Package org.apache.derby.iapi.sql.dictionary

Examples of org.apache.derby.iapi.sql.dictionary.RoleGrantDescriptor

3381
3382
3383
3384
3385
3386
3387
3388
3389
3390
3391
3392
3393
3394
3395
3396
3397
3398
3399
3400
3401
3402
3403
3404
3405
3406
3407
3408
3409
3410
3411
3412
      scanQualifier,                //
      (DataValueDescriptor[]) null, // stop position -through last row
      0);                           // stopSearchOperation - none

    ExecRow outRow =  rf.makeEmptyRow();
    RoleGrantDescriptor grantDescr;

    while (sc.fetchNext(outRow.getRowArray())) {
      grantDescr = (RoleGrantDescriptor)rf.buildDescriptor(
        outRow,
        (TupleDescriptor) null,
        this);

      // Next call is potentially inefficient.  We could read in
      // definitions first in a separate hash table limiting
      // this to a 2-pass scan.
      RoleGrantDescriptor granteeDef = getRoleDefinitionDescriptor
        (grantDescr.getGrantee());

      if (granteeDef == null) {
        // not a role, must be user authid, skip
        continue;
      }

      String hashKey;
      if (inverse) {
        hashKey = granteeDef.getRoleName();
      } else {
        hashKey = grantDescr.getRoleName();
      }

      List arcs = (List)hm.get(hashKey);
View Full Code Here
3660
3661
3662
3663
3664
3665
3666
3667
3668
3669
3670
            throws StandardException {

        DataDictionary dd = getDataDictionary();
        String dbo = dd.getAuthorizationDatabaseOwner();

        RoleGrantDescriptor grantDesc = null;
        String currentUser = getCurrentUserId(a);

        if (currentUser.equals(dbo)) {
            grantDesc = dd.getRoleDefinitionDescriptor(role);
        } else {
View Full Code Here
515
516
517
518
519
520
521
522
523
524
525
     StatementPermission statPerm) throws StandardException {

    LanguageConnectionContext lcc =
      activation.getLanguageConnectionContext();
    DataDictionary dd = lcc.getDataDictionary();
    RoleGrantDescriptor rootGrant = null;
    String role = lcc.getCurrentRoleId(activation);
    String dbo = dd.getAuthorizationDatabaseOwner();
        String currentUser = lcc.getCurrentUserId(activation);
    PermissionsDescriptor permDesc = null;
View Full Code Here
595
596
597
598
599
600
601
602
603
604
605
      DataDictionary dd = lcc.getDataDictionary();
      DependencyManager dm = dd.getDependencyManager();

      String role =
        lcc.getCurrentRoleId(activation);
      RoleGrantDescriptor rgd =
        dd.getRoleDefinitionDescriptor(role);

      dm.addDependency
        (dependent, rgd,
         lcc.getContextManager());
View Full Code Here
121
122
123
124
125
126
127
128
129
130
131
        this.dd = dd;
        this.tc = tc;
        seenSoFar = new HashMap();
        lifo      = new ArrayList(); // remaining work stack

        RoleGrantDescriptor dummy = new RoleGrantDescriptor
            (null,
             null,
             inverse ? root : null,
             inverse ? null : root,
             null,
View Full Code Here
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
            if (outArcs != null) {
                currNodeIter = outArcs.iterator();
            }
        }

        RoleGrantDescriptor result = null;

        while (result == null) {
            while (currNodeIter.hasNext()) {
                RoleGrantDescriptor r =
                    (RoleGrantDescriptor)currNodeIter.next();

                if (seenSoFar.containsKey
                        (inverse ? r.getRoleName() : r.getGrantee())) {
                    continue;
                } else {
                    lifo.add(r);
                    result = r;
                    break;
                }
            }

            if (result == null) {
                // not more candidates located outgoing from the
                // latest found node, pick another and continue
                RoleGrantDescriptor newNode = null;

                currNodeIter = null;

                while (lifo.size() > 0 && currNodeIter == null) {

                    newNode = (RoleGrantDescriptor)lifo.remove(lifo.size() - 1);

                    // In the example (see interface doc), the
                    // iterator of outgoing arcs for f (grant inverse)
                    // would contain {e,c,d}.
                    List outArcs = (List)graph.get(
                        inverse? newNode.getRoleName(): newNode.getGrantee());

                    if (outArcs != null) {
                        currNodeIter = outArcs.iterator();
                    } // else: leaf node, pop next candidate, if any
                }
View Full Code Here
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
        dd.startWriting(lcc);

        //
        // Check if this role already exists. If it does, throw.
        //
        RoleGrantDescriptor rdDef = dd.getRoleDefinitionDescriptor(roleName);

        if (rdDef != null) {
            throw StandardException.
                newException(SQLState.LANG_OBJECT_ALREADY_EXISTS,
                             rdDef.getDescriptorType(), roleName);
        }

        // Check if the proposed role id exists as a user id in
        // a privilege grant or as a built-in user ("best effort"; we
        // can't guarantee against collision if users are externally
View Full Code Here
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
            for (Iterator gIter = grantees.iterator(); gIter.hasNext();) {
                String grantee = (String)gIter.next();

                // check that role exists
                RoleGrantDescriptor rdDef =
                    dd.getRoleDefinitionDescriptor(role);

                if (rdDef == null) {
                    throw StandardException.
                        newException(SQLState.ROLE_INVALID_SPECIFICATION, role);
                }

                // Check that role is granted to us (or PUBLIC) with
                // WITH ADMIN option so we can grant (and hence
                // revoke) it. For database owner, a role definition
                // always fulfills this requirement.  If we implement
                // granting with WITH ADMIN option later, we need to
                // look for a grant to us or to PUBLIC which has WITH
                // ADMIN. The role definition descriptor will not
                // suffice in that case, so we need something like:
                //
                // rd = dd.findRoleGrantWithAdminToRoleOrPublic(grantor)
                // if (rd != null) {
                //   :
                if (grantor.equals(lcc.getDataDictionary().
                                       getAuthorizationDatabaseOwner())) {
                    // All ok, we are database owner
                    if (SanityManager.DEBUG) {
                        SanityManager.ASSERT(
                            rdDef.getGrantee().equals(grantor),
                            "expected database owner in role grant descriptor");
                        SanityManager.ASSERT(
                            rdDef.isWithAdminOption(),
                            "expected role definition to have ADMIN OPTION");
                    }
                } else {
                    throw StandardException.newException
                        (SQLState.AUTH_ROLE_DBO_ONLY, "REVOKE role");
                }

                RoleGrantDescriptor rd =
                    dd.getRoleGrantDescriptor(role, grantee, grantor);

                if (rd != null && withAdminOption) {
                    // NOTE: Never called yet, withAdminOption not yet
                    // implemented.

                    if (SanityManager.DEBUG) {
                        SanityManager.NOTREACHED();
                    }

                    // revoke only the ADMIN OPTION from grantee
                    //
                    if (rd.isWithAdminOption()) {
                        // Invalidate and remove old descriptor and add a new
                        // one without admin option.
                        //
                        // RoleClosureIterator rci =
                        //     dd.createRoleClosureIterator
                        //     (activation.getTransactionController(),
                        //      role, false);
                        //
                        // String r;
                        // while ((r = rci.next()) != null) {
                        //   rdDef = dd.getRoleDefinitionDescriptor(r);
                        //
                        //   dd.getDependencyManager().invalidateFor
                        //       (rdDef, DependencyManager.REVOKE_ROLE, lcc);
                        // }
                        //
                        // rd.drop(lcc);
                        // rd.setWithAdminOption(false);
                        // dd.addDescriptor(rd,
                        //                  null,  // parent
                        //                  DataDictionary.SYSROLES_CATALOG_NUM,
                        //                  false, // no duplicatesAllowed
                        //                  tc);
                    } else {
                        activation.addWarning
                            (StandardException.newWarning
                             (SQLState.LANG_WITH_ADMIN_OPTION_NOT_REVOKED,
                              role, grantee));
                    }
                } else if (rd != null) {
                    // Normal revoke of role from grantee.
                    //
                    // When a role is revoked, for every role in its grantee
                    // closure, we call the REVOKE_ROLE action. It is used to
                    // invalidate dependent objects (constraints, triggers and
                    // views).  Note that until DERBY-1632 is fixed, we risk
                    // dropping objects not really dependent on this role, but
                    // one some other role just because it inherits from this
                    // one. See also DropRoleConstantAction.
                    RoleClosureIterator rci =
                        dd.createRoleClosureIterator
                        (activation.getTransactionController(),
                         role, false);

                    String r;
                    while ((r = rci.next()) != null) {
                        rdDef = dd.getRoleDefinitionDescriptor(r);

                        dd.getDependencyManager().invalidateFor
                            (rdDef, DependencyManager.REVOKE_ROLE, lcc);
                    }

                    rd.drop(lcc);

                } else {
                    activation.addWarning
                        (StandardException.newWarning
                         (SQLState.LANG_ROLE_NOT_REVOKED, role, grantee));
View Full Code Here
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
        ** We tell the data dictionary we're done writing at the end of
        ** the transaction.
        */
        dd.startWriting(lcc);

        RoleGrantDescriptor rdDef = dd.getRoleDefinitionDescriptor(roleName);

        if (rdDef == null) {
            throw StandardException.newException(
                SQLState.ROLE_INVALID_SPECIFICATION, roleName);
        }

        // When a role is dropped, for every role in its grantee closure, we
        // call the REVOKE_ROLE action. It is used to invalidate dependent
        // objects (constraints, triggers and views).  Note that until
        // DERBY-1632 is fixed, we risk dropping objects not really dependent
        // on this role, but one some other role just because it inherits from
        // this one. See also RevokeRoleConstantAction.
        RoleClosureIterator rci =
            dd.createRoleClosureIterator
            (activation.getTransactionController(),
             roleName, false);

        String role;
        while ((role = rci.next()) != null) {
            RoleGrantDescriptor r = dd.getRoleDefinitionDescriptor(role);

            dd.getDependencyManager().invalidateFor
                (r, DependencyManager.REVOKE_ROLE, lcc);
        }

View Full Code Here
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
        boolean                 wao = false;
        boolean                 isdef = false;

        if (td != null)
        {
            RoleGrantDescriptor rgd = (RoleGrantDescriptor)td;

            roleid = rgd.getRoleName();
            grantee = rgd.getGrantee();
            grantor = rgd.getGrantor();
            wao = rgd.isWithAdminOption();
            isdef = rgd.isDef();
            UUID oid = rgd.getUUID();
            oid_string = oid.toString();
        }

        /* Build the row to insert */
        row = getExecutionFactory().getValueRow(SYSROLES_COLUMN_COUNT);
View Full Code Here
TOP

Related Classes of org.apache.derby.iapi.sql.dictionary.RoleGrantDescriptor

  • org.apache.derby.diag.ContainedRoles
  • org.apache.derby.iapi.store.access.TransactionController
  • org.apache.derby.impl.sql.catalog.DataDictionaryImpl
  • org.apache.derby.impl.sql.catalog.DDdependableFinder
  • org.apache.derby.impl.sql.catalog.RoleClosureIteratorImpl
  • org.apache.derby.impl.sql.catalog.SYSROLESRowFactory
  • org.apache.derby.impl.sql.conn.GenericLanguageConnectionContext
  • org.apache.derby.impl.sql.execute.CreateRoleConstantAction
  • org.apache.derby.impl.sql.execute.DDLConstantAction
  • org.apache.derby.impl.sql.execute.DropRoleConstantAction
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.