Examples with ColPermsDescriptor org.apache.derby.iapi.sql.dictionary.ColPermsDescriptor used on opensource projects

Example 6 with ColPermsDescriptor

use of org.apache.derby.iapi.sql.dictionary.ColPermsDescriptor in project derby by apache.

the class TablePrivilegeInfo method executeGrantRevoke.

/**
 *	This is the guts of the Execution-time logic for GRANT/REVOKE of a table privilege
 *
 * @param activation
 * @param grant true if grant, false if revoke
 * @param grantees a list of authorization ids (strings)
 *
 * @exception StandardException		Thrown on failure
 */
public void executeGrantRevoke(Activation activation, boolean grant, List grantees) throws StandardException {
    LanguageConnectionContext lcc = activation.getLanguageConnectionContext();
    DataDictionary dd = lcc.getDataDictionary();
    String currentUser = lcc.getCurrentUserId(activation);
    TransactionController tc = lcc.getTransactionExecute();
    SchemaDescriptor sd = td.getSchemaDescriptor();
    // Check that the current user has permission to grant the privileges.
    checkOwnership(currentUser, td, sd, dd, lcc, grant);
    DataDescriptorGenerator ddg = dd.getDataDescriptorGenerator();
    TablePermsDescriptor tablePermsDesc = ddg.newTablePermsDescriptor(td, getPermString(SELECT_ACTION, false), getPermString(DELETE_ACTION, false), getPermString(INSERT_ACTION, false), getPermString(UPDATE_ACTION, false), getPermString(REFERENCES_ACTION, false), getPermString(TRIGGER_ACTION, false), currentUser);
    ColPermsDescriptor[] colPermsDescs = new ColPermsDescriptor[columnBitSets.length];
    for (int i = 0; i < columnBitSets.length; i++) {
        if (columnBitSets[i] != null || // should be removed.
        (!grant) && hasColumnPermissions(i) && actionAllowed[i]) {
            colPermsDescs[i] = ddg.newColPermsDescriptor(td, getActionString(i, false), columnBitSets[i], currentUser);
        }
    }
    dd.startWriting(lcc);
    // Add or remove the privileges to/from the SYS.SYSTABLEPERMS and SYS.SYSCOLPERMS tables
    for (Iterator itr = grantees.iterator(); itr.hasNext(); ) {
        // Keep track to see if any privileges are revoked by a revoke
        // statement. If a privilege is not revoked, we need to raise a
        // warning. For table privileges, we do not check if privilege for
        // a specific action has been revoked or not. Also, we do not check
        // privileges for specific columns. If at least one privilege has
        // been revoked, we do not raise a warning. This has to be refined
        // further to check for specific actions/columns and raise warning
        // if any privilege has not been revoked.
        boolean privileges_revoked = false;
        String grantee = (String) itr.next();
        if (tablePermsDesc != null) {
            if (dd.addRemovePermissionsDescriptor(grant, tablePermsDesc, grantee, tc)) {
                privileges_revoked = true;
                dd.getDependencyManager().invalidateFor(tablePermsDesc, DependencyManager.REVOKE_PRIVILEGE, lcc);
                // When revoking a privilege from a Table we need to
                // invalidate all GPSs refering to it. But GPSs aren't
                // Dependents of TablePermsDescr, but of the
                // TableDescriptor itself, so we must send
                // INTERNAL_RECOMPILE_REQUEST to the TableDescriptor's
                // Dependents.
                dd.getDependencyManager().invalidateFor(td, DependencyManager.INTERNAL_RECOMPILE_REQUEST, lcc);
            }
        }
        for (int i = 0; i < columnBitSets.length; i++) {
            if (colPermsDescs[i] != null) {
                if (dd.addRemovePermissionsDescriptor(grant, colPermsDescs[i], grantee, tc)) {
                    privileges_revoked = true;
                    dd.getDependencyManager().invalidateFor(colPermsDescs[i], DependencyManager.REVOKE_PRIVILEGE, lcc);
                    // When revoking a privilege from a Table we need to
                    // invalidate all GPSs refering to it. But GPSs aren't
                    // Dependents of colPermsDescs[i], but of the
                    // TableDescriptor itself, so we must send
                    // INTERNAL_RECOMPILE_REQUEST to the TableDescriptor's
                    // Dependents.
                    dd.getDependencyManager().invalidateFor(td, DependencyManager.INTERNAL_RECOMPILE_REQUEST, lcc);
                }
            }
        }
        addWarningIfPrivilegeNotRevoked(activation, grant, privileges_revoked, grantee);
    }
}

Example 7 with ColPermsDescriptor

use of org.apache.derby.iapi.sql.dictionary.ColPermsDescriptor in project derby by apache.

the class SYSCOLPERMSRowFactory method makeRow.

public ExecRow makeRow(TupleDescriptor td, TupleDescriptor parent) throws StandardException {
    UUID oid;
    String colPermID = null;
    DataValueDescriptor grantee = null;
    DataValueDescriptor grantor = null;
    String tableID = null;
    String type = null;
    FormatableBitSet columns = null;
    if (td == null) {
        grantee = getNullAuthorizationID();
        grantor = getNullAuthorizationID();
    } else {
        ColPermsDescriptor cpd = (ColPermsDescriptor) td;
        oid = cpd.getUUID();
        if (oid == null) {
            oid = getUUIDFactory().createUUID();
            cpd.setUUID(oid);
        }
        colPermID = oid.toString();
        grantee = getAuthorizationID(cpd.getGrantee());
        grantor = getAuthorizationID(cpd.getGrantor());
        tableID = cpd.getTableUUID().toString();
        type = cpd.getType();
        columns = cpd.getColumns();
    }
    ExecRow row = getExecutionFactory().getValueRow(COLUMN_COUNT);
    row.setColumn(COLPERMSID_COL_NUM, new SQLChar(colPermID));
    row.setColumn(GRANTEE_COL_NUM, grantee);
    row.setColumn(GRANTOR_COL_NUM, grantor);
    row.setColumn(TABLEID_COL_NUM, new SQLChar(tableID));
    row.setColumn(TYPE_COL_NUM, new SQLChar(type));
    row.setColumn(COLUMNS_COL_NUM, new UserType((Object) columns));
    return row;
}

Example 8 with ColPermsDescriptor

use of org.apache.derby.iapi.sql.dictionary.ColPermsDescriptor in project derby by apache.

the class SYSCOLPERMSRowFactory method buildIndexKeyRow.

/**
 * builds an index key row for a given index number.
 */
public ExecIndexRow buildIndexKeyRow(int indexNumber, PermissionsDescriptor perm) throws StandardException {
    ExecIndexRow row = null;
    switch(indexNumber) {
        case GRANTEE_TABLE_TYPE_GRANTOR_INDEX_NUM:
            // RESOLVE We do not support the FOR GRANT OPTION, so column permission rows are unique on the
            // grantee, table UUID, and type columns. The grantor column will always have the name of the owner of the
            // table. So the index key, used for searching the index, only has grantee, table UUID, and type columns.
            // It does not have a grantor column.
            // 
            // If we support FOR GRANT OPTION then there may be multiple table permissions rows for a
            // (grantee, tableID, type) combination. We must either handle the multiple rows, which is necessary for
            // checking permissions, or add a grantor column to the key, which is necessary for granting or revoking
            // permissions.
            row = getExecutionFactory().getIndexableRow(3);
            row.setColumn(1, getAuthorizationID(perm.getGrantee()));
            ColPermsDescriptor colPerms = (ColPermsDescriptor) perm;
            String tableUUIDStr = colPerms.getTableUUID().toString();
            row.setColumn(2, new SQLChar(tableUUIDStr));
            row.setColumn(3, new SQLChar(colPerms.getType()));
            break;
        case COLPERMSID_INDEX_NUM:
            row = getExecutionFactory().getIndexableRow(1);
            String colPermsUUIDStr = perm.getObjectID().toString();
            row.setColumn(1, new SQLChar(colPermsUUIDStr));
            break;
        case TABLEID_INDEX_NUM:
            row = getExecutionFactory().getIndexableRow(1);
            colPerms = (ColPermsDescriptor) perm;
            tableUUIDStr = colPerms.getTableUUID().toString();
            row.setColumn(1, new SQLChar(tableUUIDStr));
            break;
    }
    return row;
}

Example 9 with ColPermsDescriptor

use of org.apache.derby.iapi.sql.dictionary.ColPermsDescriptor in project derby by apache.

the class SYSCOLPERMSRowFactory method buildDescriptor.

// end of makeRow
/**
 * builds a tuple descriptor from a row
 */
public TupleDescriptor buildDescriptor(ExecRow row, TupleDescriptor parentTuple, DataDictionary dataDictionary) throws StandardException {
    if (SanityManager.DEBUG)
        SanityManager.ASSERT(row.nColumns() == COLUMN_COUNT, "Wrong size row passed to SYSCOLPERMSRowFactory.buildDescriptor");
    String colPermsUUIDString = row.getColumn(COLPERMSID_COL_NUM).getString();
    UUID colPermsUUID = getUUIDFactory().recreateUUID(colPermsUUIDString);
    String tableUUIDString = row.getColumn(TABLEID_COL_NUM).getString();
    UUID tableUUID = getUUIDFactory().recreateUUID(tableUUIDString);
    String type = row.getColumn(TYPE_COL_NUM).getString();
    FormatableBitSet columns = (FormatableBitSet) row.getColumn(COLUMNS_COL_NUM).getObject();
    if (SanityManager.DEBUG)
        SanityManager.ASSERT("s".equals(type) || "S".equals(type) || "u".equals(type) || "U".equals(type) || "r".equals(type) || "R".equals(type), "Invalid type passed to SYSCOLPERMSRowFactory.buildDescriptor");
    ColPermsDescriptor colPermsDesc = new ColPermsDescriptor(dataDictionary, getAuthorizationID(row, GRANTEE_COL_NUM), getAuthorizationID(row, GRANTOR_COL_NUM), tableUUID, type, columns);
    colPermsDesc.setUUID(colPermsUUID);
    return colPermsDesc;
}

Example 10 with ColPermsDescriptor

use of org.apache.derby.iapi.sql.dictionary.ColPermsDescriptor in project derby by apache.

the class SYSCOLPERMSRowFactory method removePermissions.

// end of orPermissions
/**
 * Remove a set of permissions from a row from this catalog table
 *
 * @param row an existing row
 * @param perm a permission descriptor of the appropriate class for this PermissionsCatalogRowFactory class.
 * @param colsChanged An array with one element for each column in row. It is updated to
 *                    indicate which columns in row were changed
 *
 * @return -1 if there are no permissions left in the row, otherwise the number of columns that were changed.
 *
 * @exception StandardException standard error policy
 */
public int removePermissions(ExecRow row, PermissionsDescriptor perm, boolean[] colsChanged) throws StandardException {
    ColPermsDescriptor colPerms = (ColPermsDescriptor) perm;
    FormatableBitSet removeColSet = colPerms.getColumns();
    if (removeColSet == null)
        // remove all of them
        return -1;
    FormatableBitSet existingColSet = (FormatableBitSet) row.getColumn(COLUMNS_COL_NUM).getObject();
    boolean changed = false;
    for (int i = removeColSet.anySetBit(); i >= 0; i = removeColSet.anySetBit(i)) {
        if (existingColSet.get(i)) {
            existingColSet.clear(i);
            changed = true;
        }
    }
    if (changed) {
        colsChanged[COLUMNS_COL_NUM - 1] = true;
        if (existingColSet.anySetBit() < 0)
            // No column privileges left
            return -1;
        // A change, but there are some privileges left
        return 1;
    }
    // no change
    return 0;
}