Package org.apache.derby.iapi.sql.dictionary

Examples of org.apache.derby.iapi.sql.dictionary.PermissionsDescriptor


          TransactionController tc,
          ExecIndexRow keyRow)
      throws StandardException
  {
    ExecRow curRow;
    PermissionsDescriptor perm;
    TabInfoImpl  ti = getNonCoreTI(SYSTABLEPERMS_CATALOG_NUM);
    SYSTABLEPERMSRowFactory rf = (SYSTABLEPERMSRowFactory) ti.getCatalogRowFactory();

    while ((curRow=ti.getRow(tc, keyRow, rf.TABLEID_INDEX_NUM)) != null)
    {
View Full Code Here


          TransactionController tc,
          ExecIndexRow keyRow)
      throws StandardException
  {
    ExecRow curRow;
    PermissionsDescriptor perm;
    TabInfoImpl  ti = getNonCoreTI(SYSCOLPERMS_CATALOG_NUM);
    SYSCOLPERMSRowFactory rf = (SYSCOLPERMSRowFactory) ti.getCatalogRowFactory();

    while ((curRow=ti.getRow(tc, keyRow, rf.TABLEID_INDEX_NUM)) != null)
    {
View Full Code Here

            throws StandardException {
        TabInfoImpl ti = getNonCoreTI(SYSPERMS_CATALOG_NUM);
        SYSPERMSRowFactory rf = (SYSPERMSRowFactory) ti.getCatalogRowFactory();
        DataValueDescriptor objIdOrderable;
        ExecRow curRow;
        PermissionsDescriptor perm;

        // In Derby authorization mode, permission catalogs may not be present
        if (!usesSqlAuthorization)
            return;
View Full Code Here

  {
    TabInfoImpl  ti = getNonCoreTI(SYSROUTINEPERMS_CATALOG_NUM);
    SYSROUTINEPERMSRowFactory rf = (SYSROUTINEPERMSRowFactory) ti.getCatalogRowFactory();
    DataValueDescriptor  routineIdOrderable;
    ExecRow curRow;
    PermissionsDescriptor perm;

    // In Derby authorization mode, permission catalogs may not be present
    if (!usesSqlAuthorization)
      return;
View Full Code Here

        }

        if (action == DataDictionaryImpl.EXISTS) {
          return true;
        } else if (action == DataDictionaryImpl.DROP) {
          PermissionsDescriptor perm = (PermissionsDescriptor)rf.
            buildDescriptor(outRow,
                    (TupleDescriptor) null,
                    this);
          removePermEntryInCache(perm);
          ti.deleteRow(tc, indexRow, indexNo);
View Full Code Here

          TransactionController tc,
          ExecIndexRow keyRow)
      throws StandardException
  {
    ExecRow curRow;
    PermissionsDescriptor perm;
    TabInfoImpl  ti = getNonCoreTI(SYSTABLEPERMS_CATALOG_NUM);
    SYSTABLEPERMSRowFactory rf = (SYSTABLEPERMSRowFactory) ti.getCatalogRowFactory();

    while ((curRow=ti.getRow(tc, keyRow, rf.TABLEID_INDEX_NUM)) != null)
    {
View Full Code Here

          TransactionController tc,
          ExecIndexRow keyRow)
      throws StandardException
  {
    ExecRow curRow;
    PermissionsDescriptor perm;
    TabInfoImpl  ti = getNonCoreTI(SYSCOLPERMS_CATALOG_NUM);
    SYSCOLPERMSRowFactory rf = (SYSCOLPERMSRowFactory) ti.getCatalogRowFactory();

    while ((curRow=ti.getRow(tc, keyRow, rf.TABLEID_INDEX_NUM)) != null)
    {
View Full Code Here

            throws StandardException {
        TabInfoImpl ti = getNonCoreTI(SYSPERMS_CATALOG_NUM);
        SYSPERMSRowFactory rf = (SYSPERMSRowFactory) ti.getCatalogRowFactory();
        DataValueDescriptor objIdOrderable;
        ExecRow curRow;
        PermissionsDescriptor perm;

        // In Derby authorization mode, permission catalogs may not be present
        if (!usesSqlAuthorization)
            return;
View Full Code Here

    //If the Database Owner is creating this constraint, then no need to
    //collect any privilege dependencies because the Database Owner can  
    //access any objects without any restrictions
        if (! currentUser.equals( dd.getAuthorizationDatabaseOwner()) )
    {
      PermissionsDescriptor permDesc;
      // Now, it is time to add into dependency system the FOREIGN
      // constraint's dependency on REFERENCES privilege, or, if it is a
      // CHECK constraint, any EXECUTE or USAGE privileges. If the REFERENCES is
      // revoked from the constraint owner, the constraint will get
      // dropped automatically.
      List requiredPermissionsList = activation.getPreparedStatement().getRequiredPermissionsList();

      if (requiredPermissionsList != null && ! requiredPermissionsList.isEmpty())
      {
        for(Iterator iter = requiredPermissionsList.iterator();iter.hasNext();)
        {
          StatementPermission statPerm = (StatementPermission) iter.next();
          //First check if we are dealing with a Table or
          //Column level privilege. All the other privileges
          //are not required for a foreign key constraint.
          if (statPerm instanceof StatementTablePermission)
          {//It is a table/column level privilege
            StatementTablePermission statementTablePermission =
              (StatementTablePermission) statPerm;
            //Check if we are dealing with REFERENCES privilege.
            //If not, move on to the next privilege in the
            //required privileges list
            if (statementTablePermission.getPrivType() != Authorizer.REFERENCES_PRIV)
              continue;
            //Next check is this REFERENCES privilege is
            //on the same table as referenced by the foreign
            //key constraint? If not, move on to the next
            //privilege in the required privileges list
            if (!statementTablePermission.getTableUUID().equals(refTableUUID))
              continue;
          } else if (statPerm instanceof StatementSchemaPermission
                || statPerm instanceof StatementRolePermission
                               || statPerm instanceof StatementGenericPermission ) {
            continue;
          } else {
            if (SanityManager.DEBUG) {
              SanityManager.ASSERT(
                statPerm instanceof StatementRoutinePermission,
                "only StatementRoutinePermission expected");
            }

            // skip if this permission concerns a function not
            // referenced by this constraint
            StatementRoutinePermission rp =
              (StatementRoutinePermission)statPerm;
            if (!inProviderSet(providers, rp.getRoutineUUID())) {
              continue;
            }
          }


          // We know that we are working with a REFERENCES, EXECUTE, or USAGE
          // privilege. Find all the PermissionDescriptors for this
          // privilege and make constraint depend on it through
          // dependency manager.  The REFERENCES privilege could be
          // defined at the table level or it could be defined at
          // individual column levels. In addition, individual column
          // REFERENCES privilege could be available at the user
          // level, PUBLIC or role level.  EXECUTE and USAGE privileges could be
          // available at the user level, PUBLIC or role level.
                    permDesc = statPerm.getPermissionDescriptor(
                        currentUser, dd);

          if (permDesc == null)
          {
            // No privilege exists for given user. The privilege
            // has to exist at at PUBLIC level....

            permDesc = statPerm.getPermissionDescriptor(Authorizer.PUBLIC_AUTHORIZATION_ID, dd);
            // .... or at the role level. Additionally, for column
            // level privileges, even if *some* were available at
            // the PUBLIC level others may be still be missing,
            // hence the call in the test below to
            // allColumnsCoveredByUserOrPUBLIC.
            boolean roleUsed = false;

            if (permDesc == null ||
              ((permDesc instanceof ColPermsDescriptor) &&
                                 ! ((StatementColumnPermission)statPerm).
                                   allColumnsCoveredByUserOrPUBLIC(
                                       currentUser, dd))) {
              roleUsed = true;
              permDesc = findRoleUsage(activation, statPerm);
            }

            // If the user accessing the object is the owner of
            // that object, then no privilege tracking is needed
            // for the owner.
                        if (! permDesc.checkOwner(currentUser) ) {

                            dm.addDependency(dependent, permDesc,
                       lcc.getContextManager());

              if (roleUsed) {
                // We had to rely on role, so track that
                // dependency, too.
                trackRoleDependency
                  (activation, dependent, roleDepAdded);
              }
            }
          } else
            //if the object on which permission is required is owned by the
            //same user as the current user, then no need to keep that
            //object's privilege dependency in the dependency system
                    if (! permDesc.checkOwner(currentUser))
          {
            dm.addDependency(dependent, permDesc, lcc.getContextManager());
            if (permDesc instanceof ColPermsDescriptor)
            {
              // The if statement above means we found a
              // REFERENCES privilege at column level for the
              // given authorizer. If this privilege doesn't
              // cover all the column , then there has to exisit
              // REFERENCES for the remaining columns at PUBLIC
              // level or at role level.  Get that permission
              // descriptor and save it in dependency system
              StatementColumnPermission
                statementColumnPermission = (
                  StatementColumnPermission)statPerm;
              permDesc = statementColumnPermission.
                                getPUBLIClevelColPermsDescriptor(
                                    currentUser, dd);
              //Following if checks if some column level privileges
              //exist only at public level. If so, then the public
              //level column privilege dependency is added
              //into the dependency system
              if (permDesc != null &&
                  permDesc.getObjectID() != null) {
                // User did not have all required column
                // permissions and at least one column is
                // covered by PUBLIC.
                dm.addDependency(dependent, permDesc,
                         lcc.getContextManager());
View Full Code Here

    DataDictionary dd = lcc.getDataDictionary();
    RoleGrantDescriptor rootGrant = null;
    String role = lcc.getCurrentRoleId(activation);
    String dbo = dd.getAuthorizationDatabaseOwner();
        String currentUser = lcc.getCurrentUserId(activation);
    PermissionsDescriptor permDesc = null;

    if (SanityManager.DEBUG) {
      SanityManager.ASSERT(
        role != null,
        "Unexpected: current role is not set");
View Full Code Here

TOP

Related Classes of org.apache.derby.iapi.sql.dictionary.PermissionsDescriptor

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.