Examples of org.apache.derby.iapi.sql.dictionary.RoleGrantDescriptor

• org.apache.derby.iapi.sql.dictionary.RoleGrantDescriptor
  This class is used by rows in the SYS.SYSROLES system table. An instance contains information for exactly: One <role definition>, cf. ISO/IEC 9075-2:2003 section 12.4 or one <grant role statement>, section 12.5. A role definition is also modeled as a role grant (hence the class name), but with the special grantor "_SYSTEM", and with a grantee of the definer, in Derby this is always the current user. For a role definition, the WITH ADMIN flag is also set. The information contained in the isDef flag is usually redundant, but was added as a precaution against a real user named _SYSTEM, for example when upgrading an older database that did not forbid this.

      scanQualifier,                //
      (DataValueDescriptor[]) null, // stop position -through last row
      0);                           // stopSearchOperation - none

    ExecRow outRow =  rf.makeEmptyRow();
    RoleGrantDescriptor grantDescr;

    while (sc.fetchNext(outRow.getRowArray())) {
      grantDescr = (RoleGrantDescriptor)rf.buildDescriptor(
        outRow,
        (TupleDescriptor) null,
        this);

      // Next call is potentially inefficient.  We could read in
      // definitions first in a separate hash table limiting
      // this to a 2-pass scan.
      RoleGrantDescriptor granteeDef = getRoleDefinitionDescriptor
        (grantDescr.getGrantee());

      if (granteeDef == null) {
        // not a role, must be user authid, skip
        continue;
      }

      String hashKey;
      if (inverse) {
        hashKey = granteeDef.getRoleName();
      } else {
        hashKey = grantDescr.getRoleName();
      }

      List arcs = (List)hm.get(hashKey);

            throws StandardException {

        DataDictionary dd = getDataDictionary();
        String dbo = dd.getAuthorizationDatabaseOwner();

        RoleGrantDescriptor grantDesc = null;
        String currentUser = getCurrentUserId(a);

        if (currentUser.equals(dbo)) {
            grantDesc = dd.getRoleDefinitionDescriptor(role);
        } else {

   */
  public boolean roleIsSettable(String role) throws StandardException {
    DataDictionary dd = getDataDictionary();
    String dbo = dd.getAuthorizationDatabaseOwner();

    RoleGrantDescriptor grantDesc = null;

    if (getAuthorizationId().equals(dbo)) {
      grantDesc = dd.getRoleDefinitionDescriptor(role);
    } else {
      grantDesc = dd.getRoleGrantDescriptor

      scanQualifier,                //
      (DataValueDescriptor[]) null, // stop position -through last row
      0);                           // stopSearchOperation - none

    ExecRow outRow =  rf.makeEmptyRow();
    RoleGrantDescriptor grantDescr;

    while (sc.fetchNext(outRow.getRowArray())) {
      grantDescr = (RoleGrantDescriptor)rf.buildDescriptor(
        outRow,
        (TupleDescriptor) null,
        this);

      // Next call is potentially inefficient.  We could read in
      // definitions first in a separate hash table limiting
      // this to a 2-pass scan.
      RoleGrantDescriptor granteeDef = getRoleDefinitionDescriptor
        (grantDescr.getGrantee());

      if (granteeDef == null) {
        // not a role, must be user authid, skip
        continue;
      }

      String hashKey;
      if (inverse) {
        hashKey = granteeDef.getRoleName();
      } else {
        hashKey = grantDescr.getRoleName();
      }

      List arcs = (List)hm.get(hashKey);

     StatementPermission statPerm) throws StandardException {

    LanguageConnectionContext lcc =
      activation.getLanguageConnectionContext();
    DataDictionary dd = lcc.getDataDictionary();
    RoleGrantDescriptor rootGrant = null;
    String role = lcc.getCurrentRoleId(activation);
    String dbo = dd.getAuthorizationDatabaseOwner();
    String authId = lcc.getAuthorizationId();
    PermissionsDescriptor permDesc = null;

      DataDictionary dd = lcc.getDataDictionary();
      DependencyManager dm = dd.getDependencyManager();

      String role =
        lcc.getCurrentRoleId(activation);
      RoleGrantDescriptor rgd =
        dd.getRoleDefinitionDescriptor(role);

      dm.addDependency
        (dependent, rgd,
         lcc.getContextManager());

      scanQualifier,                //
      (DataValueDescriptor[]) null, // stop position -through last row
      0);                           // stopSearchOperation - none

    ExecRow outRow =  rf.makeEmptyRow();
    RoleGrantDescriptor grantDescr;

    while (sc.fetchNext(outRow.getRowArray())) {
      grantDescr = (RoleGrantDescriptor)rf.buildDescriptor(
        outRow,
        (TupleDescriptor) null,
        this);

      // Next call is potentially inefficient.  We could read in
      // definitions first in a separate hash table limiting
      // this to a 2-pass scan.
      RoleGrantDescriptor granteeDef = getRoleDefinitionDescriptor
        (grantDescr.getGrantee());

      if (granteeDef == null) {
        // not a role, must be user authid, skip
        continue;
      }

      String hashKey;
      if (inverse) {
        hashKey = granteeDef.getRoleName();
      } else {
        hashKey = grantDescr.getRoleName();
      }

      List arcs = (List)hm.get(hashKey);

            for (Iterator gIter = grantees.iterator(); gIter.hasNext();) {
                String grantee = (String)gIter.next();

                // check that role exists
                RoleGrantDescriptor rdDef =
                    dd.getRoleDefinitionDescriptor(role);

                if (rdDef == null) {
                    throw StandardException.
                        newException(SQLState.ROLE_INVALID_SPECIFICATION, role);
                }

                // Check that role is granted to us (or PUBLIC) with
                // WITH ADMIN option so we can grant it. For database
                // owner, a role definition always fulfills this
                // requirement.  If we implement granting with WITH ADMIN
                // option later, we need to look for a grant to us (or
                // PUBLIC) which has WITH ADMIN. The role definition
                // descriptor will not suffice in that case, so we
                // need something like:
                //
                // rdDef = dd.findRoleGrantWithAdminToRoleOrPublic(grantor)
                // if (rdDef != null) {
                //   :
                if (grantor.equals(lcc.getDataDictionary().
                                       getAuthorizationDatabaseOwner())) {
                    // All ok, we are database owner
                    if (SanityManager.DEBUG) {
                        SanityManager.ASSERT(
                            rdDef.getGrantee().equals(grantor),
                            "expected database owner in role grant descriptor");
                        SanityManager.ASSERT(
                            rdDef.isWithAdminOption(),
                            "expected role definition to have ADMIN OPTION");
                    }
                } else {
                    throw StandardException.newException
                        (SQLState.AUTH_ROLE_DBO_ONLY, "GRANT role");
                }

                // Has it already been granted?
                RoleGrantDescriptor rgd =
                    dd.getRoleGrantDescriptor(role, grantee, grantor);

                if (rgd != null &&
                        withAdminOption && !rgd.isWithAdminOption()) {

                    // NOTE: Never called yet, withAdminOption not yet
                    // implemented.

                    // Remove old descriptor and add a new one with admin
                    // option: cf. SQL 2003, section 12.5, general rule 3
                    rgd.drop(lcc);
                    rgd.setWithAdminOption(true);
                    dd.addDescriptor(rgd,
                                     null,  // parent
                                     DataDictionary.SYSROLES_CATALOG_NUM,
                                     false, // no duplicatesAllowed
                                     tc);
                } else if (rgd == null) {
                    // Check if the grantee is a role (if not, it is a user)
                    RoleGrantDescriptor granteeDef =
                        dd.getRoleDefinitionDescriptor(grantee);

                    if (granteeDef != null) {
                        checkCircularity(role, grantee, grantor, tc, dd);
                    }

     StatementPermission statPerm) throws StandardException {

    LanguageConnectionContext lcc =
      activation.getLanguageConnectionContext();
    DataDictionary dd = lcc.getDataDictionary();
    RoleGrantDescriptor rootGrant = null;
    String role = lcc.getCurrentRoleId(activation);
    String dbo = dd.getAuthorizationDatabaseOwner();
    String authId = lcc.getAuthorizationId();
    PermissionsDescriptor permDesc = null;

      DataDictionary dd = lcc.getDataDictionary();
      DependencyManager dm = dd.getDependencyManager();

      String role =
        lcc.getCurrentRoleId(activation);
      RoleGrantDescriptor rgd =
        dd.getRoleDefinitionDescriptor(role);

      dm.addDependency
        (dependent, rgd,
         lcc.getContextManager());