*/
protected void storeConstraintDependenciesOnPrivileges(
Activation activation, Dependent dependent, UUID refTableUUID)
throws StandardException
{
LanguageConnectionContext lcc = activation.getLanguageConnectionContext();
DataDictionary dd = lcc.getDataDictionary();
DependencyManager dm = dd.getDependencyManager();
//If the Database Owner is creating this constraint, then no need to
//collect any privilege dependencies because the Database Owner can
//access any objects without any restrictions
if (!(lcc.getAuthorizationId().equals(dd.getAuthorizationDatabaseOwner())))
{
PermissionsDescriptor permDesc;
//Now, it is time to add into dependency system, constraint's
//dependency on REFERENCES privilege. If the REFERENCES privilege is
//revoked from the constraint owner, the constraint will get
//dropped automatically.
List requiredPermissionsList = activation.getPreparedStatement().getRequiredPermissionsList();
if (requiredPermissionsList != null && ! requiredPermissionsList.isEmpty())
{
for(Iterator iter = requiredPermissionsList.iterator();iter.hasNext();)
{
StatementPermission statPerm = (StatementPermission) iter.next();
//First check if we are dealing with a Table or
//Column level privilege. All the other privileges
//are not required for a foreign key constraint.
if (statPerm instanceof StatementTablePermission)
{//It is a table/column level privilege
StatementTablePermission statementTablePermission =
(StatementTablePermission) statPerm;
//Check if we are dealing with REFERENCES privilege.
//If not, move on to the next privilege in the
//required privileges list
if (statementTablePermission.getPrivType() != Authorizer.REFERENCES_PRIV)
continue;
//Next check is this REFERENCES privilege is
//on the same table as referenced by the foreign
//key constraint? If not, move on to the next
//privilege in the required privileges list
if (!statementTablePermission.getTableUUID().equals(refTableUUID))
continue;
} else if (statPerm instanceof StatementSchemaPermission
|| statPerm instanceof StatementRoutinePermission)
continue;
//We know that we are working with a REFERENCES
//privilege. Find all the PermissionDescriptors for
//this privilege and make constraint depend on it
//through dependency manager.
//The REFERENCES privilege could be defined at the
//table level or it could be defined at individual
//column levels. In addition, individual column
//REFERENCES privilege could be available at the
//user level or PUBLIC level.
permDesc = statPerm.getPermissionDescriptor(lcc.getAuthorizationId(), dd);
if (permDesc == null)
{
//No REFERENCES privilege exists for given
//authorizer at table or column level.
//REFERENCES privilege has to exist at at PUBLIC level
permDesc = statPerm.getPermissionDescriptor(Authorizer.PUBLIC_AUTHORIZATION_ID, dd);
if (!(permDesc.checkOwner(lcc.getAuthorizationId())))
dm.addDependency(dependent, permDesc, lcc.getContextManager());
} else
//if the object on which permission is required is owned by the
//same user as the current user, then no need to keep that
//object's privilege dependency in the dependency system
if (!(permDesc.checkOwner(lcc.getAuthorizationId())))
{
dm.addDependency(dependent, permDesc, lcc.getContextManager());
if (permDesc instanceof ColPermsDescriptor)
{
//The if statement above means we found a
//REFERENCES privilege at column level for
//the given authorizer. If this privilege
//doesn't cover all the column , then there
//has to exisit REFERENCES for the remaining
//columns at PUBLIC level. Get that permission
//descriptor and save it in dependency system
StatementColumnPermission statementColumnPermission = (StatementColumnPermission) statPerm;
permDesc = statementColumnPermission.getPUBLIClevelColPermsDescriptor(lcc.getAuthorizationId(), dd);
//Following if checks if some column level privileges
//exist only at public level. If so, then the public
//level column privilege dependency is added
//into the dependency system
if (permDesc != null)
dm.addDependency(dependent, permDesc, lcc.getContextManager());
}
}
//We have found the REFERENCES privilege for all the
//columns in foreign key constraint and we don't
//need to go through the rest of the privileges