Package org.apache.derby.iapi.sql.dictionary

Examples of org.apache.derby.iapi.sql.dictionary.PermissionsDescriptor


  {
    TabInfoImpl  ti = getNonCoreTI(SYSROUTINEPERMS_CATALOG_NUM);
    SYSROUTINEPERMSRowFactory rf = (SYSROUTINEPERMSRowFactory) ti.getCatalogRowFactory();
    DataValueDescriptor  routineIdOrderable;
    ExecRow curRow;
    PermissionsDescriptor perm;

    // In Derby authorization mode, permission catalogs may not be present
    if (!usesSqlAuthorization)
      return;
View Full Code Here


        }

        if (action == DataDictionaryImpl.EXISTS) {
          return true;
        } else if (action == DataDictionaryImpl.DROP) {
          PermissionsDescriptor perm = (PermissionsDescriptor)rf.
            buildDescriptor(outRow,
                    (TupleDescriptor) null,
                    this);
          removePermEntryInCache(perm);
          ti.deleteRow(tc, indexRow, indexNo);
View Full Code Here

          TransactionController tc,
          ExecIndexRow keyRow)
      throws StandardException
  {
    ExecRow curRow;
    PermissionsDescriptor perm;
    TabInfoImpl  ti = getNonCoreTI(SYSTABLEPERMS_CATALOG_NUM);
    SYSTABLEPERMSRowFactory rf = (SYSTABLEPERMSRowFactory) ti.getCatalogRowFactory();

    while ((curRow=ti.getRow(tc, keyRow, rf.TABLEID_INDEX_NUM)) != null)
    {
View Full Code Here

          TransactionController tc,
          ExecIndexRow keyRow)
      throws StandardException
  {
    ExecRow curRow;
    PermissionsDescriptor perm;
    TabInfoImpl  ti = getNonCoreTI(SYSCOLPERMS_CATALOG_NUM);
    SYSCOLPERMSRowFactory rf = (SYSCOLPERMSRowFactory) ti.getCatalogRowFactory();

    while ((curRow=ti.getRow(tc, keyRow, rf.TABLEID_INDEX_NUM)) != null)
    {
View Full Code Here

            throws StandardException {
        TabInfoImpl ti = getNonCoreTI(SYSPERMS_CATALOG_NUM);
        SYSPERMSRowFactory rf = (SYSPERMSRowFactory) ti.getCatalogRowFactory();
        DataValueDescriptor objIdOrderable;
        ExecRow curRow;
        PermissionsDescriptor perm;

        // In Derby authorization mode, permission catalogs may not be present
        if (!usesSqlAuthorization)
            return;
View Full Code Here

    //If the Database Owner is creating this constraint, then no need to
    //collect any privilege dependencies because the Database Owner can  
    //access any objects without any restrictions
        if (! currentUser.equals( dd.getAuthorizationDatabaseOwner()) )
    {
      PermissionsDescriptor permDesc;
      // Now, it is time to add into dependency system the FOREIGN
      // constraint's dependency on REFERENCES privilege, or, if it is a
      // CHECK constraint, any EXECUTE or USAGE privileges. If the REFERENCES is
      // revoked from the constraint owner, the constraint will get
      // dropped automatically.
      List requiredPermissionsList = activation.getPreparedStatement().getRequiredPermissionsList();

      if (requiredPermissionsList != null && ! requiredPermissionsList.isEmpty())
      {
        for(Iterator iter = requiredPermissionsList.iterator();iter.hasNext();)
        {
          StatementPermission statPerm = (StatementPermission) iter.next();
          //First check if we are dealing with a Table or
          //Column level privilege. All the other privileges
          //are not required for a foreign key constraint.
          if (statPerm instanceof StatementTablePermission)
          {//It is a table/column level privilege
            StatementTablePermission statementTablePermission =
              (StatementTablePermission) statPerm;
            //Check if we are dealing with REFERENCES privilege.
            //If not, move on to the next privilege in the
            //required privileges list
            if (statementTablePermission.getPrivType() != Authorizer.REFERENCES_PRIV)
              continue;
            //Next check is this REFERENCES privilege is
            //on the same table as referenced by the foreign
            //key constraint? If not, move on to the next
            //privilege in the required privileges list
            if (!statementTablePermission.getTableUUID().equals(refTableUUID))
              continue;
          } else if (statPerm instanceof StatementSchemaPermission
                || statPerm instanceof StatementRolePermission
                               || statPerm instanceof StatementGenericPermission ) {
            continue;
          } else {
            if (SanityManager.DEBUG) {
              SanityManager.ASSERT(
                statPerm instanceof StatementRoutinePermission,
                "only StatementRoutinePermission expected");
            }

            // skip if this permission concerns a function not
            // referenced by this constraint
            StatementRoutinePermission rp =
              (StatementRoutinePermission)statPerm;
            if (!inProviderSet(providers, rp.getRoutineUUID())) {
              continue;
            }
          }


          // We know that we are working with a REFERENCES, EXECUTE, or USAGE
          // privilege. Find all the PermissionDescriptors for this
          // privilege and make constraint depend on it through
          // dependency manager.  The REFERENCES privilege could be
          // defined at the table level or it could be defined at
          // individual column levels. In addition, individual column
          // REFERENCES privilege could be available at the user
          // level, PUBLIC or role level.  EXECUTE and USAGE privileges could be
          // available at the user level, PUBLIC or role level.
                    permDesc = statPerm.getPermissionDescriptor(
                        currentUser, dd);

          if (permDesc == null)
          {
            // No privilege exists for given user. The privilege
            // has to exist at at PUBLIC level....

            permDesc = statPerm.getPermissionDescriptor(Authorizer.PUBLIC_AUTHORIZATION_ID, dd);
            // .... or at the role level. Additionally, for column
            // level privileges, even if *some* were available at
            // the PUBLIC level others may be still be missing,
            // hence the call in the test below to
            // allColumnsCoveredByUserOrPUBLIC.
            boolean roleUsed = false;

            if (permDesc == null ||
              ((permDesc instanceof ColPermsDescriptor) &&
                                 ! ((StatementColumnPermission)statPerm).
                                   allColumnsCoveredByUserOrPUBLIC(
                                       currentUser, dd))) {
              roleUsed = true;
              permDesc = findRoleUsage(activation, statPerm);
            }

            // If the user accessing the object is the owner of
            // that object, then no privilege tracking is needed
            // for the owner.
                        if (! permDesc.checkOwner(currentUser) ) {

                            dm.addDependency(dependent, permDesc,
                       lcc.getContextManager());

              if (roleUsed) {
                // We had to rely on role, so track that
                // dependency, too.
                trackRoleDependency
                  (activation, dependent, roleDepAdded);
              }
            }
          } else
            //if the object on which permission is required is owned by the
            //same user as the current user, then no need to keep that
            //object's privilege dependency in the dependency system
                    if (! permDesc.checkOwner(currentUser))
          {
            dm.addDependency(dependent, permDesc, lcc.getContextManager());
            if (permDesc instanceof ColPermsDescriptor)
            {
              // The if statement above means we found a
              // REFERENCES privilege at column level for the
              // given authorizer. If this privilege doesn't
              // cover all the column , then there has to exisit
              // REFERENCES for the remaining columns at PUBLIC
              // level or at role level.  Get that permission
              // descriptor and save it in dependency system
              StatementColumnPermission
                statementColumnPermission = (
                  StatementColumnPermission)statPerm;
              permDesc = statementColumnPermission.
                                getPUBLIClevelColPermsDescriptor(
                                    currentUser, dd);
              //Following if checks if some column level privileges
              //exist only at public level. If so, then the public
              //level column privilege dependency is added
              //into the dependency system
              if (permDesc != null &&
                  permDesc.getObjectID() != null) {
                // User did not have all required column
                // permissions and at least one column is
                // covered by PUBLIC.
                dm.addDependency(dependent, permDesc,
                         lcc.getContextManager());
View Full Code Here

    DataDictionary dd = lcc.getDataDictionary();
    RoleGrantDescriptor rootGrant = null;
    String role = lcc.getCurrentRoleId(activation);
    String dbo = dd.getAuthorizationDatabaseOwner();
        String currentUser = lcc.getCurrentUserId(activation);
    PermissionsDescriptor permDesc = null;

    if (SanityManager.DEBUG) {
      SanityManager.ASSERT(
        role != null,
        "Unexpected: current role is not set");
View Full Code Here

    // If the Database Owner is creating this view/trigger, then no need to
    // collect any privilege dependencies because the Database Owner can
    // access any objects without any restrictions.
        if (! currentUser.equals(dbo))
    {
      PermissionsDescriptor permDesc;
      List requiredPermissionsList = activation.getPreparedStatement().getRequiredPermissionsList();
      if (requiredPermissionsList != null && ! requiredPermissionsList.isEmpty())
      {
        for(Iterator iter = requiredPermissionsList.iterator();iter.hasNext();)
        {
          StatementPermission statPerm = (StatementPermission) iter.next();
          //The schema ownership permission just needs to be checked
          //at object creation time, to see if the object creator has
          //permissions to create the object in the specified schema.
          //But we don't need to add schema permission to list of
          //permissions that the object is dependent on once it is
          //created.
          //Also, StatementRolePermission should not occur here.
          if (statPerm instanceof StatementSchemaPermission ||
            statPerm instanceof StatementRolePermission) {

            if (SanityManager.DEBUG) {
              if (statPerm instanceof StatementRolePermission) {
                SanityManager.THROWASSERT(
                  "Unexpected StatementRolePermission");
              }
            }

            continue;
          }

          //See if we can find the required privilege for given authorizer?
                    permDesc = statPerm.
                        getPermissionDescriptor(currentUser, dd);
          if (permDesc == null)//privilege not found for given authorizer
          {
            //The if condition above means that required privilege does
            //not exist at the user level. The privilege has to exist at
            //PUBLIC level... ,
            permDesc = statPerm.getPermissionDescriptor(
              Authorizer.PUBLIC_AUTHORIZATION_ID, dd);

            boolean roleUsed = false;

            // .. or at role level
            if (permDesc == null ||
                ((permDesc instanceof ColPermsDescriptor) &&
                                 ! ((StatementColumnPermission)statPerm).
                                     allColumnsCoveredByUserOrPUBLIC(
                                         currentUser, dd)) ) {
              roleUsed = true;
              permDesc = findRoleUsage(activation, statPerm);
            }

            //If the user accessing the object is the owner of that
            //object, then no privilege tracking is needed for the
            //owner.
                        if (! permDesc.checkOwner(currentUser) ) {

              dm.addDependency(dependent, permDesc, lcc.getContextManager());

              // We had to rely on role, so track that
              // dependency, too.
              if (roleUsed) {
                trackRoleDependency
                  (activation, dependent, roleDepAdded);
              }
            }
            continue;
          }
          //if the object on which permission is required is owned by the
          //same user as the current user, then no need to keep that
          //object's privilege dependency in the dependency system
                    if (! permDesc.checkOwner(currentUser) )
          {
            dm.addDependency(dependent, permDesc, lcc.getContextManager());                          
            if (permDesc instanceof ColPermsDescriptor)
            {
              //For a given table, the table owner can give privileges
              //on some columns at individual user level and privileges
              //on some columns at PUBLIC level. Hence, when looking for
              //column level privileges, we need to look both at user
              //level as well as PUBLIC level(only if user level column
              //privileges do not cover all the columns accessed by this
              //object). We have finished adding dependency for user level
              //columns, now we are checking if some required column
              //level privileges are at PUBLIC level.
              //A specific eg of a view
              //user1
              //create table t11(c11 int, c12 int);
              //grant select(c11) on t1 to user2;
              //grant select(c12) on t1 to PUBLIC;
              //user2
              //create view v1 as select c11 from user1.t11 where c12=2;
              //For the view above, there are 2 column level privilege
              //depencies, one for column c11 which exists directly
              //for user2 and one for column c12 which exists at PUBLIC level.
              StatementColumnPermission statementColumnPermission = (StatementColumnPermission) statPerm;
                            permDesc = statementColumnPermission.
                                getPUBLIClevelColPermsDescriptor(
                                    currentUser, dd);
              //Following if checks if some column level privileges
              //exist only at public level. If so, then the public
              //level column privilege, if any, dependency of
              //view is added into dependency system.

              if (permDesc != null &&
                  permDesc.getObjectID() != null) {
                // User did not have all required column
                // permissions and at least one column is
                // covered by PUBLIC.
                dm.addDependency(dependent, permDesc,
                         lcc.getContextManager());
View Full Code Here

  {
    TabInfoImpl  ti = getNonCoreTI(SYSROUTINEPERMS_CATALOG_NUM);
    SYSROUTINEPERMSRowFactory rf = (SYSROUTINEPERMSRowFactory) ti.getCatalogRowFactory();
    DataValueDescriptor  routineIdOrderable;
    ExecRow curRow;
    PermissionsDescriptor perm;

    // In Derby authorization mode, permission catalogs may not be present
    if (!usesSqlAuthorization)
      return;
View Full Code Here

        }

        if (action == DataDictionaryImpl.EXISTS) {
          return true;
        } else if (action == DataDictionaryImpl.DROP) {
          PermissionsDescriptor perm = (PermissionsDescriptor)rf.
            buildDescriptor(outRow,
                    (TupleDescriptor) null,
                    this);
          removePermEntryInCache(perm);
          ti.deleteRow(tc, indexRow, indexNo);
View Full Code Here

TOP

Related Classes of org.apache.derby.iapi.sql.dictionary.PermissionsDescriptor

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.