Examples with TablePermsDescriptor org.apache.derby.iapi.sql.dictionary.TablePermsDescriptor used on opensource projects

Example 6 with TablePermsDescriptor

use of org.apache.derby.iapi.sql.dictionary.TablePermsDescriptor in project derby by apache.

the class PermissionsCacheable method setIdentity.

/* Cacheable interface */
public Cacheable setIdentity(Object key) throws StandardException {
    // to access that column subset.
    if (key instanceof TablePermsDescriptor) {
        TablePermsDescriptor tablePermsKey = (TablePermsDescriptor) key;
        permissions = dd.getUncachedTablePermsDescriptor(tablePermsKey);
        if (permissions == null) {
            // The owner has all privileges unless they have been revoked.
            TableDescriptor td = dd.getTableDescriptor(tablePermsKey.getTableUUID());
            SchemaDescriptor sd = td.getSchemaDescriptor();
            if (sd.isSystemSchema()) {
                // RESOLVE The access to system tables is hard coded to SELECT only to everyone.
                // Is this the way we want Derby to work? Should we allow revocation of read access
                // to system tables? If so we must explicitly add a row to the SYS.SYSTABLEPERMISSIONS
                // table for each system table when a database is created.
                permissions = new TablePermsDescriptor(dd, tablePermsKey.getGrantee(), (String) null, tablePermsKey.getTableUUID(), "Y", "N", "N", "N", "N", "N");
                // give the permission the same UUID as the system table
                ((TablePermsDescriptor) permissions).setUUID(tablePermsKey.getTableUUID());
            } else if (tablePermsKey.getGrantee().equals(sd.getAuthorizationId())) {
                permissions = new TablePermsDescriptor(dd, tablePermsKey.getGrantee(), Authorizer.SYSTEM_AUTHORIZATION_ID, tablePermsKey.getTableUUID(), "Y", "Y", "Y", "Y", "Y", "Y");
            } else {
                permissions = new TablePermsDescriptor(dd, tablePermsKey.getGrantee(), (String) null, tablePermsKey.getTableUUID(), "N", "N", "N", "N", "N", "N");
            }
        }
    } else if (key instanceof ColPermsDescriptor) {
        ColPermsDescriptor colPermsKey = (ColPermsDescriptor) key;
        permissions = dd.getUncachedColPermsDescriptor(colPermsKey);
        if (permissions == null)
            permissions = new ColPermsDescriptor(dd, colPermsKey.getGrantee(), (String) null, colPermsKey.getTableUUID(), colPermsKey.getType(), (FormatableBitSet) null);
    } else if (key instanceof RoutinePermsDescriptor) {
        RoutinePermsDescriptor routinePermsKey = (RoutinePermsDescriptor) key;
        permissions = dd.getUncachedRoutinePermsDescriptor(routinePermsKey);
        if (permissions == null) {
            // The owner has all privileges unless they have been revoked.
            try {
                AliasDescriptor ad = dd.getAliasDescriptor(routinePermsKey.getRoutineUUID());
                SchemaDescriptor sd = dd.getSchemaDescriptor(ad.getSchemaUUID(), ConnectionUtil.getCurrentLCC().getTransactionExecute());
                if (sd.isSystemSchema() && !sd.isSchemaWithGrantableRoutines())
                    permissions = new RoutinePermsDescriptor(dd, routinePermsKey.getGrantee(), (String) null, routinePermsKey.getRoutineUUID(), true);
                else if (routinePermsKey.getGrantee().equals(sd.getAuthorizationId()))
                    permissions = new RoutinePermsDescriptor(dd, routinePermsKey.getGrantee(), Authorizer.SYSTEM_AUTHORIZATION_ID, routinePermsKey.getRoutineUUID(), true);
            } catch (java.sql.SQLException sqle) {
                throw StandardException.plainWrapException(sqle);
            }
        }
    } else if (key instanceof PermDescriptor) {
        PermDescriptor permKey = (PermDescriptor) key;
        permissions = dd.getUncachedGenericPermDescriptor(permKey);
        if (permissions == null) {
            // The owner has all privileges unless they have been revoked.
            String objectType = permKey.getObjectType();
            String privilege = permKey.getPermission();
            UUID protectedObjectsID = permKey.getPermObjectId();
            PrivilegedSQLObject pso = PermDescriptor.getProtectedObject(dd, protectedObjectsID, objectType);
            SchemaDescriptor sd = pso.getSchemaDescriptor();
            if (permKey.getGrantee().equals(sd.getAuthorizationId())) {
                permissions = new PermDescriptor(dd, null, objectType, pso.getUUID(), privilege, Authorizer.SYSTEM_AUTHORIZATION_ID, permKey.getGrantee(), true);
            }
        }
    } else {
        if (SanityManager.DEBUG)
            SanityManager.NOTREACHED();
        return null;
    }
    if (permissions != null) {
        return this;
    }
    return null;
}

Example 7 with TablePermsDescriptor

use of org.apache.derby.iapi.sql.dictionary.TablePermsDescriptor in project derby by apache.

the class TablePrivilegeInfo method executeGrantRevoke.

/**
 *	This is the guts of the Execution-time logic for GRANT/REVOKE of a table privilege
 *
 * @param activation
 * @param grant true if grant, false if revoke
 * @param grantees a list of authorization ids (strings)
 *
 * @exception StandardException		Thrown on failure
 */
public void executeGrantRevoke(Activation activation, boolean grant, List grantees) throws StandardException {
    LanguageConnectionContext lcc = activation.getLanguageConnectionContext();
    DataDictionary dd = lcc.getDataDictionary();
    String currentUser = lcc.getCurrentUserId(activation);
    TransactionController tc = lcc.getTransactionExecute();
    SchemaDescriptor sd = td.getSchemaDescriptor();
    // Check that the current user has permission to grant the privileges.
    checkOwnership(currentUser, td, sd, dd, lcc, grant);
    DataDescriptorGenerator ddg = dd.getDataDescriptorGenerator();
    TablePermsDescriptor tablePermsDesc = ddg.newTablePermsDescriptor(td, getPermString(SELECT_ACTION, false), getPermString(DELETE_ACTION, false), getPermString(INSERT_ACTION, false), getPermString(UPDATE_ACTION, false), getPermString(REFERENCES_ACTION, false), getPermString(TRIGGER_ACTION, false), currentUser);
    ColPermsDescriptor[] colPermsDescs = new ColPermsDescriptor[columnBitSets.length];
    for (int i = 0; i < columnBitSets.length; i++) {
        if (columnBitSets[i] != null || // should be removed.
        (!grant) && hasColumnPermissions(i) && actionAllowed[i]) {
            colPermsDescs[i] = ddg.newColPermsDescriptor(td, getActionString(i, false), columnBitSets[i], currentUser);
        }
    }
    dd.startWriting(lcc);
    // Add or remove the privileges to/from the SYS.SYSTABLEPERMS and SYS.SYSCOLPERMS tables
    for (Iterator itr = grantees.iterator(); itr.hasNext(); ) {
        // Keep track to see if any privileges are revoked by a revoke
        // statement. If a privilege is not revoked, we need to raise a
        // warning. For table privileges, we do not check if privilege for
        // a specific action has been revoked or not. Also, we do not check
        // privileges for specific columns. If at least one privilege has
        // been revoked, we do not raise a warning. This has to be refined
        // further to check for specific actions/columns and raise warning
        // if any privilege has not been revoked.
        boolean privileges_revoked = false;
        String grantee = (String) itr.next();
        if (tablePermsDesc != null) {
            if (dd.addRemovePermissionsDescriptor(grant, tablePermsDesc, grantee, tc)) {
                privileges_revoked = true;
                dd.getDependencyManager().invalidateFor(tablePermsDesc, DependencyManager.REVOKE_PRIVILEGE, lcc);
                // When revoking a privilege from a Table we need to
                // invalidate all GPSs refering to it. But GPSs aren't
                // Dependents of TablePermsDescr, but of the
                // TableDescriptor itself, so we must send
                // INTERNAL_RECOMPILE_REQUEST to the TableDescriptor's
                // Dependents.
                dd.getDependencyManager().invalidateFor(td, DependencyManager.INTERNAL_RECOMPILE_REQUEST, lcc);
            }
        }
        for (int i = 0; i < columnBitSets.length; i++) {
            if (colPermsDescs[i] != null) {
                if (dd.addRemovePermissionsDescriptor(grant, colPermsDescs[i], grantee, tc)) {
                    privileges_revoked = true;
                    dd.getDependencyManager().invalidateFor(colPermsDescs[i], DependencyManager.REVOKE_PRIVILEGE, lcc);
                    // When revoking a privilege from a Table we need to
                    // invalidate all GPSs refering to it. But GPSs aren't
                    // Dependents of colPermsDescs[i], but of the
                    // TableDescriptor itself, so we must send
                    // INTERNAL_RECOMPILE_REQUEST to the TableDescriptor's
                    // Dependents.
                    dd.getDependencyManager().invalidateFor(td, DependencyManager.INTERNAL_RECOMPILE_REQUEST, lcc);
                }
            }
        }
        addWarningIfPrivilegeNotRevoked(activation, grant, privileges_revoked, grantee);
    }
}