown on failure
*/
protected void storeConstraintDependenciesOnPrivileges(Activation activation, Dependent dependent, UUID refTableUUID, ProviderInfo[] providers) throws StandardException {
LanguageConnectionContext lcc = activation.getLanguageConnectionContext();
DataDictionary dd = lcc.getDataDictionary();
DependencyManager dm = dd.getDependencyManager();
String currentUser = lcc.getCurrentUserId(activation);
SettableBoolean roleDepAdded = new SettableBoolean();
// access any objects without any restrictions
if (!currentUser.equals(dd.getAuthorizationDatabaseOwner())) {
PermissionsDescriptor permDesc;
// Now, it is time to add into dependency system the FOREIGN
// constraint's dependency on REFERENCES privilege, or, if it is a
// CHECK constraint, any EXECUTE or USAGE privileges. If the REFERENCES is
// revoked from the constraint owner, the constraint will get
// dropped automatically.
List<StatementPermission> requiredPermissionsList = activation.getPreparedStatement().getRequiredPermissionsList();
if (requiredPermissionsList != null && !requiredPermissionsList.isEmpty()) {
for (StatementPermission statPerm : requiredPermissionsList) {
// are not required for a foreign key constraint.
if (statPerm instanceof StatementTablePermission) {
// It is a table/column level privilege
StatementTablePermission statementTablePermission = (StatementTablePermission) statPerm;
// required privileges list
if (statementTablePermission.getPrivType() != Authorizer.REFERENCES_PRIV)
continue;
// privilege in the required privileges list
if (!statementTablePermission.getTableUUID().equals(refTableUUID))
continue;
} else if (statPerm instanceof StatementSchemaPermission || statPerm instanceof StatementRolePermission || statPerm instanceof StatementGenericPermission) {
continue;
} else {
if (SanityManager.DEBUG) {
SanityManager.ASSERT(statPerm instanceof StatementRoutinePermission, "only StatementRoutinePermission expected");
}
// skip if this permission concerns a function not
// referenced by this constraint
StatementRoutinePermission rp = (StatementRoutinePermission) statPerm;
if (!inProviderSet(providers, rp.getRoutineUUID())) {
continue;
}
}
// We know that we are working with a REFERENCES, EXECUTE, or USAGE
// privilege. Find all the PermissionDescriptors for this
// privilege and make constraint depend on it through
// dependency manager. The REFERENCES privilege could be
// defined at the table level or it could be defined at
// individual column levels. In addition, individual column
// REFERENCES privilege could be available at the user
// level, PUBLIC or role level. EXECUTE and USAGE privileges could be
// available at the user level, PUBLIC or role level.
permDesc = statPerm.getPermissionDescriptor(currentUser, dd);
if (permDesc == null) {
// No privilege exists for given user. The privilege
// has to exist at at PUBLIC level....
permDesc = statPerm.getPermissionDescriptor(Authorizer.PUBLIC_AUTHORIZATION_ID, dd);
// .... or at the role level. Additionally, for column
// level privileges, even if *some* were available at
// the PUBLIC level others may be still be missing,
// hence the call in the test below to
// allColumnsCoveredByUserOrPUBLIC.
boolean roleUsed = false;
if (permDesc == null || ((permDesc instanceof ColPermsDescriptor) && !((StatementColumnPermission) statPerm).allColumnsCoveredByUserOrPUBLIC(currentUser, dd))) {
roleUsed = true;
permDesc = findRoleUsage(activation, statPerm);
}
// for the owner.
if (!permDesc.checkOwner(currentUser)) {
dm.addDependency(dependent, permDesc, lcc.getContextManager());
if (roleUsed) {
// We had to rely on role, so track that
// dependency, too.
trackRoleDependency(activation, dependent, roleDepAdded);
}
}
} else // object's privilege dependency in the dependency system
if (!permDesc.checkOwner(currentUser)) {
dm.addDependency(dependent, permDesc, lcc.getContextManager());
if (permDesc instanceof ColPermsDescriptor) {
// The if statement above means we found a
// REFERENCES privilege at column level for the
// given authorizer. If this privilege doesn't
// cover all the column , then there has to exisit
// REFERENCES for the remaining columns at PUBLIC
// level or at role level. Get that permission
// descriptor and save it in dependency system
StatementColumnPermission statementColumnPermission = (StatementColumnPermission) statPerm;
permDesc = statementColumnPermission.getPUBLIClevelColPermsDescriptor(currentUser, dd);
// into the dependency system
if (permDesc != null && permDesc.getObjectID() != null) {
// User did not have all required column
// permissions and at least one column is
// covered by PUBLIC.
dm.addDependency(dependent, permDesc, lcc.getContextManager());
}
// upon.
if (!statementColumnPermission.allColumnsCoveredByUserOrPUBLIC(currentUser, dd)) {
// Role has been relied upon, so register a
// dependency.
trackRoleDependency(activation, dependent, roleDepAdded);
}
}
}
if (!(statPerm instanceof StatementRoutinePermission)) {
// for this sql statement.
break;
} else {
// For EXECUTE privilege there may be several functions
// referenced in the constraint, so continue looking.
}
}
}
}
}
use of org.apache.derby.iapi.sql.conn.LanguageConnectionContext in project derby by apache.
the class DDLConstantAction method trackRoleDependency.
/**
* The statement permission needed for dependent has been found to rely on
* the current role. If not already done, register the dependency so that
* if the current role (or any of the roles it inherits) is revoked (or
* dropped), we can invalidate dependent.
*
* @param activation the current activation
* @param dependent the view, constraint or trigger that is dependent on the
* current role for some privilege.
* @param roleDepAdded keeps track of whether a dependency on the
* current role has already been registered.
*/
private static void trackRoleDependency(Activation activation, Dependent dependent, SettableBoolean roleDepAdded) throws StandardException {
// fails for triggers at least).
if (!roleDepAdded.get()) {
LanguageConnectionContext lcc = activation.getLanguageConnectionContext();
DataDictionary dd = lcc.getDataDictionary();
DependencyManager dm = dd.getDependencyManager();
String role = lcc.getCurrentRoleId(activation);
RoleGrantDescriptor rgd = dd.getRoleDefinitionDescriptor(role);
dm.addDependency(dependent, rgd, lcc.getContextManager());
roleDepAdded.set(true);
}
}
use of org.apache.derby.iapi.sql.conn.LanguageConnectionContext in project derby by apache.
the class DDLSingleTableConstantAction method executeConglomReplacement.
/**
* Execute the received ConstantAction, which will create a
* new physical conglomerate (or find an existing physical
* conglomerate that is "sharable") to replace some dropped
* physical conglomerate. Then find any conglomerate descriptors
* which still reference the dropped physical conglomerate and
* update them all to have a conglomerate number that points
* to the conglomerate created by the ConstantAction.
*
* This method is called as part of DROP processing to handle
* cases where a physical conglomerate that was shared by
* multiple descriptors is dropped--in which case a new physical
* conglomerate must be created to support the remaining
* descriptors.
*
* @param replaceConglom Constant action which, when executed,
* will either create a new conglomerate or find an existing
* one that satisfies the ConstantAction's requirements.
* @param activation Activation used when creating the conglom
*/
void executeConglomReplacement(ConstantAction replaceConglom, Activation activation) throws StandardException {
CreateIndexConstantAction replaceConglomAction = (CreateIndexConstantAction) replaceConglom;
LanguageConnectionContext lcc = activation.getLanguageConnectionContext();
DataDictionary dd = lcc.getDataDictionary();
// Create the new (replacment) backing conglomerate...
replaceConglomAction.executeConstantAction(activation);
/* Find all conglomerate descriptors that referenced the
* old backing conglomerate and update them to have the
* conglomerate number for the new backing conglomerate.
*/
ConglomerateDescriptor[] congDescs = dd.getConglomerateDescriptors(replaceConglomAction.getReplacedConglomNumber());
if (SanityManager.DEBUG) {
/* There should be at least one descriptor requiring
* an updated conglomerate number--namely, the one
* corresponding to "srcCD" for which the constant
* action was created (see getConglomReplacementAction()
* above). There may be others, as well.
*/
if (congDescs.length < 1) {
SanityManager.THROWASSERT("Should have found at least one conglomerate " + "descriptor that needs an updated conglomerate " + "number (due to a dropped index), but only " + "found " + congDescs.length);
}
}
dd.updateConglomerateDescriptor(congDescs, replaceConglomAction.getCreatedConglomNumber(), lcc.getTransactionExecute());
return;
}
Aggregations