for (Iterator gIter = grantees.iterator(); gIter.hasNext();) {
String grantee = (String)gIter.next();
// check that role exists
RoleDescriptor rd = dd.getRoleDefinitionDescriptor(role);
if (rd == null) {
throw StandardException.
newException(SQLState.ROLE_INVALID_SPECIFICATION, role);
}
// Check that role is granted to us (or PUBLIC) with
// WITH ADMIN option so we can grant it. For database
// owner, a role definition always fulfills this
// requirement. If we implement granting with WITH ADMIN
// option later, we need to look for a grant to us (or
// PUBLIC) which has WITH ADMIN. The role definition
// descriptor will not suffice in that case, so we
// need something like:
//
// rd = dd.findRoleGrantWithAdminToRoleOrPublic(grantor)
// if (rd != null) {
// :
if (grantor.equals(rd.getGrantee())) {
// All ok, we are database owner
if (SanityManager.DEBUG) {
SanityManager.ASSERT(
lcc.getDataDictionary().
getAuthorizationDatabaseOwner().
equals(grantor),
"expected database owner in role descriptor");
SanityManager.ASSERT(
rd.isWithAdminOption(),
"expected role definition to have ADMIN OPTION");
}
} else {
throw StandardException.newException
(SQLState.AUTH_ROLE_DBO_ONLY, "GRANT role");
}
rd = dd.getRoleGrantDescriptor(role, grantee, grantor);
if (rd != null && withAdminOption && !rd.isWithAdminOption()) {
// NOTE: Never called yet, withAdminOption not yet
// implemented.
// Remove old descriptor and add a new one with admin
// option: cf. SQL 2003, section 12.5, general rule 3
rd.drop(lcc);
rd.setWithAdminOption(true);
dd.addDescriptor(rd,
null, // parent
DataDictionary.SYSROLES_CATALOG_NUM,
false, // no duplicatesAllowed
tc);
} else if (rd == null) {
RoleDescriptor gd = dd.getRoleDefinitionDescriptor(grantee);
if (gd != null) {
// FIXME: Grantee is role, need to check for circularity
}