{
DataDictionary dd = lcc.getDataDictionary();
TransactionController tc = lcc.getTransactionExecute();
ExecPreparedStatement ps = activation.getPreparedStatement();
RoutinePermsDescriptor perms = dd.getRoutinePermissions( routineUUID, authorizationId);
if( perms == null || ! perms.getHasExecutePermission())
perms = dd.getRoutinePermissions(routineUUID, Authorizer.PUBLIC_AUTHORIZATION_ID);
if (perms != null && perms.getHasExecutePermission()) {
// The user or PUBLIC has execute permission, all is well.
return;
}
boolean resolved = false;
// Since no permission exists for the current user or PUBLIC,
// check if a permission exists for the current role (if set).
String role = lcc.getCurrentRoleId(activation);
if (role != null) {
// Check that role is still granted to current user or
// to PUBLIC: A revoked role which is current for this
// session, is lazily set to none when it is attemped
// used.
String dbo = dd.getAuthorizationDatabaseOwner();
RoleGrantDescriptor rd = dd.getRoleGrantDescriptor
(role, authorizationId, dbo);
if (rd == null) {
rd = dd.getRoleGrantDescriptor(
role,
Authorizer.PUBLIC_AUTHORIZATION_ID,
dbo);
}
if (rd == null) {
// We have lost the right to set this role, so we can't
// make use of any permission granted to it or its
// ancestors.
lcc.setCurrentRole(activation, null);
} else {
// The current role is OK, so we can make use of
// any permission granted to it.
//
// Look at the current role and, if necessary, the
// transitive closure of roles granted to current role to
// see if permission has been granted to any of the
// applicable roles.
RoleClosureIterator rci =
dd.createRoleClosureIterator
(activation.getTransactionController(),
role, true /* inverse relation*/);
String r;
while (!resolved && (r = rci.next()) != null) {
perms = dd.
getRoutinePermissions(routineUUID, r);
if (perms != null &&
perms.getHasExecutePermission()) {
resolved = true;
}
}
}