Package org.apache.derby.iapi.sql.dictionary

Examples of org.apache.derby.iapi.sql.dictionary.RoleDescriptor


            for (Iterator gIter = grantees.iterator(); gIter.hasNext();) {
                String grantee = (String)gIter.next();

                // check that role exists
                RoleDescriptor rd = dd.getRoleDefinitionDescriptor(role);

                if (rd == null) {
                    throw StandardException.
                        newException(SQLState.ROLE_INVALID_SPECIFICATION, role);
                }

                // Check that role is granted to us (or PUBLIC) with
                // WITH ADMIN option so we can grant it. For database
                // owner, a role definition always fulfills this
                // requirement.  If we implement granting with WITH ADMIN
                // option later, we need to look for a grant to us (or
                // PUBLIC) which has WITH ADMIN. The role definition
                // descriptor will not suffice in that case, so we
                // need something like:
                //
                // rd = dd.findRoleGrantWithAdminToRoleOrPublic(grantor)
                // if (rd != null) {
                //   :
                if (grantor.equals(rd.getGrantee())) {
                    // All ok, we are database owner
                    if (SanityManager.DEBUG) {
                        SanityManager.ASSERT(
                            lcc.getDataDictionary().
                            getAuthorizationDatabaseOwner().
                            equals(grantor),
                            "expected database owner in role descriptor");
                        SanityManager.ASSERT(
                            rd.isWithAdminOption(),
                            "expected role definition to have ADMIN OPTION");
                    }
                } else {
                    throw StandardException.newException
                        (SQLState.AUTH_ROLE_DBO_ONLY, "GRANT role");
                }

                rd = dd.getRoleGrantDescriptor(role, grantee, grantor);

                if (rd != null && withAdminOption && !rd.isWithAdminOption()) {
                    // NOTE: Never called yet, withAdminOption not yet
                    // implemented.

                    // Remove old descriptor and add a new one with admin
                    // option: cf. SQL 2003, section 12.5, general rule 3
                    rd.drop(lcc);
                    rd.setWithAdminOption(true);
                    dd.addDescriptor(rd,
                                     null,  // parent
                                     DataDictionary.SYSROLES_CATALOG_NUM,
                                     false, // no duplicatesAllowed
                                     tc);
                } else if (rd == null) {
                    RoleDescriptor gd = dd.getRoleDefinitionDescriptor(grantee);

                    if (gd != null) {
                        // FIXME: Grantee is role, need to check for circularity
                    }
View Full Code Here

TOP

Related Classes of org.apache.derby.iapi.sql.dictionary.RoleDescriptor

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.