Examples with DependencyManager org.apache.derby.iapi.sql.depend.DependencyManager used on opensource projects

Example 1 with DependencyManager

use of org.apache.derby.iapi.sql.depend.DependencyManager in project derby by apache.

the class SequenceDescriptor method drop.

/**
 * Drop this sequence descriptor. Only restricted drops allowed right now.
 *
 * @throws StandardException Could not be dropped.
 */
public void drop(LanguageConnectionContext lcc) throws StandardException {
    DataDictionary dd = getDataDictionary();
    DependencyManager dm = getDataDictionary().getDependencyManager();
    TransactionController tc = lcc.getTransactionExecute();
    // invalidate compiled statements which depend on this sequence
    dm.invalidateFor(this, DependencyManager.DROP_SEQUENCE, lcc);
    // drop the sequence
    dd.dropSequenceDescriptor(this, tc);
    // Clear the dependencies for the sequence
    dm.clearDependencies(lcc, this);
}

Example 2 with DependencyManager

use of org.apache.derby.iapi.sql.depend.DependencyManager in project derby by apache.

the class SequenceDescriptor method makeInvalid.

/**
 * Mark the dependent as invalid (due to at least one of
 * its dependencies being invalid).
 *
 * @param 	lcc the language connection context
 * @param	action	The action causing the invalidation
 *
 * @exception StandardException thrown if called in sanity mode
 */
public void makeInvalid(int action, LanguageConnectionContext lcc) throws StandardException {
    switch(action) {
        // invalidate this sequence descriptor
        case DependencyManager.USER_RECOMPILE_REQUEST:
            DependencyManager dm = getDataDictionary().getDependencyManager();
            dm.invalidateFor(this, DependencyManager.PREPARED_STATEMENT_RELEASE, lcc);
            break;
        default:
            break;
    }
}

Example 3 with DependencyManager

use of org.apache.derby.iapi.sql.depend.DependencyManager in project derby by apache.

the class StatementColumnPermission method check.

/**
 * @see StatementPermission#check
 */
public void check(LanguageConnectionContext lcc, boolean forGrant, Activation activation) throws StandardException {
    DataDictionary dd = lcc.getDataDictionary();
    ExecPreparedStatement ps = activation.getPreparedStatement();
    if (hasPermissionOnTable(lcc, activation, forGrant, ps)) {
        return;
    }
    String currentUserId = lcc.getCurrentUserId(activation);
    FormatableBitSet permittedColumns = null;
    if (!forGrant) {
        permittedColumns = addPermittedColumns(dd, false, /* non-grantable permissions */
        Authorizer.PUBLIC_AUTHORIZATION_ID, permittedColumns);
        permittedColumns = addPermittedColumns(dd, false, /* non-grantable permissions */
        currentUserId, permittedColumns);
    }
    permittedColumns = addPermittedColumns(dd, true, /* grantable permissions */
    Authorizer.PUBLIC_AUTHORIZATION_ID, permittedColumns);
    permittedColumns = addPermittedColumns(dd, true, /* grantable permissions */
    currentUserId, permittedColumns);
    // select t1.c1 from t1, t2
    if (privType == Authorizer.MIN_SELECT_PRIV && permittedColumns != null)
        return;
    FormatableBitSet unresolvedColumns = (FormatableBitSet) columns.clone();
    for (int i = unresolvedColumns.anySetBit(); i >= 0; i = unresolvedColumns.anySetBit(i)) {
        if (permittedColumns != null && permittedColumns.get(i)) {
            // column i (zero-based here) accounted for:
            unresolvedColumns.clear(i);
        }
    }
    if (unresolvedColumns.anySetBit() < 0) {
        // all ok
        return;
    }
    // If columns are still unauthorized, look to role closure for
    // resolution.
    String role = lcc.getCurrentRoleId(activation);
    RoleGrantDescriptor rd = null;
    if (role != null) {
        // Check that role is still granted to current user or
        // to PUBLIC: A revoked role which is current for this
        // session, is lazily set to none when it is attempted
        // used.
        String dbo = dd.getAuthorizationDatabaseOwner();
        rd = dd.getRoleGrantDescriptor(role, currentUserId, dbo);
        if (rd == null) {
            rd = dd.getRoleGrantDescriptor(role, Authorizer.PUBLIC_AUTHORIZATION_ID, dbo);
        }
        if (rd == null) {
            // we have lost the right to set this role, so we can't
            // make use of any permission granted to it or its ancestors.
            lcc.setCurrentRole(activation, null);
        } else {
            // The current role is OK, so we can make use of
            // any permission granted to it.
            // 
            // Look at the current role and, if necessary, the transitive
            // closure of roles granted to current role to see if
            // permission has been granted to any of the applicable roles.
            RoleClosureIterator rci = dd.createRoleClosureIterator(activation.getTransactionController(), role, true);
            String r;
            while (unresolvedColumns.anySetBit() >= 0 && (r = rci.next()) != null) {
                // The user does not have needed privilege directly
                // granted to it, so let's see if he has that privilege
                // available to him/her through his roles.
                permittedColumns = tryRole(lcc, dd, forGrant, r);
                // select t1.c1 from t1, t2
                if (privType == Authorizer.MIN_SELECT_PRIV && permittedColumns != null) {
                    DependencyManager dm = dd.getDependencyManager();
                    RoleGrantDescriptor rgd = dd.getRoleDefinitionDescriptor(role);
                    ContextManager cm = lcc.getContextManager();
                    dm.addDependency(ps, rgd, cm);
                    dm.addDependency(activation, rgd, cm);
                    return;
                }
                // we will quit out of this while loop
                for (int i = unresolvedColumns.anySetBit(); i >= 0; i = unresolvedColumns.anySetBit(i)) {
                    if (permittedColumns != null && permittedColumns.get(i)) {
                        unresolvedColumns.clear(i);
                    }
                }
            }
        }
    }
    TableDescriptor td = getTableDescriptor(dd);
    // privilege on the table or any column in the table
    if (privType == Authorizer.MIN_SELECT_PRIV)
        throw StandardException.newException(forGrant ? SQLState.AUTH_NO_TABLE_PERMISSION_FOR_GRANT : SQLState.AUTH_NO_TABLE_PERMISSION, currentUserId, getPrivName(), td.getSchemaName(), td.getName());
    int remains = unresolvedColumns.anySetBit();
    if (remains >= 0) {
        // No permission on this column.
        ColumnDescriptor cd = td.getColumnDescriptor(remains + 1);
        if (cd == null) {
            throw StandardException.newException(SQLState.AUTH_INTERNAL_BAD_UUID, "column");
        } else {
            throw StandardException.newException((forGrant ? SQLState.AUTH_NO_COLUMN_PERMISSION_FOR_GRANT : SQLState.AUTH_NO_COLUMN_PERMISSION), currentUserId, getPrivName(), cd.getColumnName(), td.getSchemaName(), td.getName());
        }
    } else {
        // We found and successfully applied a role to resolve the
        // (remaining) required permissions.
        // 
        // Also add a dependency on the role (qua provider), so
        // that if role is no longer available to the current
        // user (e.g. grant is revoked, role is dropped,
        // another role has been set), we are able to
        // invalidate the ps or activation (the latter is used
        // if the current role changes).
        DependencyManager dm = dd.getDependencyManager();
        RoleGrantDescriptor rgd = dd.getRoleDefinitionDescriptor(role);
        ContextManager cm = lcc.getContextManager();
        dm.addDependency(ps, rgd, cm);
        dm.addDependency(activation, rgd, cm);
    }
}

Example 4 with DependencyManager

use of org.apache.derby.iapi.sql.depend.DependencyManager in project derby by apache.

the class StatementPermission method genericCheck.

/**
 * Generic logic called by check() for USAGE and EXECUTE privileges. Throws
 * an exception if the correct permission cannot be found.
 */
public void genericCheck(LanguageConnectionContext lcc, boolean forGrant, Activation activation, String privilegeType) throws StandardException {
    DataDictionary dd = lcc.getDataDictionary();
    TransactionController tc = lcc.getTransactionExecute();
    ExecPreparedStatement ps = activation.getPreparedStatement();
    PermissionsDescriptor perm = getPermissionDescriptor(lcc.getCurrentUserId(activation), dd);
    if (!isCorrectPermission(perm)) {
        perm = getPermissionDescriptor(Authorizer.PUBLIC_AUTHORIZATION_ID, dd);
    }
    // if the user has the correct permission, we're done
    if (isCorrectPermission(perm)) {
        return;
    }
    boolean resolved = false;
    // Since no permission exists for the current user or PUBLIC,
    // check if a permission exists for the current role (if set).
    String role = lcc.getCurrentRoleId(activation);
    if (role != null) {
        // Check that role is still granted to current user or
        // to PUBLIC: A revoked role which is current for this
        // session, is lazily set to none when it is attemped
        // used.
        String dbo = dd.getAuthorizationDatabaseOwner();
        RoleGrantDescriptor rd = dd.getRoleGrantDescriptor(role, lcc.getCurrentUserId(activation), dbo);
        if (rd == null) {
            rd = dd.getRoleGrantDescriptor(role, Authorizer.PUBLIC_AUTHORIZATION_ID, dbo);
        }
        if (rd == null) {
            // We have lost the right to set this role, so we can't
            // make use of any permission granted to it or its
            // ancestors.
            lcc.setCurrentRole(activation, null);
        } else {
            // The current role is OK, so we can make use of
            // any permission granted to it.
            // 
            // Look at the current role and, if necessary, the
            // transitive closure of roles granted to current role to
            // see if permission has been granted to any of the
            // applicable roles.
            RoleClosureIterator rci = dd.createRoleClosureIterator(activation.getTransactionController(), role, true);
            String r;
            while (!resolved && (r = rci.next()) != null) {
                perm = getPermissionDescriptor(r, dd);
                if (isCorrectPermission(perm)) {
                    resolved = true;
                }
            }
        }
        if (resolved) {
            // Also add a dependency on the role (qua provider), so that if
            // role is no longer available to the current user (e.g. grant
            // is revoked, role is dropped, another role has been set), we
            // are able to invalidate the ps or activation (the latter is
            // used if the current role changes).
            DependencyManager dm = dd.getDependencyManager();
            RoleGrantDescriptor rgd = dd.getRoleDefinitionDescriptor(role);
            ContextManager cm = lcc.getContextManager();
            dm.addDependency(ps, rgd, cm);
            dm.addDependency(activation, rgd, cm);
        }
    }
    if (!resolved) {
        PrivilegedSQLObject pso = getPrivilegedObject(dd);
        if (pso == null) {
            throw StandardException.newException(SQLState.AUTH_INTERNAL_BAD_UUID, getObjectType());
        }
        SchemaDescriptor sd = pso.getSchemaDescriptor();
        if (sd == null) {
            throw StandardException.newException(SQLState.AUTH_INTERNAL_BAD_UUID, "SCHEMA");
        }
        throw StandardException.newException((forGrant ? SQLState.AUTH_NO_GENERIC_PERMISSION_FOR_GRANT : SQLState.AUTH_NO_GENERIC_PERMISSION), lcc.getCurrentUserId(activation), privilegeType, getObjectType(), sd.getSchemaName(), pso.getName());
    }
}

Example 5 with DependencyManager

use of org.apache.derby.iapi.sql.depend.DependencyManager in project derby by apache.

the class SPSDescriptor method makeInvalid.

/**
 * Mark the dependent as invalid (due to at least one of
 * its dependencies being invalid).
 *
 * @param	action	The action causing the invalidation
 *
 * @exception StandardException thrown if unable to make it invalid
 */
public final synchronized void makeInvalid(int action, LanguageConnectionContext lcc) throws StandardException {
    DependencyManager dm;
    dm = getDataDictionary().getDependencyManager();
    switch(action) {
        /*
			** Some things that don't affect stored prepared
	 		** statements.
			*/
        case DependencyManager.PREPARED_STATEMENT_RELEASE:
        case DependencyManager.CREATE_VIEW:
            break;
        /*
		 	** Things that can invalidate a stored
			** prepared statement.
			*/
        case DependencyManager.CREATE_INDEX:
        case DependencyManager.CREATE_CONSTRAINT:
        case DependencyManager.DROP_CONSTRAINT:
        case DependencyManager.DROP_TABLE:
        case DependencyManager.DROP_INDEX:
        case DependencyManager.DROP_VIEW:
        case DependencyManager.DROP_METHOD_ALIAS:
        case DependencyManager.DROP_SYNONYM:
        case DependencyManager.ALTER_TABLE:
        case DependencyManager.RENAME:
        case DependencyManager.RENAME_INDEX:
        case DependencyManager.USER_RECOMPILE_REQUEST:
        case DependencyManager.CHANGED_CURSOR:
        case DependencyManager.BULK_INSERT:
        case DependencyManager.COMPRESS_TABLE:
        case DependencyManager.SET_CONSTRAINTS_ENABLE:
        case DependencyManager.SET_CONSTRAINTS_DISABLE:
        case DependencyManager.SET_TRIGGERS_ENABLE:
        case DependencyManager.SET_TRIGGERS_DISABLE:
        case DependencyManager.ROLLBACK:
        case DependencyManager.INTERNAL_RECOMPILE_REQUEST:
        case DependencyManager.CREATE_TRIGGER:
        case DependencyManager.DROP_TRIGGER:
        case DependencyManager.DROP_COLUMN:
        case DependencyManager.DROP_COLUMN_RESTRICT:
        case DependencyManager.UPDATE_STATISTICS:
        case DependencyManager.DROP_STATISTICS:
        case DependencyManager.TRUNCATE_TABLE:
            /*
				** If we are already invalid, don't write ourselves
				** out.  Just to be safe, we'll send out an invalidate
				** to our dependents either way.
				*/
            if (valid == true) {
                valid = false;
                preparedStatement = null;
                updateSYSSTATEMENTS(lcc, INVALIDATE, null);
            }
            dm.invalidateFor(this, DependencyManager.USER_RECOMPILE_REQUEST, lcc);
            break;
        case DependencyManager.DROP_SPS:
            // System.out.println("SPSD " + preparedStatement);
            dm.clearDependencies(lcc, this);
            break;
        default:
            /* 
				** We should never get here, since we can't have dangling references 
				*/
            if (SanityManager.DEBUG) {
                SanityManager.THROWASSERT("makeInvalid(" + dm.getActionString(action) + ") not expected to get called; should have failed in " + "prepareToInvalidate()");
            }
            break;
    }
}