use of org.hsqldb_voltpatches.rights.Grantee in project voltdb by VoltDB.
the class ParserDDL method compileRightGrantOrRevoke.
private StatementSchema compileRightGrantOrRevoke(boolean grant) {
OrderedHashSet granteeList = new OrderedHashSet();
Grantee grantor = null;
Right right = null;
// SchemaObject schemaObject;
HsqlName objectName = null;
boolean isTable = false;
boolean isUsage = false;
boolean isExec = false;
boolean isAll = false;
boolean isGrantOption = false;
boolean cascade = false;
if (!grant) {
if (token.tokenType == Tokens.GRANT) {
read();
readThis(Tokens.OPTION);
readThis(Tokens.FOR);
isGrantOption = true;
// throw not suppoerted
} else if (token.tokenType == Tokens.HIERARCHY) {
throw unsupportedFeature();
/*
read();
readThis(Token.OPTION);
readThis(Token.FOR);
*/
}
}
// ALL means all the rights the grantor can grant
if (token.tokenType == Tokens.ALL) {
read();
if (token.tokenType == Tokens.PRIVILEGES) {
read();
}
right = Right.fullRights;
isAll = true;
} else {
right = new Right();
boolean loop = true;
while (loop) {
checkIsNotQuoted();
int rightType = GranteeManager.getCheckSingleRight(token.tokenString);
int grantType = token.tokenType;
OrderedHashSet columnSet = null;
read();
switch(grantType) {
case Tokens.REFERENCES:
case Tokens.SELECT:
case Tokens.INSERT:
case Tokens.UPDATE:
if (token.tokenType == Tokens.OPENBRACKET) {
columnSet = readColumnNames(false);
}
// $FALL-THROUGH$
case Tokens.DELETE:
case Tokens.TRIGGER:
if (right == null) {
right = new Right();
}
right.set(rightType, columnSet);
isTable = true;
break;
case Tokens.USAGE:
if (isTable) {
throw unexpectedToken();
}
right = Right.fullRights;
isUsage = true;
loop = false;
continue;
case Tokens.EXECUTE:
if (isTable) {
throw unexpectedToken();
}
right = Right.fullRights;
isExec = true;
loop = false;
continue;
}
if (token.tokenType == Tokens.COMMA) {
read();
continue;
}
break;
}
}
readThis(Tokens.ON);
if (token.tokenString.equals(Tokens.T_CLASS)) {
if (!isExec && !isAll) {
throw unexpectedToken();
}
read();
if (!isSimpleName() || !isDelimitedIdentifier()) {
throw Error.error(ErrorCode.X_42569);
}
objectName = readNewSchemaObjectNameNoCheck(SchemaObject.FUNCTION);
} else if (token.tokenType == Tokens.TYPE || token.tokenType == Tokens.DOMAIN || token.tokenType == Tokens.SEQUENCE || token.tokenType == Tokens.CHARACTER) {
if (!isUsage && !isAll) {
throw unexpectedToken();
}
int type = 0;
switch(token.tokenType) {
case Tokens.TYPE:
read();
type = SchemaObject.TYPE;
break;
case Tokens.DOMAIN:
read();
type = SchemaObject.DOMAIN;
break;
case Tokens.SEQUENCE:
read();
type = SchemaObject.SEQUENCE;
break;
case Tokens.CHARACTER:
read();
readThis(Tokens.SET);
type = SchemaObject.CHARSET;
break;
}
objectName = readNewSchemaObjectNameNoCheck(type);
} else {
if (!isTable && !isAll) {
throw unexpectedToken();
}
readIfThis(Tokens.TABLE);
objectName = readNewSchemaObjectNameNoCheck(SchemaObject.TABLE);
}
if (grant) {
readThis(Tokens.TO);
} else {
readThis(Tokens.FROM);
}
while (true) {
checkIsSimpleName();
granteeList.add(token.tokenString);
read();
if (token.tokenType == Tokens.COMMA) {
read();
} else {
break;
}
}
if (grant) {
if (token.tokenType == Tokens.WITH) {
read();
readThis(Tokens.GRANT);
readThis(Tokens.OPTION);
isGrantOption = true;
}
/** @todo - implement */
if (token.tokenType == Tokens.GRANTED) {
read();
readThis(Tokens.BY);
if (token.tokenType == Tokens.CURRENT_USER) {
read();
//
} else {
readThis(Tokens.CURRENT_ROLE);
}
}
} else {
if (token.tokenType == Tokens.CASCADE) {
cascade = true;
read();
} else {
readThis(Tokens.RESTRICT);
}
}
int type = grant ? StatementTypes.GRANT : StatementTypes.REVOKE;
Object[] args = new Object[] { granteeList, objectName, right, grantor, Boolean.valueOf(cascade), Boolean.valueOf(isGrantOption) };
String sql = getLastPart();
StatementSchema cs = new StatementSchema(sql, type, args, null, null);
return cs;
}
use of org.hsqldb_voltpatches.rights.Grantee in project voltdb by VoltDB.
the class ParserDDL method compileRoleGrantOrRevoke.
private StatementSchema compileRoleGrantOrRevoke(boolean grant) {
Grantee grantor = session.getGrantee();
OrderedHashSet roleList = new OrderedHashSet();
OrderedHashSet granteeList = new OrderedHashSet();
boolean cascade = false;
if (!grant && token.tokenType == Tokens.ADMIN) {
throw unsupportedFeature();
/*
read();
readThis(Token.OPTION);
readThis(Token.FOR);
*/
}
while (true) {
checkIsSimpleName();
roleList.add(token.tokenString);
read();
if (token.tokenType == Tokens.COMMA) {
read();
continue;
}
break;
}
if (grant) {
readThis(Tokens.TO);
} else {
readThis(Tokens.FROM);
}
while (true) {
checkIsSimpleName();
granteeList.add(token.tokenString);
read();
if (token.tokenType == Tokens.COMMA) {
read();
} else {
break;
}
}
if (grant) {
if (token.tokenType == Tokens.WITH) {
throw unsupportedFeature();
/*
read();
readThis(Token.ADMIN);
readThis(Token.OPTION);
*/
}
}
if (token.tokenType == Tokens.GRANTED) {
read();
readThis(Tokens.BY);
if (token.tokenType == Tokens.CURRENT_USER) {
read();
} else {
readThis(Tokens.CURRENT_ROLE);
}
}
if (!grant) {
if (token.tokenType == Tokens.CASCADE) {
cascade = true;
read();
} else {
readThis(Tokens.RESTRICT);
}
}
int type = grant ? StatementTypes.GRANT_ROLE : StatementTypes.REVOKE_ROLE;
Object[] args = new Object[] { granteeList, roleList, grantor, Boolean.valueOf(cascade) };
String sql = getLastPart();
StatementSchema cs = new StatementSchema(sql, type, args, null, null);
return cs;
}
use of org.hsqldb_voltpatches.rights.Grantee in project voltdb by VoltDB.
the class DatabaseInformationFull method USAGE_PRIVILEGES.
/**
* The USAGE_PRIVILEGES view has one row for each usage privilege
* descriptor. <p>
*
* It effectively contains a representation of the usage privilege
* descriptors. <p>
*
* <b>Definition:</b> <p>
*
* <pre class="SqlCodeExample">
* CREATE TABLE SYSTEM_USAGE_PRIVILEGES (
* GRANTOR VARCHAR NOT NULL,
* GRANTEE VARCHAR NOT NULL,
* OBJECT_CATALOG VARCHAR NULL,
* OBJECT_SCHEMA VARCHAR NULL,
* OBJECT_NAME VARCHAR NOT NULL,
* OBJECT_TYPE VARCHAR NOT NULL
*
* CHECK ( OBJECT_TYPE IN (
* 'DOMAIN',
* 'CHARACTER SET',
* 'COLLATION',
* 'TRANSLATION',
* 'SEQUENCE' ) ),
*
* IS_GRANTABLE VARCHAR NOT NULL
*
* CHECK ( IS_GRANTABLE IN ( 'YES', 'NO' ) ),
*
* UNIQUE( GRANTOR, GRANTEE, OBJECT_CATALOG,
* OBJECT_SCHEMA, OBJECT_NAME, OBJECT_TYPE )
* )
* </pre>
*
* <b>Description:</b><p>
*
* <ol>
* <li> The value of GRANTOR is the <authorization identifier> of the
* user or role who granted usage privileges on the object of the type
* identified by OBJECT_TYPE that is identified by OBJECT_CATALOG,
* OBJECT_SCHEMA, and OBJECT_NAME, to the user or role identified by the
* value of GRANTEE forthe usage privilege being described. <p>
*
* <li> The value of GRANTEE is the <authorization identifier> of some
* user or role, or PUBLIC to indicate all users, to whom the usage
* privilege being described is granted. <p>
*
* <li> The values of OBJECT_CATALOG, OBJECT_SCHEMA, and OBJECT_NAME are the
* catalog name, unqualified schema name, and qualified identifier,
* respectively, of the object to which the privilege applies. <p>
*
* <li> The values of OBJECT_TYPE have the following meanings: <p>
*
* <table border cellpadding="3">
* <tr>
* <td nowrap>DOMAIN</td>
* <td nowrap>The object to which the privilege applies is
* a domain.</td>
* <tr>
* <tr>
* <td nowrap>CHARACTER SET</td>
* <td nowrap>The object to which the privilege applies is a
* character set.</td>
* <tr>
* <tr>
* <td nowrap>COLLATION</td>
* <td nowrap>The object to which the privilege applies is a
* collation.</td>
* <tr>
* <tr>
* <td nowrap>TRANSLATION</td>
* <td nowrap>The object to which the privilege applies is a
* transliteration.</td>
* <tr>
* <tr>
* <td nowrap>SEQUENCE</td>
* <td nowrap>The object to which the privilege applies is a
* sequence generator.</td>
* <tr>
* </table> <p>
*
* <li> The values of IS_GRANTABLE have the following meanings: <p>
*
* <table border cellpadding="3">
* <tr>
* <td nowrap>YES</td>
* <td nowrap>The privilege being described was granted
* WITH GRANT OPTION and is thus grantable.</td>
* <tr>
* <tr>
* <td nowrap>NO</td>
* <td nowrap>The privilege being described was not granted
* WITH GRANT OPTION and is thus not grantable.</td>
* <tr>
* </table> <p>
* <ol>
*
* @return Table
*/
Table USAGE_PRIVILEGES() {
Table t = sysTables[USAGE_PRIVILEGES];
if (t == null) {
t = createBlankTable(sysTableHsqlNames[USAGE_PRIVILEGES]);
// not null
addColumn(t, "GRANTOR", SQL_IDENTIFIER);
// not null
addColumn(t, "GRANTEE", SQL_IDENTIFIER);
addColumn(t, "OBJECT_CATALOG", SQL_IDENTIFIER);
addColumn(t, "OBJECT_SCHEMA", SQL_IDENTIFIER);
// not null
addColumn(t, "OBJECT_NAME", SQL_IDENTIFIER);
// not null
addColumn(t, "OBJECT_TYPE", CHARACTER_DATA);
addColumn(t, "PRIVILEGE_TYPE", CHARACTER_DATA);
// not null
addColumn(t, "IS_GRANTABLE", YES_OR_NO);
// order: COLUMN_NAME, PRIVILEGE
// for unique: GRANTEE, GRANTOR, TABLE_NAME, TABLE_SCHEM, TABLE_CAT
// false PK, as TABLE_SCHEM and/or TABLE_CAT may be null
HsqlName name = HsqlNameManager.newInfoSchemaObjectName(sysTableHsqlNames[USAGE_PRIVILEGES].name, false, SchemaObject.INDEX);
t.createPrimaryKey(name, new int[] { 0, 1, 2, 3, 4, 5, 6, 7 }, false);
return t;
}
//
Object[] row;
//
final int grantor = 0;
final int grantee = 1;
final int object_catalog = 2;
final int object_schema = 3;
final int object_name = 4;
final int object_type = 5;
final int privilege_type = 6;
final int is_grantable = 7;
PersistentStore store = database.persistentStoreCollection.getStore(t);
Iterator objects = new WrapperIterator(database.schemaManager.databaseObjectIterator(SchemaObject.SEQUENCE), database.schemaManager.databaseObjectIterator(SchemaObject.COLLATION));
objects = new WrapperIterator(objects, database.schemaManager.databaseObjectIterator(SchemaObject.CHARSET));
objects = new WrapperIterator(objects, database.schemaManager.databaseObjectIterator(SchemaObject.DOMAIN));
/*
objects = new WrapperIterator(
objects,
database.schemaManager.databaseObjectIterator(SchemaObject.TYPE));
*/
OrderedHashSet grantees = session.getGrantee().getGranteeAndAllRolesWithPublic();
while (objects.hasNext()) {
SchemaObject object = (SchemaObject) objects.next();
for (int i = 0; i < grantees.size(); i++) {
Grantee granteeObject = (Grantee) grantees.get(i);
OrderedHashSet rights = granteeObject.getAllDirectPrivileges(object);
OrderedHashSet grants = granteeObject.getAllGrantedPrivileges(object);
if (!grants.isEmpty()) {
grants.addAll(rights);
rights = grants;
}
for (int j = 0; j < rights.size(); j++) {
Right right = (Right) rights.get(j);
Right grantableRight = right.getGrantableRights();
row = t.getEmptyRowData();
row[grantor] = right.getGrantor().getName().name;
row[grantee] = right.getGrantee().getName().name;
row[object_catalog] = database.getCatalogName().name;
row[object_schema] = object.getSchemaName().name;
row[object_name] = object.getName().name;
row[object_type] = SchemaObjectSet.getName(object.getName().type);
row[privilege_type] = Tokens.T_USAGE;
row[is_grantable] = right.getGrantee() == object.getOwner() || grantableRight.isFull() ? Tokens.T_YES : Tokens.T_NO;
;
try {
t.insertSys(store, row);
} catch (HsqlException e) {
}
}
}
}
return t;
}
use of org.hsqldb_voltpatches.rights.Grantee in project voltdb by VoltDB.
the class DatabaseInformationMain method COLUMN_PRIVILEGES.
// -----------------------------------------------------------------------------
// SQL SCHEMATA VIEWS
// limited to views used in JDBC DatabaseMetaData
/**
* Retrieves a <code>Table</code> object describing the visible
* access rights for all visible columns of all accessible
* tables defined within this database.<p>
*
* Each row is a column privilege description with the following
* columns: <p>
*
* <pre class="SqlCodeExample">
* TABLE_CAT VARCHAR table catalog
* TABLE_SCHEM VARCHAR table schema
* TABLE_NAME VARCHAR table name
* COLUMN_NAME VARCHAR column name
* GRANTOR VARCHAR grantor of access
* GRANTEE VARCHAR grantee of access
* PRIVILEGE VARCHAR name of access
* IS_GRANTABLE VARCHAR grantable?: "YES" - grant to others, else "NO"
* </pre>
*
* <b>Note:</b> From 1.9.0, HSQLDB supports column level
* privileges. <p>
*
* @return a <code>Table</code> object describing the visible
* access rights for all visible columns of
* all accessible tables defined within this
* database
*/
final Table COLUMN_PRIVILEGES() {
Table t = sysTables[COLUMN_PRIVILEGES];
if (t == null) {
t = createBlankTable(sysTableHsqlNames[COLUMN_PRIVILEGES]);
// not null
addColumn(t, "GRANTOR", SQL_IDENTIFIER);
// not null
addColumn(t, "GRANTEE", SQL_IDENTIFIER);
addColumn(t, "TABLE_CATALOG", SQL_IDENTIFIER);
addColumn(t, "TABLE_SCHEMA", SQL_IDENTIFIER);
// not null
addColumn(t, "TABLE_NAME", SQL_IDENTIFIER);
// not null
addColumn(t, "COLUMN_NAME", SQL_IDENTIFIER);
// not null
addColumn(t, "PRIVILEGE_TYPE", CHARACTER_DATA);
// not null
addColumn(t, "IS_GRANTABLE", YES_OR_NO);
HsqlName name = HsqlNameManager.newInfoSchemaObjectName(sysTableHsqlNames[COLUMN_PRIVILEGES].name, false, SchemaObject.INDEX);
t.createPrimaryKey(name, new int[] { 2, 3, 4, 5, 6, 1, 0 }, false);
return t;
}
PersistentStore store = database.persistentStoreCollection.getStore(t);
// calculated column values
String tableCatalog;
String tableSchema;
String tableName;
Grantee granteeObject;
// intermediate holders
User user;
Iterator tables;
Table table;
Object[] row;
// column number mappings
final int grantor = 0;
final int grantee = 1;
final int table_catalog = 2;
final int table_schema = 3;
final int table_name = 4;
final int column_name = 5;
final int privilege_type = 6;
final int is_grantable = 7;
// enumerations
OrderedHashSet grantees = session.getGrantee().getGranteeAndAllRolesWithPublic();
// Initialization
tables = allTables();
while (tables.hasNext()) {
table = (Table) tables.next();
tableName = table.getName().name;
tableCatalog = database.getCatalogName().name;
tableSchema = table.getSchemaName().name;
for (int i = 0; i < grantees.size(); i++) {
granteeObject = (Grantee) grantees.get(i);
OrderedHashSet rights = granteeObject.getAllDirectPrivileges(table);
OrderedHashSet grants = granteeObject.getAllGrantedPrivileges(table);
if (!grants.isEmpty()) {
grants.addAll(rights);
rights = grants;
}
for (int j = 0; j < rights.size(); j++) {
Right right = (Right) rights.get(j);
Right grantableRight = right.getGrantableRights();
for (int k = 0; k < Right.privilegeTypes.length; k++) {
OrderedHashSet columnList = right.getColumnsForPrivilege(table, Right.privilegeTypes[k]);
OrderedHashSet grantableList = grantableRight.getColumnsForPrivilege(table, Right.privilegeTypes[k]);
for (int l = 0; l < columnList.size(); l++) {
HsqlName fullName = ((HsqlName) columnList.get(l));
row = t.getEmptyRowData();
row[grantor] = right.getGrantor().getName().name;
row[grantee] = right.getGrantee().getName().name;
row[table_catalog] = tableCatalog;
row[table_schema] = tableSchema;
row[table_name] = tableName;
row[column_name] = fullName.name;
row[privilege_type] = Right.privilegeNames[k];
row[is_grantable] = right.getGrantee() == table.getOwner() || grantableList.contains(fullName) ? "YES" : "NO";
try {
t.insertSys(store, row);
} catch (HsqlException e) {
}
}
}
}
}
}
return t;
}
use of org.hsqldb_voltpatches.rights.Grantee in project voltdb by VoltDB.
the class DatabaseInformationMain method TABLE_PRIVILEGES.
/*
WHERE ( GRANTEE IN ( 'PUBLIC', CURRENT_USER )
OR GRANTEE IN ( SELECT ROLE_NAME FROM ENABLED_ROLES )
OR GRANTOR = CURRENT_USER
OR GRANTOR IN ( SELECT ROLE_NAME FROM ENABLED_ROLES ) )
*/
/**
* The TABLE_PRIVILEGES view has one row for each visible access
* right for each accessible table definied within this database. <p>
*
* Each row is a table privilege description with the following columns: <p>
*
* <pre class="SqlCodeExample">
* GRANTOR VARCHAR grantor of access
* GRANTEE VARCHAR grantee of access
* TABLE_CATALOG VARCHAR table catalog
* TABLE_SCHEMA VARCHAR table schema
* TABLE_NAME VARCHAR table name
* PRIVILEGE_TYPE VARCHAR { "SELECT" | "INSERT" | "UPDATE" | "DELETE" | "REFERENCES" | "TRIGGER" }
* IS_GRANTABLE VARCHAR { "YES" | "NO" }
* WITH_HIERARCHY { "YES" | "NO" }
* </pre>
*
* @return a <code>Table</code> object describing the visible
* access rights for each accessible table
* defined within this database
*/
final Table TABLE_PRIVILEGES() {
Table t = sysTables[TABLE_PRIVILEGES];
if (t == null) {
t = createBlankTable(sysTableHsqlNames[TABLE_PRIVILEGES]);
// not null
addColumn(t, "GRANTOR", SQL_IDENTIFIER);
// not null
addColumn(t, "GRANTEE", SQL_IDENTIFIER);
addColumn(t, "TABLE_CATALOG", SQL_IDENTIFIER);
addColumn(t, "TABLE_SCHEMA", SQL_IDENTIFIER);
// not null
addColumn(t, "TABLE_NAME", SQL_IDENTIFIER);
// not null
addColumn(t, "PRIVILEGE_TYPE", CHARACTER_DATA);
// not null
addColumn(t, "IS_GRANTABLE", YES_OR_NO);
addColumn(t, "WITH_HIERARCHY", YES_OR_NO);
//
HsqlName name = HsqlNameManager.newInfoSchemaObjectName(sysTableHsqlNames[SEQUENCES].name, false, SchemaObject.INDEX);
t.createPrimaryKey(name, new int[] { 0, 1, 2, 3, 4, 5, 6 }, false);
return t;
}
PersistentStore store = database.persistentStoreCollection.getStore(t);
// calculated column values
String tableCatalog;
String tableSchema;
String tableName;
Grantee granteeObject;
String privilege;
// intermediate holders
Iterator tables;
Table table;
Object[] row;
// column number mappings
final int grantor = 0;
final int grantee = 1;
final int table_catalog = 2;
final int table_schema = 3;
final int table_name = 4;
final int privilege_type = 5;
final int is_grantable = 6;
final int with_hierarchy = 7;
OrderedHashSet grantees = session.getGrantee().getGranteeAndAllRolesWithPublic();
tables = allTables();
while (tables.hasNext()) {
table = (Table) tables.next();
tableName = table.getName().name;
tableCatalog = table.getCatalogName().name;
tableSchema = table.getSchemaName().name;
for (int i = 0; i < grantees.size(); i++) {
granteeObject = (Grantee) grantees.get(i);
OrderedHashSet rights = granteeObject.getAllDirectPrivileges(table);
OrderedHashSet grants = granteeObject.getAllGrantedPrivileges(table);
if (!grants.isEmpty()) {
grants.addAll(rights);
rights = grants;
}
for (int j = 0; j < rights.size(); j++) {
Right right = (Right) rights.get(j);
Right grantableRight = right.getGrantableRights();
for (int k = 0; k < Right.privilegeTypes.length; k++) {
if (!right.canAccess(Right.privilegeTypes[k])) {
continue;
}
privilege = Right.privilegeNames[k];
row = t.getEmptyRowData();
row[grantor] = right.getGrantor().getName().name;
row[grantee] = right.getGrantee().getName().name;
row[table_catalog] = tableCatalog;
row[table_schema] = tableSchema;
row[table_name] = tableName;
row[privilege_type] = privilege;
row[is_grantable] = right.getGrantee() == table.getOwner() || grantableRight.canAccess(Right.privilegeTypes[k]) ? "YES" : "NO";
row[with_hierarchy] = "NO";
try {
t.insertSys(store, row);
} catch (HsqlException e) {
}
}
}
}
}
return t;
}
Aggregations