Examples of RoleGrantDescriptor

org.apache.derby.iapi.sql.dictionary.RoleGrantDescriptor
This class is used by rows in the SYS.SYSROLES system table. An instance contains information for exactly: One <role definition>, cf. ISO/IEC 9075-2:2003 section 12.4 or one <grant role statement>, section 12.5. A role definition is also modeled as a role grant (hence the class name), but with the special grantor "_SYSTEM", and with a grantee of the definer, in Derby this is always the current user. For a role definition, the WITH ADMIN flag is also set. The information contained in the isDef flag is usually redundant, but was added as a precaution against a real user named _SYSTEM, for example when upgrading an older database that did not forbid this.

Examples of org.apache.derby.iapi.sql.dictionary.RoleGrantDescriptor

      scanQualifier,                //
      (DataValueDescriptor[]) null, // stop position -through last row
      0);                           // stopSearchOperation - none


    ExecRow outRow =  rf.makeEmptyRow();
    RoleGrantDescriptor grantDescr;


    while (sc.fetchNext(outRow.getRowArray())) {
      grantDescr = (RoleGrantDescriptor)rf.buildDescriptor(
        outRow,
        (TupleDescriptor) null,
        this);


      // Next call is potentially inefficient.  We could read in
      // definitions first in a separate hash table limiting
      // this to a 2-pass scan.
      RoleGrantDescriptor granteeDef = getRoleDefinitionDescriptor
        (grantDescr.getGrantee());


      if (granteeDef == null) {
        // not a role, must be user authid, skip
        continue;
      }


      String hashKey;
      if (inverse) {
        hashKey = granteeDef.getRoleName();
      } else {
        hashKey = grantDescr.getRoleName();
      }


      List arcs = (List)hm.get(hashKey);

View Full Code Here

Examples of org.apache.derby.iapi.sql.dictionary.RoleGrantDescriptor

            throws StandardException {


        DataDictionary dd = getDataDictionary();
        String dbo = dd.getAuthorizationDatabaseOwner();


        RoleGrantDescriptor grantDesc = null;
        String currentUser = getCurrentUserId(a);


        if (currentUser.equals(dbo)) {
            grantDesc = dd.getRoleDefinitionDescriptor(role);
        } else {

View Full Code Here

Examples of org.apache.derby.iapi.sql.dictionary.RoleGrantDescriptor

     StatementPermission statPerm) throws StandardException {


    LanguageConnectionContext lcc =
      activation.getLanguageConnectionContext();
    DataDictionary dd = lcc.getDataDictionary();
    RoleGrantDescriptor rootGrant = null;
    String role = lcc.getCurrentRoleId(activation);
    String dbo = dd.getAuthorizationDatabaseOwner();
        String currentUser = lcc.getCurrentUserId(activation);
    PermissionsDescriptor permDesc = null;

View Full Code Here

Examples of org.apache.derby.iapi.sql.dictionary.RoleGrantDescriptor

      DataDictionary dd = lcc.getDataDictionary();
      DependencyManager dm = dd.getDependencyManager();


      String role =
        lcc.getCurrentRoleId(activation);
      RoleGrantDescriptor rgd =
        dd.getRoleDefinitionDescriptor(role);


      dm.addDependency
        (dependent, rgd,
         lcc.getContextManager());

View Full Code Here

Examples of org.apache.derby.iapi.sql.dictionary.RoleGrantDescriptor

        this.dd = dd;
        this.tc = tc;
        seenSoFar = new HashMap();
        lifo      = new ArrayList(); // remaining work stack


        RoleGrantDescriptor dummy = new RoleGrantDescriptor
            (null,
             null,
             inverse ? root : null,
             inverse ? null : root,
             null,

View Full Code Here

Examples of org.apache.derby.iapi.sql.dictionary.RoleGrantDescriptor

            if (outArcs != null) {
                currNodeIter = outArcs.iterator();
            }
        }


        RoleGrantDescriptor result = null;


        while (result == null) {
            while (currNodeIter.hasNext()) {
                RoleGrantDescriptor r =
                    (RoleGrantDescriptor)currNodeIter.next();


                if (seenSoFar.containsKey
                        (inverse ? r.getRoleName() : r.getGrantee())) {
                    continue;
                } else {
                    lifo.add(r);
                    result = r;
                    break;
                }
            }


            if (result == null) {
                // not more candidates located outgoing from the
                // latest found node, pick another and continue
                RoleGrantDescriptor newNode = null;


                currNodeIter = null;


                while (lifo.size() > 0 && currNodeIter == null) {


                    newNode = (RoleGrantDescriptor)lifo.remove(lifo.size() - 1);


                    // In the example (see interface doc), the
                    // iterator of outgoing arcs for f (grant inverse)
                    // would contain {e,c,d}.
                    List outArcs = (List)graph.get(
                        inverse? newNode.getRoleName(): newNode.getGrantee());


                    if (outArcs != null) {
                        currNodeIter = outArcs.iterator();
                    } // else: leaf node, pop next candidate, if any
                }

View Full Code Here

Examples of org.apache.derby.iapi.sql.dictionary.RoleGrantDescriptor

        dd.startWriting(lcc);


        //
        // Check if this role already exists. If it does, throw.
        //
        RoleGrantDescriptor rdDef = dd.getRoleDefinitionDescriptor(roleName);


        if (rdDef != null) {
            throw StandardException.
                newException(SQLState.LANG_OBJECT_ALREADY_EXISTS,
                             rdDef.getDescriptorType(), roleName);
        }


        // Check if the proposed role id exists as a user id in
        // a privilege grant or as a built-in user ("best effort"; we
        // can't guarantee against collision if users are externally

View Full Code Here

Examples of org.apache.derby.iapi.sql.dictionary.RoleGrantDescriptor


            for (Iterator gIter = grantees.iterator(); gIter.hasNext();) {
                String grantee = (String)gIter.next();


                // check that role exists
                RoleGrantDescriptor rdDef =
                    dd.getRoleDefinitionDescriptor(role);


                if (rdDef == null) {
                    throw StandardException.
                        newException(SQLState.ROLE_INVALID_SPECIFICATION, role);
                }


                // Check that role is granted to us (or PUBLIC) with
                // WITH ADMIN option so we can grant (and hence
                // revoke) it. For database owner, a role definition
                // always fulfills this requirement.  If we implement
                // granting with WITH ADMIN option later, we need to
                // look for a grant to us or to PUBLIC which has WITH
                // ADMIN. The role definition descriptor will not
                // suffice in that case, so we need something like:
                //
                // rd = dd.findRoleGrantWithAdminToRoleOrPublic(grantor)
                // if (rd != null) {
                //   :
                if (grantor.equals(lcc.getDataDictionary().
                                       getAuthorizationDatabaseOwner())) {
                    // All ok, we are database owner
                    if (SanityManager.DEBUG) {
                        SanityManager.ASSERT(
                            rdDef.getGrantee().equals(grantor),
                            "expected database owner in role grant descriptor");
                        SanityManager.ASSERT(
                            rdDef.isWithAdminOption(),
                            "expected role definition to have ADMIN OPTION");
                    }
                } else {
                    throw StandardException.newException
                        (SQLState.AUTH_ROLE_DBO_ONLY, "REVOKE role");
                }


                RoleGrantDescriptor rd =
                    dd.getRoleGrantDescriptor(role, grantee, grantor);


                if (rd != null && withAdminOption) {
                    // NOTE: Never called yet, withAdminOption not yet
                    // implemented.


                    if (SanityManager.DEBUG) {
                        SanityManager.NOTREACHED();
                    }


                    // revoke only the ADMIN OPTION from grantee
                    //
                    if (rd.isWithAdminOption()) {
                        // Invalidate and remove old descriptor and add a new
                        // one without admin option.
                        //
                        // RoleClosureIterator rci =
                        //     dd.createRoleClosureIterator
                        //     (activation.getTransactionController(),
                        //      role, false);
                        //
                        // String r;
                        // while ((r = rci.next()) != null) {
                        //   rdDef = dd.getRoleDefinitionDescriptor(r);
                        //
                        //   dd.getDependencyManager().invalidateFor
                        //       (rdDef, DependencyManager.REVOKE_ROLE, lcc);
                        // }
                        //
                        // rd.drop(lcc);
                        // rd.setWithAdminOption(false);
                        // dd.addDescriptor(rd,
                        //                  null,  // parent
                        //                  DataDictionary.SYSROLES_CATALOG_NUM,
                        //                  false, // no duplicatesAllowed
                        //                  tc);
                    } else {
                        activation.addWarning
                            (StandardException.newWarning
                             (SQLState.LANG_WITH_ADMIN_OPTION_NOT_REVOKED,
                              role, grantee));
                    }
                } else if (rd != null) {
                    // Normal revoke of role from grantee.
                    //
                    // When a role is revoked, for every role in its grantee
                    // closure, we call the REVOKE_ROLE action. It is used to
                    // invalidate dependent objects (constraints, triggers and
                    // views).  Note that until DERBY-1632 is fixed, we risk
                    // dropping objects not really dependent on this role, but
                    // one some other role just because it inherits from this
                    // one. See also DropRoleConstantAction.
                    RoleClosureIterator rci =
                        dd.createRoleClosureIterator
                        (activation.getTransactionController(),
                         role, false);


                    String r;
                    while ((r = rci.next()) != null) {
                        rdDef = dd.getRoleDefinitionDescriptor(r);


                        dd.getDependencyManager().invalidateFor
                            (rdDef, DependencyManager.REVOKE_ROLE, lcc);
                    }


                    rd.drop(lcc);


                } else {
                    activation.addWarning
                        (StandardException.newWarning
                         (SQLState.LANG_ROLE_NOT_REVOKED, role, grantee));

View Full Code Here

Examples of org.apache.derby.iapi.sql.dictionary.RoleGrantDescriptor

        ** We tell the data dictionary we're done writing at the end of
        ** the transaction.
        */
        dd.startWriting(lcc);


        RoleGrantDescriptor rdDef = dd.getRoleDefinitionDescriptor(roleName);


        if (rdDef == null) {
            throw StandardException.newException(
                SQLState.ROLE_INVALID_SPECIFICATION, roleName);
        }


        // When a role is dropped, for every role in its grantee closure, we
        // call the REVOKE_ROLE action. It is used to invalidate dependent
        // objects (constraints, triggers and views).  Note that until
        // DERBY-1632 is fixed, we risk dropping objects not really dependent
        // on this role, but one some other role just because it inherits from
        // this one. See also RevokeRoleConstantAction.
        RoleClosureIterator rci =
            dd.createRoleClosureIterator
            (activation.getTransactionController(),
             roleName, false);


        String role;
        while ((role = rci.next()) != null) {
            RoleGrantDescriptor r = dd.getRoleDefinitionDescriptor(role);


            dd.getDependencyManager().invalidateFor
                (r, DependencyManager.REVOKE_ROLE, lcc);
        }

View Full Code Here

Examples of org.apache.derby.iapi.sql.dictionary.RoleGrantDescriptor

        boolean                 wao = false;
        boolean                 isdef = false;


        if (td != null)
        {
            RoleGrantDescriptor rgd = (RoleGrantDescriptor)td;


            roleid = rgd.getRoleName();
            grantee = rgd.getGrantee();
            grantor = rgd.getGrantor();
            wao = rgd.isWithAdminOption();
            isdef = rgd.isDef();
            UUID oid = rgd.getUUID();
            oid_string = oid.toString();
        }


        /* Build the row to insert */
        row = getExecutionFactory().getValueRow(SYSROLES_COLUMN_COUNT);

View Full Code Here

0 1 2 3 4 5

TOP

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.