Examples with PermDescriptor org.apache.derby.iapi.sql.dictionary.PermDescriptor used on opensource projects

Example 1 with PermDescriptor

use of org.apache.derby.iapi.sql.dictionary.PermDescriptor in project derby by apache.

the class PermissionsCacheable method setIdentity.

/* Cacheable interface */
public Cacheable setIdentity(Object key) throws StandardException {
    // to access that column subset.
    if (key instanceof TablePermsDescriptor) {
        TablePermsDescriptor tablePermsKey = (TablePermsDescriptor) key;
        permissions = dd.getUncachedTablePermsDescriptor(tablePermsKey);
        if (permissions == null) {
            // The owner has all privileges unless they have been revoked.
            TableDescriptor td = dd.getTableDescriptor(tablePermsKey.getTableUUID());
            SchemaDescriptor sd = td.getSchemaDescriptor();
            if (sd.isSystemSchema()) {
                // RESOLVE The access to system tables is hard coded to SELECT only to everyone.
                // Is this the way we want Derby to work? Should we allow revocation of read access
                // to system tables? If so we must explicitly add a row to the SYS.SYSTABLEPERMISSIONS
                // table for each system table when a database is created.
                permissions = new TablePermsDescriptor(dd, tablePermsKey.getGrantee(), (String) null, tablePermsKey.getTableUUID(), "Y", "N", "N", "N", "N", "N");
                // give the permission the same UUID as the system table
                ((TablePermsDescriptor) permissions).setUUID(tablePermsKey.getTableUUID());
            } else if (tablePermsKey.getGrantee().equals(sd.getAuthorizationId())) {
                permissions = new TablePermsDescriptor(dd, tablePermsKey.getGrantee(), Authorizer.SYSTEM_AUTHORIZATION_ID, tablePermsKey.getTableUUID(), "Y", "Y", "Y", "Y", "Y", "Y");
            } else {
                permissions = new TablePermsDescriptor(dd, tablePermsKey.getGrantee(), (String) null, tablePermsKey.getTableUUID(), "N", "N", "N", "N", "N", "N");
            }
        }
    } else if (key instanceof ColPermsDescriptor) {
        ColPermsDescriptor colPermsKey = (ColPermsDescriptor) key;
        permissions = dd.getUncachedColPermsDescriptor(colPermsKey);
        if (permissions == null)
            permissions = new ColPermsDescriptor(dd, colPermsKey.getGrantee(), (String) null, colPermsKey.getTableUUID(), colPermsKey.getType(), (FormatableBitSet) null);
    } else if (key instanceof RoutinePermsDescriptor) {
        RoutinePermsDescriptor routinePermsKey = (RoutinePermsDescriptor) key;
        permissions = dd.getUncachedRoutinePermsDescriptor(routinePermsKey);
        if (permissions == null) {
            // The owner has all privileges unless they have been revoked.
            try {
                AliasDescriptor ad = dd.getAliasDescriptor(routinePermsKey.getRoutineUUID());
                SchemaDescriptor sd = dd.getSchemaDescriptor(ad.getSchemaUUID(), ConnectionUtil.getCurrentLCC().getTransactionExecute());
                if (sd.isSystemSchema() && !sd.isSchemaWithGrantableRoutines())
                    permissions = new RoutinePermsDescriptor(dd, routinePermsKey.getGrantee(), (String) null, routinePermsKey.getRoutineUUID(), true);
                else if (routinePermsKey.getGrantee().equals(sd.getAuthorizationId()))
                    permissions = new RoutinePermsDescriptor(dd, routinePermsKey.getGrantee(), Authorizer.SYSTEM_AUTHORIZATION_ID, routinePermsKey.getRoutineUUID(), true);
            } catch (java.sql.SQLException sqle) {
                throw StandardException.plainWrapException(sqle);
            }
        }
    } else if (key instanceof PermDescriptor) {
        PermDescriptor permKey = (PermDescriptor) key;
        permissions = dd.getUncachedGenericPermDescriptor(permKey);
        if (permissions == null) {
            // The owner has all privileges unless they have been revoked.
            String objectType = permKey.getObjectType();
            String privilege = permKey.getPermission();
            UUID protectedObjectsID = permKey.getPermObjectId();
            PrivilegedSQLObject pso = PermDescriptor.getProtectedObject(dd, protectedObjectsID, objectType);
            SchemaDescriptor sd = pso.getSchemaDescriptor();
            if (permKey.getGrantee().equals(sd.getAuthorizationId())) {
                permissions = new PermDescriptor(dd, null, objectType, pso.getUUID(), privilege, Authorizer.SYSTEM_AUTHORIZATION_ID, permKey.getGrantee(), true);
            }
        }
    } else {
        if (SanityManager.DEBUG)
            SanityManager.NOTREACHED();
        return null;
    }
    if (permissions != null) {
        return this;
    }
    return null;
}

Example 2 with PermDescriptor

use of org.apache.derby.iapi.sql.dictionary.PermDescriptor in project derby by apache.

the class SYSPERMSRowFactory method makeRow.

/**
 * Make a SYSPERMS row
 *
 * @param td     a permission descriptor
 * @param parent unused
 * @return Row suitable for inserting into SYSPERMS.
 * @throws org.apache.derby.shared.common.error.StandardException
 *          thrown on failure
 */
public ExecRow makeRow(TupleDescriptor td, TupleDescriptor parent) throws StandardException {
    ExecRow row;
    String permIdString = null;
    String objectType = "SEQUENCE";
    String objectIdString = null;
    String permission = "USAGE";
    String grantor = null;
    String grantee = null;
    boolean grantable = false;
    if (td != null) {
        PermDescriptor sd = (PermDescriptor) td;
        UUID pid = sd.getUUID();
        if (pid == null) {
            pid = getUUIDFactory().createUUID();
            sd.setUUID(pid);
        }
        permIdString = pid.toString();
        objectType = sd.getObjectType();
        UUID oid = sd.getPermObjectId();
        objectIdString = oid.toString();
        permission = sd.getPermission();
        grantor = sd.getGrantor();
        grantee = sd.getGrantee();
        grantable = sd.isGrantable();
    }
    /* Build the row to insert */
    row = getExecutionFactory().getValueRow(SYSPERMS_COLUMN_COUNT);
    /* 1st column is UUID */
    row.setColumn(1, new SQLChar(permIdString));
    /* 2nd column is OBJECTTYPE */
    row.setColumn(2, new SQLVarchar(objectType));
    /* 3rd column is OBJECTID */
    row.setColumn(3, new SQLChar(objectIdString));
    /* 4nd column is OBJECTTYPE */
    row.setColumn(4, new SQLChar(permission));
    /* 5nd column is GRANTOR */
    row.setColumn(5, new SQLVarchar(grantor));
    /* 6nd column is GRANTEE */
    row.setColumn(6, new SQLVarchar(grantee));
    /* 7nd column is IS_GRANTABLE */
    row.setColumn(7, new SQLChar(grantable ? "Y" : "N"));
    return row;
}

Example 3 with PermDescriptor

use of org.apache.derby.iapi.sql.dictionary.PermDescriptor in project derby by apache.

the class GenericPrivilegeInfo method executeGrantRevoke.

// /////////////////////////////////////////////////////////////////////////////////
// 
// PrivilegeInfo BEHAVIOR
// 
// /////////////////////////////////////////////////////////////////////////////////
/**
 *	This is the guts of the Execution-time logic for GRANT/REVOKE generic privileges.
 *
 * @param activation
 * @param grant true if grant, false if revoke
 * @param grantees a list of authorization ids (strings)
 *
 * @exception StandardException		Thrown on failure
 */
public void executeGrantRevoke(Activation activation, boolean grant, List grantees) throws StandardException {
    // Check that the current user has permission to grant the privileges.
    LanguageConnectionContext lcc = activation.getLanguageConnectionContext();
    DataDictionary dd = lcc.getDataDictionary();
    String currentUser = lcc.getCurrentUserId(activation);
    TransactionController tc = lcc.getTransactionExecute();
    SchemaDescriptor sd = _tupleDescriptor.getSchemaDescriptor();
    UUID objectID = _tupleDescriptor.getUUID();
    String objectTypeName = _tupleDescriptor.getObjectTypeName();
    // Check that the current user has permission to grant the privileges.
    checkOwnership(currentUser, (TupleDescriptor) _tupleDescriptor, sd, dd);
    DataDescriptorGenerator ddg = dd.getDataDescriptorGenerator();
    PermDescriptor permDesc = ddg.newPermDescriptor(null, objectTypeName, objectID, _privilege, currentUser, null, false);
    dd.startWriting(lcc);
    for (Iterator itr = grantees.iterator(); itr.hasNext(); ) {
        // Keep track to see if any privileges are revoked by a revoke
        // statement. If a privilege is not revoked, we need to raise a
        // warning.
        boolean privileges_revoked = false;
        String grantee = (String) itr.next();
        if (dd.addRemovePermissionsDescriptor(grant, permDesc, grantee, tc)) {
            // 
            // We fall in here if we are performing REVOKE.
            // 
            privileges_revoked = true;
            int invalidationType = _restrict ? DependencyManager.REVOKE_PRIVILEGE_RESTRICT : DependencyManager.REVOKE_PRIVILEGE;
            dd.getDependencyManager().invalidateFor(permDesc, invalidationType, lcc);
            // Now invalidate all GPSs refering to the object.
            dd.getDependencyManager().invalidateFor(_tupleDescriptor, invalidationType, lcc);
        }
        addWarningIfPrivilegeNotRevoked(activation, grant, privileges_revoked, grantee);
    }
}

Example 4 with PermDescriptor

use of org.apache.derby.iapi.sql.dictionary.PermDescriptor in project derby by apache.

the class SYSPERMSRowFactory method buildDescriptor.

// /////////////////////////////////////////////////////////////////////////
// 
// ABSTRACT METHODS TO BE IMPLEMENTED BY CHILDREN OF CatalogRowFactory
// 
// /////////////////////////////////////////////////////////////////////////
/**
 * Make an  Tuple Descriptor out of a SYSPERMS row
 *
 * @param row                   a SYSPERMS row
 * @param parentTupleDescriptor unused
 * @param dd                    dataDictionary
 * @return a  descriptor equivalent to a SYSPERMS row
 * @throws org.apache.derby.shared.common.error.StandardException
 *          thrown on failure
 */
public TupleDescriptor buildDescriptor(ExecRow row, TupleDescriptor parentTupleDescriptor, DataDictionary dd) throws StandardException {
    DataValueDescriptor col;
    PermDescriptor descriptor;
    String permIdString;
    String objectType;
    String objectIdString;
    String permission;
    String grantor;
    String grantee;
    String isGrantable;
    DataDescriptorGenerator ddg = dd.getDataDescriptorGenerator();
    if (SanityManager.DEBUG) {
        SanityManager.ASSERT(row.nColumns() == SYSPERMS_COLUMN_COUNT, "Wrong number of columns for a SYSPERMS row");
    }
    // first column is uuid of this permission descriptor (char(36))
    col = row.getColumn(SYSPERMS_PERMISSIONID);
    permIdString = col.getString();
    // second column is objectType (varchar(36))
    col = row.getColumn(SYSPERMS_OBJECTTYPE);
    objectType = col.getString();
    // third column is objectid (varchar(36))
    col = row.getColumn(SYSPERMS_OBJECTID);
    objectIdString = col.getString();
    // fourth column is permission (varchar(128))
    col = row.getColumn(SYSPERMS_PERMISSION);
    permission = col.getString();
    // fifth column is grantor auth Id (varchar(128))
    col = row.getColumn(SYSPERMS_GRANTOR);
    grantor = col.getString();
    // sixth column is grantee auth Id (varchar(128))
    col = row.getColumn(SYSPERMS_GRANTEE);
    grantee = col.getString();
    // seventh column is isGrantable (char(1))
    col = row.getColumn(SYSPERMS_IS_GRANTABLE);
    isGrantable = col.getString();
    descriptor = ddg.newPermDescriptor(getUUIDFactory().recreateUUID(permIdString), objectType, getUUIDFactory().recreateUUID(objectIdString), permission, grantor, grantee, isGrantable.equals("Y") ? true : false);
    return descriptor;
}