Examples with RoutinePermsDescriptor org.apache.derby.iapi.sql.dictionary.RoutinePermsDescriptor used on opensource projects

Example 1 with RoutinePermsDescriptor

use of org.apache.derby.iapi.sql.dictionary.RoutinePermsDescriptor in project derby by apache.

the class PermissionsCacheable method setIdentity.

/* Cacheable interface */
public Cacheable setIdentity(Object key) throws StandardException {
    // to access that column subset.
    if (key instanceof TablePermsDescriptor) {
        TablePermsDescriptor tablePermsKey = (TablePermsDescriptor) key;
        permissions = dd.getUncachedTablePermsDescriptor(tablePermsKey);
        if (permissions == null) {
            // The owner has all privileges unless they have been revoked.
            TableDescriptor td = dd.getTableDescriptor(tablePermsKey.getTableUUID());
            SchemaDescriptor sd = td.getSchemaDescriptor();
            if (sd.isSystemSchema()) {
                // RESOLVE The access to system tables is hard coded to SELECT only to everyone.
                // Is this the way we want Derby to work? Should we allow revocation of read access
                // to system tables? If so we must explicitly add a row to the SYS.SYSTABLEPERMISSIONS
                // table for each system table when a database is created.
                permissions = new TablePermsDescriptor(dd, tablePermsKey.getGrantee(), (String) null, tablePermsKey.getTableUUID(), "Y", "N", "N", "N", "N", "N");
                // give the permission the same UUID as the system table
                ((TablePermsDescriptor) permissions).setUUID(tablePermsKey.getTableUUID());
            } else if (tablePermsKey.getGrantee().equals(sd.getAuthorizationId())) {
                permissions = new TablePermsDescriptor(dd, tablePermsKey.getGrantee(), Authorizer.SYSTEM_AUTHORIZATION_ID, tablePermsKey.getTableUUID(), "Y", "Y", "Y", "Y", "Y", "Y");
            } else {
                permissions = new TablePermsDescriptor(dd, tablePermsKey.getGrantee(), (String) null, tablePermsKey.getTableUUID(), "N", "N", "N", "N", "N", "N");
            }
        }
    } else if (key instanceof ColPermsDescriptor) {
        ColPermsDescriptor colPermsKey = (ColPermsDescriptor) key;
        permissions = dd.getUncachedColPermsDescriptor(colPermsKey);
        if (permissions == null)
            permissions = new ColPermsDescriptor(dd, colPermsKey.getGrantee(), (String) null, colPermsKey.getTableUUID(), colPermsKey.getType(), (FormatableBitSet) null);
    } else if (key instanceof RoutinePermsDescriptor) {
        RoutinePermsDescriptor routinePermsKey = (RoutinePermsDescriptor) key;
        permissions = dd.getUncachedRoutinePermsDescriptor(routinePermsKey);
        if (permissions == null) {
            // The owner has all privileges unless they have been revoked.
            try {
                AliasDescriptor ad = dd.getAliasDescriptor(routinePermsKey.getRoutineUUID());
                SchemaDescriptor sd = dd.getSchemaDescriptor(ad.getSchemaUUID(), ConnectionUtil.getCurrentLCC().getTransactionExecute());
                if (sd.isSystemSchema() && !sd.isSchemaWithGrantableRoutines())
                    permissions = new RoutinePermsDescriptor(dd, routinePermsKey.getGrantee(), (String) null, routinePermsKey.getRoutineUUID(), true);
                else if (routinePermsKey.getGrantee().equals(sd.getAuthorizationId()))
                    permissions = new RoutinePermsDescriptor(dd, routinePermsKey.getGrantee(), Authorizer.SYSTEM_AUTHORIZATION_ID, routinePermsKey.getRoutineUUID(), true);
            } catch (java.sql.SQLException sqle) {
                throw StandardException.plainWrapException(sqle);
            }
        }
    } else if (key instanceof PermDescriptor) {
        PermDescriptor permKey = (PermDescriptor) key;
        permissions = dd.getUncachedGenericPermDescriptor(permKey);
        if (permissions == null) {
            // The owner has all privileges unless they have been revoked.
            String objectType = permKey.getObjectType();
            String privilege = permKey.getPermission();
            UUID protectedObjectsID = permKey.getPermObjectId();
            PrivilegedSQLObject pso = PermDescriptor.getProtectedObject(dd, protectedObjectsID, objectType);
            SchemaDescriptor sd = pso.getSchemaDescriptor();
            if (permKey.getGrantee().equals(sd.getAuthorizationId())) {
                permissions = new PermDescriptor(dd, null, objectType, pso.getUUID(), privilege, Authorizer.SYSTEM_AUTHORIZATION_ID, permKey.getGrantee(), true);
            }
        }
    } else {
        if (SanityManager.DEBUG)
            SanityManager.NOTREACHED();
        return null;
    }
    if (permissions != null) {
        return this;
    }
    return null;
}

Example 2 with RoutinePermsDescriptor

use of org.apache.derby.iapi.sql.dictionary.RoutinePermsDescriptor in project derby by apache.

the class SYSROUTINEPERMSRowFactory method makeRow.

public ExecRow makeRow(TupleDescriptor td, TupleDescriptor parent) throws StandardException {
    UUID oid;
    String routinePermID = null;
    DataValueDescriptor grantee = null;
    DataValueDescriptor grantor = null;
    String routineID = null;
    if (td == null) {
        grantee = getNullAuthorizationID();
        grantor = getNullAuthorizationID();
    } else {
        RoutinePermsDescriptor rpd = (RoutinePermsDescriptor) td;
        oid = rpd.getUUID();
        if (oid == null) {
            oid = getUUIDFactory().createUUID();
            rpd.setUUID(oid);
        }
        routinePermID = oid.toString();
        grantee = getAuthorizationID(rpd.getGrantee());
        grantor = getAuthorizationID(rpd.getGrantor());
        if (rpd.getRoutineUUID() != null)
            routineID = rpd.getRoutineUUID().toString();
    }
    ExecRow row = getExecutionFactory().getValueRow(COLUMN_COUNT);
    row.setColumn(ROUTINEPERMSID_COL_NUM, new SQLChar(routinePermID));
    row.setColumn(GRANTEE_COL_NUM, grantee);
    row.setColumn(GRANTOR_COL_NUM, grantor);
    row.setColumn(ALIASID_COL_NUM, new SQLChar(routineID));
    row.setColumn(GRANTOPTION_COL_NUM, new SQLChar("N"));
    return row;
}

Example 3 with RoutinePermsDescriptor

use of org.apache.derby.iapi.sql.dictionary.RoutinePermsDescriptor in project derby by apache.

the class SYSROUTINEPERMSRowFactory method buildIndexKeyRow.

/**
 * builds an index key row given for a given index number.
 */
public ExecIndexRow buildIndexKeyRow(int indexNumber, PermissionsDescriptor perm) throws StandardException {
    ExecIndexRow row = null;
    switch(indexNumber) {
        case GRANTEE_ALIAS_GRANTOR_INDEX_NUM:
            // RESOLVE We do not support the FOR GRANT OPTION, so rougine permission rows are unique on the
            // grantee and alias UUID columns. The grantor column will always have the name of the owner of the
            // routine. So the index key, used for searching the index, only has grantee and alias UUID columns.
            // It does not have a grantor column.
            // 
            // If we support FOR GRANT OPTION then there may be multiple routine permissions rows for a
            // (grantee, aliasID) combination. Since there is only one kind of routine permission (execute)
            // execute permission checking need not worry about multiple routine permission rows for a
            // (grantee, aliasID) combination, it only cares whether there are any. Grant and revoke must
            // look through multiple rows to see if the current user has grant/revoke permission and use
            // the full key in checking for the pre-existence of the permission being granted or revoked.
            row = getExecutionFactory().getIndexableRow(2);
            row.setColumn(1, getAuthorizationID(perm.getGrantee()));
            String routineUUIDStr = ((RoutinePermsDescriptor) perm).getRoutineUUID().toString();
            row.setColumn(2, new SQLChar(routineUUIDStr));
            break;
        case ROUTINEPERMSID_INDEX_NUM:
            row = getExecutionFactory().getIndexableRow(1);
            String routinePermsUUIDStr = perm.getObjectID().toString();
            row.setColumn(1, new SQLChar(routinePermsUUIDStr));
            break;
        case ALIASID_INDEX_NUM:
            row = getExecutionFactory().getIndexableRow(1);
            routineUUIDStr = ((RoutinePermsDescriptor) perm).getRoutineUUID().toString();
            row.setColumn(1, new SQLChar(routineUUIDStr));
            break;
    }
    return row;
}

Example 4 with RoutinePermsDescriptor

use of org.apache.derby.iapi.sql.dictionary.RoutinePermsDescriptor in project derby by apache.

the class SYSROUTINEPERMSRowFactory method buildDescriptor.

// end of makeRow
/**
 * builds a tuple descriptor from a row
 */
public TupleDescriptor buildDescriptor(ExecRow row, TupleDescriptor parentTuple, DataDictionary dataDictionary) throws StandardException {
    if (SanityManager.DEBUG)
        SanityManager.ASSERT(row.nColumns() == COLUMN_COUNT, "Wrong size row passed to SYSROUTINEPERMSRowFactory.buildDescriptor");
    String routinePermsUUIDString = row.getColumn(ROUTINEPERMSID_COL_NUM).getString();
    UUID routinePermsUUID = getUUIDFactory().recreateUUID(routinePermsUUIDString);
    String aliasUUIDString = row.getColumn(ALIASID_COL_NUM).getString();
    UUID aliasUUID = getUUIDFactory().recreateUUID(aliasUUIDString);
    RoutinePermsDescriptor routinePermsDesc = new RoutinePermsDescriptor(dataDictionary, getAuthorizationID(row, GRANTEE_COL_NUM), getAuthorizationID(row, GRANTOR_COL_NUM), aliasUUID);
    routinePermsDesc.setUUID(routinePermsUUID);
    return routinePermsDesc;
}

Example 5 with RoutinePermsDescriptor

use of org.apache.derby.iapi.sql.dictionary.RoutinePermsDescriptor in project derby by apache.

the class RoutinePrivilegeInfo method executeGrantRevoke.

/**
 *	This is the guts of the Execution-time logic for GRANT/REVOKE of a routine execute privilege
 *
 * @param activation
 * @param grant true if grant, false if revoke
 * @param grantees a list of authorization ids (strings)
 *
 * @exception StandardException		Thrown on failure
 */
public void executeGrantRevoke(Activation activation, boolean grant, List grantees) throws StandardException {
    // Check that the current user has permission to grant the privileges.
    LanguageConnectionContext lcc = activation.getLanguageConnectionContext();
    DataDictionary dd = lcc.getDataDictionary();
    String currentUser = lcc.getCurrentUserId(activation);
    TransactionController tc = lcc.getTransactionExecute();
    // Check that the current user has permission to grant the privileges.
    checkOwnership(currentUser, aliasDescriptor, dd.getSchemaDescriptor(aliasDescriptor.getSchemaUUID(), tc), dd);
    DataDescriptorGenerator ddg = dd.getDataDescriptorGenerator();
    RoutinePermsDescriptor routinePermsDesc = ddg.newRoutinePermsDescriptor(aliasDescriptor, currentUser);
    dd.startWriting(lcc);
    for (Iterator itr = grantees.iterator(); itr.hasNext(); ) {
        // Keep track to see if any privileges are revoked by a revoke
        // statement. If a privilege is not revoked, we need to raise a
        // warning.
        boolean privileges_revoked = false;
        String grantee = (String) itr.next();
        if (dd.addRemovePermissionsDescriptor(grant, routinePermsDesc, grantee, tc)) {
            privileges_revoked = true;
            // Derby currently supports only restrict form of revoke execute
            // privilege and that is why, we are sending invalidation action
            // as REVOKE_PRIVILEGE_RESTRICT rather than REVOKE_PRIVILEGE
            dd.getDependencyManager().invalidateFor(routinePermsDesc, DependencyManager.REVOKE_PRIVILEGE_RESTRICT, lcc);
            // When revoking a privilege from a Routine we need to
            // invalidate all GPSs refering to it. But GPSs aren't
            // Dependents of RoutinePermsDescr, but of the
            // AliasDescriptor itself, so we must send
            // INTERNAL_RECOMPILE_REQUEST to the AliasDescriptor's
            // Dependents.
            dd.getDependencyManager().invalidateFor(aliasDescriptor, DependencyManager.INTERNAL_RECOMPILE_REQUEST, lcc);
        }
        addWarningIfPrivilegeNotRevoked(activation, grant, privileges_revoked, grantee);
    }
}