You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by dj...@apache.org on 2006/07/09 18:17:57 UTC
svn commit: r420306 [1/6] - in /db/derby/code/trunk/java:
engine/org/apache/derby/catalog/ engine/org/apache/derby/iapi/services/io/
engine/org/apache/derby/iapi/sql/dictionary/
engine/org/apache/derby/impl/sql/catalog/ engine/org/apache/derby/impl/sql...
Author: djd
Date: Sun Jul 9 09:17:53 2006
New Revision: 420306
URL: http://svn.apache.org/viewvc?rev=420306&view=rev
Log:
DERBY-1330 (partial) Create dependencies between triggers, constraints & views and their required privileges.
Patch submitted by Mamta Satoor msatoor@gmail.com
Modified:
db/derby/code/trunk/java/engine/org/apache/derby/catalog/Dependable.java
db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/RegisteredFormatIds.java
db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/StoredFormatIds.java
db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/ColPermsDescriptor.java
db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDescriptorGenerator.java
db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDictionary.java
db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/PermissionsDescriptor.java
db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/RoutinePermsDescriptor.java
db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementColumnPermission.java
db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementPermission.java
db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementRoutinePermission.java
db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementSchemaPermission.java
db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementTablePermission.java
db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/TablePermsDescriptor.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/CoreDDFinderClassInfo.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DDdependableFinder.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSCOLPERMSRowFactory.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSROUTINEPERMSRowFactory.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSTABLEPERMSRowFactory.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CreateSchemaNode.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CreateTriggerNode.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/DDLStatementNode.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/DeleteNode.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FKConstraintDefinitionNode.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromBaseTable.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromList.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromSubquery.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/InsertNode.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/JavaToSQLValueNode.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/PrivilegeNode.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/QueryTreeNode.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ResultColumn.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ResultColumnList.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ResultSetNode.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/SelectNode.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/StaticMethodCallNode.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateConstraintConstantAction.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateTriggerConstantAction.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateViewConstantAction.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/DDLConstantAction.java
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/syscat.out
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/jdk14/syscat.out
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/syscat.out
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/grantRevokeDDL.out
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/syscat.out
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/grantRevokeDDL.sql
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/ProcedureTest.java
Modified: db/derby/code/trunk/java/engine/org/apache/derby/catalog/Dependable.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/catalog/Dependable.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/catalog/Dependable.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/catalog/Dependable.java Sun Jul 9 09:17:53 2006
@@ -57,6 +57,9 @@
public static final String TRIGGER = "Trigger";
public static final String VIEW = "View";
public static final String SCHEMA = "Schema";
+ public static final String TABLE_PERMISSION = "TablePrivilege";
+ public static final String COLUMNS_PERMISSION = "ColumnsPrivilege";
+ public static final String ROUTINE_PERMISSION = "RoutinePrivilege";
/**
Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/RegisteredFormatIds.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/RegisteredFormatIds.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/RegisteredFormatIds.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/RegisteredFormatIds.java Sun Jul 9 09:17:53 2006
@@ -521,5 +521,8 @@
/* 458 */ "org.apache.derby.iapi.types.DTSClassInfo", //InstanceGetter, XML_ID
/* 459 */ "org.apache.derby.impl.store.raw.data.EncryptContainerOperation",
/* 460 */ "org.apache.derby.impl.store.raw.data.EncryptContainerUndoOperation",
+ /* 461 */ "org.apache.derby.impl.sql.catalog.CoreDDFinderClassInfo",
+ /* 462 */ "org.apache.derby.impl.sql.catalog.CoreDDFinderClassInfo",
+ /* 463 */ "org.apache.derby.impl.sql.catalog.CoreDDFinderClassInfo",
};
}
Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/StoredFormatIds.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/StoredFormatIds.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/StoredFormatIds.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/StoredFormatIds.java Sun Jul 9 09:17:53 2006
@@ -308,6 +308,24 @@
*/
static public final int TABLE_DESCRIPTOR_FINDER_V01_ID =
(MIN_ID_2 + 137);
+
+ /**
+ class org.apache.derby.impl.sql.catalog.CoreDDFinderClassInfo
+ */
+ static public final int ROUTINE_PERMISSION_FINDER_V01_ID =
+ (MIN_ID_2 + 461);
+
+ /**
+ class org.apache.derby.impl.sql.catalog.CoreDDFinderClassInfo
+ */
+ static public final int TABLE_PERMISSION_FINDER_V01_ID =
+ (MIN_ID_2 + 462);
+
+ /**
+ class org.apache.derby.impl.sql.catalog.CoreDDFinderClassInfo
+ */
+ static public final int COLUMNS_PERMISSION_FINDER_V01_ID =
+ (MIN_ID_2 + 463);
/**
class org.apache.derby.impl.sql.catalog.DataDictionaryDescriptorFinder
@@ -1834,7 +1852,7 @@
* Make sure this is updated when a new module is added
*/
public static final int MAX_ID_2 =
- (MIN_ID_2 + 460);
+ (MIN_ID_2 + 463);
// DO NOT USE 4 BYTE IDS ANYMORE
static public final int MAX_ID_4 =
Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/ColPermsDescriptor.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/ColPermsDescriptor.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/ColPermsDescriptor.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/ColPermsDescriptor.java Sun Jul 9 09:17:53 2006
@@ -20,10 +20,16 @@
package org.apache.derby.iapi.sql.dictionary;
+import org.apache.derby.catalog.Dependable;
+import org.apache.derby.catalog.DependableFinder;
import org.apache.derby.catalog.UUID;
+import org.apache.derby.iapi.error.StandardException;
import org.apache.derby.iapi.sql.dictionary.DataDictionary;
import org.apache.derby.iapi.services.io.FormatableBitSet;
+import org.apache.derby.iapi.services.io.StoredFormatIds;
+import org.apache.derby.impl.sql.catalog.DDColumnPermissionsDependableFinder;
+//import org.apache.derby.impl.sql.catalog.DDdependableFinder;
/**
* This class describes a row in the SYS.SYSCOLPERMS system table, which keeps
@@ -34,18 +40,20 @@
private final UUID tableUUID;
private final String type;
private final FormatableBitSet columns;
+ private final String tableName;
public ColPermsDescriptor( DataDictionary dd,
- String grantee,
+ String grantee,
String grantor,
UUID tableUUID,
String type,
- FormatableBitSet columns)
+ FormatableBitSet columns) throws StandardException
{
super (dd, grantee, grantor);
this.tableUUID = tableUUID;
this.type = type;
this.columns = columns;
+ tableName = dd.getTableDescriptor(tableUUID).getName();
}
/**
@@ -55,7 +63,7 @@
String grantee,
String grantor,
UUID tableUUID,
- String type)
+ String type) throws StandardException
{
this( dd, grantee, grantor, tableUUID, type, (FormatableBitSet) null);
}
@@ -72,14 +80,15 @@
public String toString()
{
- return "colPerms: grantor=" + getGrantee() +
+ return "colPerms: grantee=" + getGrantee() +
+ ",colPermsUUID=" + getUUID() +
",grantor=" + getGrantor() +
",tableUUID=" + getTableUUID() +
",type=" + getType() +
",columns=" + getColumns();
}
- /**
+ /**
* @return true iff the key part of this permissions descriptor equals the key part of another permissions
* descriptor.
*/
@@ -101,4 +110,54 @@
return super.keyHashCode() + tableUUID.hashCode() +
((type == null) ? 0 : type.hashCode());
}
+
+ /**
+ * @see PermissionsDescriptor#checkOwner
+ */
+ public boolean checkOwner(String authorizationId) throws StandardException
+ {
+ TableDescriptor td = getDataDictionary().getTableDescriptor(tableUUID);
+ if (td.getSchemaDescriptor().getAuthorizationId().equals(authorizationId))
+ return true;
+ else
+ return false;
+ }
+
+ //////////////////////////////////////////////
+ //
+ // PROVIDER INTERFACE
+ //
+ //////////////////////////////////////////////
+
+ /**
+ * Return the name of this Provider. (Useful for errors.)
+ *
+ * @return String The name of this provider.
+ */
+ public String getObjectName()
+ {
+ return "Column Privilege on " + tableName;
+ }
+
+ /**
+ * Get the provider's type.
+ *
+ * @return char The provider's type.
+ */
+ public String getClassType()
+ {
+ return Dependable.COLUMNS_PERMISSION;
+ }
+
+ /**
+ @return the stored form of this provider
+
+ @see Dependable#getDependableFinder
+ */
+ public DependableFinder getDependableFinder()
+ {
+ return new DDColumnPermissionsDependableFinder(StoredFormatIds.COLUMNS_PERMISSION_FINDER_V01_ID,
+ type);
+ }
+
}
Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDescriptorGenerator.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDescriptorGenerator.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDescriptorGenerator.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDescriptorGenerator.java Sun Jul 9 09:17:53 2006
@@ -440,6 +440,7 @@
String referencesPerm,
String triggerPerm,
String grantor)
+ throws StandardException
{
if( "N".equals( selectPerm) && "N".equals( deletePerm) && "N".equals( insertPerm)
&& "N".equals( updatePerm) && "N".equals( referencesPerm) && "N".equals( triggerPerm))
@@ -475,7 +476,7 @@
public ColPermsDescriptor newColPermsDescriptor( TableDescriptor td,
String type,
FormatableBitSet columns,
- String grantor)
+ String grantor) throws StandardException
{
return new ColPermsDescriptor( dataDictionary,
(String) null,
@@ -492,6 +493,7 @@
* @param grantor
*/
public RoutinePermsDescriptor newRoutinePermsDescriptor( AliasDescriptor ad, String grantor)
+ throws StandardException
{
return new RoutinePermsDescriptor( dataDictionary,
(String) null,
Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDictionary.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDictionary.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDictionary.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDictionary.java Sun Jul 9 09:17:53 2006
@@ -1605,6 +1605,30 @@
throws StandardException;
/**
+ * Get one user's column privileges for a table. This routine gets called by
+ * ColPermsDescriptor.getDependableFinder and that method has hold of
+ * privilege type in String form.
+ *
+ * @param tableUUID
+ * @param privType(as String) Authorizer.SELECT_PRIV, Authorizer.UPDATE_PRIV, or Authorizer.REFERENCES_PRIV
+ * @param forGrant
+ * @param authorizationId The user name
+ *
+ * @return a ColPermsDescriptor or null if the user has no separate column
+ * permissions of the specified type on the table. Note that the user may have been granted
+ * permission on all the columns of the table (no column list), in which case this routine
+ * will return null. You must also call getTablePermissions to see if the user has permission
+ * on a set of columns.
+ *
+ * @exception StandardException
+ */
+ public ColPermsDescriptor getColumnPermissions( UUID tableUUID,
+ String privTypeStr,
+ boolean forGrant,
+ String authorizationId)
+ throws StandardException;
+
+ /**
* Get one user's permissions for a routine (function or procedure).
*
* @param routineUUID
Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/PermissionsDescriptor.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/PermissionsDescriptor.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/PermissionsDescriptor.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/PermissionsDescriptor.java Sun Jul 9 09:17:53 2006
@@ -20,6 +20,9 @@
package org.apache.derby.iapi.sql.dictionary;
+import org.apache.derby.catalog.UUID;
+import org.apache.derby.iapi.error.StandardException;
+import org.apache.derby.iapi.sql.depend.Provider;
import org.apache.derby.iapi.sql.dictionary.DataDictionary;
import org.apache.derby.iapi.services.sanity.SanityManager;
@@ -27,8 +30,10 @@
* This class is used by rows in the SYS.SYSTABLEPERMS, SYS.SYSCOLPERMS, and SYS.SYSROUTINEPERMS
* system tables.
*/
-public abstract class PermissionsDescriptor extends TupleDescriptor implements Cloneable
+public abstract class PermissionsDescriptor extends TupleDescriptor
+ implements Cloneable, Provider
{
+ protected UUID oid;
protected String grantee;
protected String grantor;
@@ -82,4 +87,57 @@
/*----- getter functions for rowfactory ------*/
public String getGrantee() { return grantee;}
public String getGrantor() { return grantor;}
+
+ /**
+ * Gets the UUID of the table.
+ *
+ * @return The UUID of the table.
+ */
+ public UUID getUUID() { return oid;}
+
+ /**
+ * Sets the UUID of the table
+ *
+ * @param oid The UUID of the table to be set in the descriptor
+ */
+ public void setUUID(UUID oid) { this.oid = oid;}
+
+ /**
+ * This method checks if the passed authorization id is same as the owner
+ * of the object on which this permission is defined. This method gets
+ * called by create view/constraint/trigger to see if this permission
+ * needs to be saved in dependency system for the view/constraint/trigger.
+ * If the same user is the owner of the the object being accessed and the
+ * newly created object, then no need to keep this privilege dependency
+ *
+ * @return boolean If passed authorization id is owner of the table
+ */
+ public abstract boolean checkOwner(String authorizationId) throws StandardException;
+
+ //////////////////////////////////////////////
+ //
+ // PROVIDER INTERFACE
+ //
+ ////////////////////////////////////////////////////////////////////
+
+ /**
+ * Get the provider's UUID
+ *
+ * @return The provider's UUID
+ */
+ public UUID getObjectID()
+ {
+ return oid;
+ }
+
+ /**
+ * Is this provider persistent? A stored dependency will be required
+ * if both the dependent and provider are persistent.
+ *
+ * @return boolean Whether or not this provider is persistent.
+ */
+ public boolean isPersistent()
+ {
+ return true;
+ }
}
Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/RoutinePermsDescriptor.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/RoutinePermsDescriptor.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/RoutinePermsDescriptor.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/RoutinePermsDescriptor.java Sun Jul 9 09:17:53 2006
@@ -20,9 +20,14 @@
package org.apache.derby.iapi.sql.dictionary;
+import org.apache.derby.catalog.Dependable;
+import org.apache.derby.catalog.DependableFinder;
import org.apache.derby.catalog.UUID;
+import org.apache.derby.iapi.error.StandardException;
+import org.apache.derby.iapi.services.io.StoredFormatIds;
import org.apache.derby.iapi.sql.dictionary.DataDictionary;
+import org.apache.derby.impl.sql.catalog.DDdependableFinder;
/**
* This class describes rows in the SYS.SYSROUTINEPERMS system table, which keeps track of the routine
@@ -31,23 +36,25 @@
public class RoutinePermsDescriptor extends PermissionsDescriptor
{
private final UUID routineUUID;
+ private final String routineName;
private final boolean hasExecutePermission;
public RoutinePermsDescriptor( DataDictionary dd,
String grantee,
String grantor,
UUID routineUUID,
- boolean hasExecutePermission)
+ boolean hasExecutePermission) throws StandardException
{
super (dd, grantee, grantor);
this.routineUUID = routineUUID;
this.hasExecutePermission = hasExecutePermission;
+ routineName = dd.getAliasDescriptor(routineUUID).getObjectName();
}
public RoutinePermsDescriptor( DataDictionary dd,
String grantee,
String grantor,
- UUID routineUUID)
+ UUID routineUUID) throws StandardException
{
this( dd, grantee, grantor, routineUUID, true);
}
@@ -57,7 +64,7 @@
*/
public RoutinePermsDescriptor( DataDictionary dd,
String grantee,
- String grantor)
+ String grantor) throws StandardException
{
this( dd, grantee, grantor, (UUID) null);
}
@@ -73,7 +80,8 @@
public String toString()
{
- return "routinePerms: grantor=" + getGrantee() +
+ return "routinePerms: grantee=" + getGrantee() +
+ ",routinePermsUUID=" + getUUID() +
",grantor=" + getGrantor() +
",routineUUID=" + getRoutineUUID();
}
@@ -98,4 +106,52 @@
{
return super.keyHashCode() + routineUUID.hashCode();
}
+
+ /**
+ * @see PermissionsDescriptor#checkOwner
+ */
+ public boolean checkOwner(String authorizationId) throws StandardException
+ {
+ UUID sd = getDataDictionary().getAliasDescriptor(routineUUID).getSchemaUUID();
+ if (getDataDictionary().getSchemaDescriptor(sd, null).getAuthorizationId().equals(authorizationId))
+ return true;
+ else
+ return false;
+ }
+
+ //////////////////////////////////////////////
+ //
+ // PROVIDER INTERFACE
+ //
+ //////////////////////////////////////////////
+
+ /**
+ * Return the name of this Provider. (Useful for errors.)
+ *
+ * @return String The name of this provider.
+ */
+ public String getObjectName()
+ {
+ return "Routine Privilege on " + routineName;
+ }
+
+ /**
+ * Get the provider's type.
+ *
+ * @return char The provider's type.
+ */
+ public String getClassType()
+ {
+ return Dependable.ROUTINE_PERMISSION;
+ }
+
+ /**
+ @return the stored form of this provider
+
+ @see Dependable#getDependableFinder
+ */
+ public DependableFinder getDependableFinder()
+ {
+ return new DDdependableFinder(StoredFormatIds.ROUTINE_PERMISSION_FINDER_V01_ID);
+ }
}
Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementColumnPermission.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementColumnPermission.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementColumnPermission.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementColumnPermission.java Sun Jul 9 09:17:53 2006
@@ -93,9 +93,6 @@
if( hasPermissionOnTable(dd, authorizationId, forGrant))
return;
FormatableBitSet permittedColumns = null;
- FormatableBitSet grantablePermittedColumns = null;
- FormatableBitSet publicPermittedColumns = null;
- FormatableBitSet publicPrantablePermittedColumns = null;
if( ! forGrant)
{
permittedColumns = addPermittedColumns( dd,
@@ -156,4 +153,71 @@
}
return permittedColumns;
} // end of addPermittedColumns
+
+ /**
+ * @see StatementPermission#getPermissionDescriptor
+ */
+ public PermissionsDescriptor getPermissionDescriptor(String authid, DataDictionary dd)
+ throws StandardException
+ {
+ //If table permission found for authorizationid, then simply return that
+ if (oneAuthHasPermissionOnTable( dd, authid, false))
+ return dd.getTablePermissions(tableUUID, authid);
+ //If table permission found for PUBLIC, then simply return that
+ if (oneAuthHasPermissionOnTable( dd, Authorizer.PUBLIC_AUTHORIZATION_ID, false))
+ return dd.getTablePermissions(tableUUID, Authorizer.PUBLIC_AUTHORIZATION_ID);
+
+ //If table level permission not found, then we have to find permissions
+ //at column level. Look for column level permission for the passed
+ //authorizer. If found any of the required column level permissions,
+ //return the permission descriptor for it.
+ ColPermsDescriptor colsPermsDesc = dd.getColumnPermissions(tableUUID, privType, false, authid);
+ if( colsPermsDesc != null)
+ {
+ if( colsPermsDesc.getColumns() != null){
+ FormatableBitSet permittedColumns = colsPermsDesc.getColumns();
+ for( int i = columns.anySetBit(); i >= 0; i = columns.anySetBit( i))
+ {
+ if(permittedColumns.get(i))
+ return colsPermsDesc;
+ }
+ }
+ }
+ return null;
+ }
+
+ /**
+ * This method gets called in execution phase after it is established that
+ * all the required privileges exist for the given sql. This method gets
+ * called by create view/trigger/constraint to record their dependency on
+ * various privileges.
+ * Special code is required to track column level privileges.
+ * It is possible that some column level privileges are available to the
+ * passed authorizer id but the rest required column level privileges
+ * are available at PUBLIC level. In this method, we check if all the
+ * required column level privileges are found for the passed authorizer.
+ * If yes, then simply return null, indicating that no dependency is
+ * required at PUBLIC level, because all the required privileges were found
+ * at the user level. But if some column level privileges are not
+ * available at user level, then they have to exist at the PUBLIC
+ * level when this method gets called.
+ */
+ public PermissionsDescriptor getPUBLIClevelColPermsDescriptor(String authid, DataDictionary dd)
+ throws StandardException
+ {
+ ColPermsDescriptor colsPermsDesc = dd.getColumnPermissions(tableUUID, privType, false, authid);
+ FormatableBitSet permittedColumns = colsPermsDesc.getColumns();
+ boolean allColumnsCoveredByUserLevelPrivilege = true;
+ for( int i = columns.anySetBit(); i >= 0 && allColumnsCoveredByUserLevelPrivilege; i = columns.anySetBit( i))
+ {
+ if(permittedColumns.get(i))
+ continue;
+ else
+ allColumnsCoveredByUserLevelPrivilege = false;
+ }
+ if (allColumnsCoveredByUserLevelPrivilege)
+ return null;
+ else
+ return (dd.getColumnPermissions(tableUUID, privType, false, Authorizer.PUBLIC_AUTHORIZATION_ID));
+ }
}
Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementPermission.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementPermission.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementPermission.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementPermission.java Sun Jul 9 09:17:53 2006
@@ -39,4 +39,27 @@
public abstract void check( LanguageConnectionContext lcc,
String authorizationId,
boolean forGrant) throws StandardException;
+
+ /**
+ *
+ * Get the PermissionDescriptor for the passed authorization id for this
+ * object. This method gets called during the execution phase of create
+ * view/constraint/trigger. The return value of this method is saved in
+ * dependency system to keep track of views/constraints/triggers
+ * dependencies on required permissions. This happens in execution phase
+ * after it has been established that passed authorization id has all the
+ * permissions it needs to create that view/constraint/trigger. Which means
+ * that we can only get to writing into dependency system once all the required
+ * privileges are confirmed.
+ *
+ * @param authorizationId AuthorizationId
+ * @param dd DataDictionary
+ *
+ * @return PermissionsDescriptor The PermissionDescriptor for the passed
+ * authorization id on this object
+ *
+ * @exception StandardException
+ */
+ public abstract PermissionsDescriptor getPermissionDescriptor(String authid, DataDictionary dd)
+ throws StandardException;
}
Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementRoutinePermission.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementRoutinePermission.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementRoutinePermission.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementRoutinePermission.java Sun Jul 9 09:17:53 2006
@@ -71,4 +71,13 @@
ad.getDescriptorName());
}
} // end of check
+
+ /**
+ * @see StatementPermission#getPermissionDescriptor
+ */
+ public PermissionsDescriptor getPermissionDescriptor(String authid, DataDictionary dd)
+ throws StandardException
+ {
+ return dd.getRoutinePermissions(routineUUID,authid);
+ }
}
Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementSchemaPermission.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementSchemaPermission.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementSchemaPermission.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementSchemaPermission.java Sun Jul 9 09:17:53 2006
@@ -75,4 +75,17 @@
SQLState.AUTH_NOT_DATABASE_OWNER, authid, schemaName);
}
}
+
+ /**
+ * Schema level permission is never required as list of privileges required
+ * for triggers/constraints/views and hence we don't do any work here, but
+ * simply return null
+ *
+ * @see StatementPermission#check
+ */
+ public PermissionsDescriptor getPermissionDescriptor(String authid, DataDictionary dd)
+ throws StandardException
+ {
+ return null;
+ }
}
Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementTablePermission.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementTablePermission.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementTablePermission.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementTablePermission.java Sun Jul 9 09:17:53 2006
@@ -141,7 +141,7 @@
|| oneAuthHasPermissionOnTable( dd, authorizationId, forGrant);
}
- private boolean oneAuthHasPermissionOnTable(DataDictionary dd, String authorizationId, boolean forGrant)
+ protected boolean oneAuthHasPermissionOnTable(DataDictionary dd, String authorizationId, boolean forGrant)
throws StandardException
{
TablePermsDescriptor perms = dd.getTablePermissions( tableUUID, authorizationId);
@@ -174,6 +174,19 @@
return "Y".equals(priv) || (!forGrant) && "y".equals( priv);
} // end of hasPermissionOnTable
+
+ /**
+ * @see StatementPermission#getPermissionDescriptor
+ */
+ public PermissionsDescriptor getPermissionDescriptor(String authid, DataDictionary dd)
+ throws StandardException
+ {
+ //if the required type of privilege exists for the given authorizer,
+ //then pass the permission descriptor for it.
+ if (oneAuthHasPermissionOnTable( dd, authid, false))
+ return dd.getTablePermissions(tableUUID, authid);
+ else return null;
+ }
/**
* Return privilege needed for this access as string
Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/TablePermsDescriptor.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/TablePermsDescriptor.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/TablePermsDescriptor.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/TablePermsDescriptor.java Sun Jul 9 09:17:53 2006
@@ -20,9 +20,14 @@
package org.apache.derby.iapi.sql.dictionary;
+import org.apache.derby.catalog.Dependable;
+import org.apache.derby.catalog.DependableFinder;
import org.apache.derby.catalog.UUID;
+import org.apache.derby.iapi.services.io.StoredFormatIds;
import org.apache.derby.iapi.sql.dictionary.DataDictionary;
+import org.apache.derby.iapi.error.StandardException;
+import org.apache.derby.impl.sql.catalog.DDdependableFinder;
/**
* This class describes a row in the SYS.SYSTABLEPERMS system table, which
@@ -31,6 +36,7 @@
public class TablePermsDescriptor extends PermissionsDescriptor
{
private final UUID tableUUID;
+ private final String tableName;
private final String selectPriv;
private final String deletePriv;
private final String insertPriv;
@@ -47,7 +53,7 @@
String insertPriv,
String updatePriv,
String referencesPriv,
- String triggerPriv)
+ String triggerPriv) throws StandardException
{
super (dd, grantee, grantor);
this.tableUUID = tableUUID;
@@ -57,6 +63,7 @@
this.updatePriv = updatePriv;
this.referencesPriv = referencesPriv;
this.triggerPriv = triggerPriv;
+ tableName = dd.getTableDescriptor(tableUUID).getName();
}
/**
@@ -65,7 +72,7 @@
public TablePermsDescriptor( DataDictionary dd,
String grantee,
String grantor,
- UUID tableUUID)
+ UUID tableUUID) throws StandardException
{
this( dd, grantee, grantor, tableUUID,
(String) null, (String) null, (String) null, (String) null, (String) null, (String) null);
@@ -87,7 +94,8 @@
public String toString()
{
- return "tablePerms: grantee=" + getGrantee() +
+ return "tablePerms: grantee=" + getGrantee() +
+ ",tablePermsUUID=" + getUUID() +
",grantor=" + getGrantor() +
",tableUUID=" + getTableUUID() +
",selectPriv=" + getSelectPriv() +
@@ -117,4 +125,52 @@
{
return super.keyHashCode() + tableUUID.hashCode();
}
+
+ /**
+ * @see PermissionsDescriptor#checkOwner
+ */
+ public boolean checkOwner(String authorizationId) throws StandardException
+ {
+ TableDescriptor td = getDataDictionary().getTableDescriptor(tableUUID);
+ if (td.getSchemaDescriptor().getAuthorizationId().equals(authorizationId))
+ return true;
+ else
+ return false;
+ }
+
+ //////////////////////////////////////////////
+ //
+ // PROVIDER INTERFACE
+ //
+ //////////////////////////////////////////////
+
+ /**
+ * Return the name of this Provider. (Useful for errors.)
+ *
+ * @return String The name of this provider.
+ */
+ public String getObjectName()
+ {
+ return "Table Privilege on " + tableName;
+ }
+
+ /**
+ * Get the provider's type.
+ *
+ * @return char The provider's type.
+ */
+ public String getClassType()
+ {
+ return Dependable.TABLE_PERMISSION;
+ }
+
+ /**
+ @return the stored form of this provider
+
+ @see Dependable#getDependableFinder
+ */
+ public DependableFinder getDependableFinder()
+ {
+ return new DDdependableFinder(StoredFormatIds.TABLE_PERMISSION_FINDER_V01_ID);
+ }
}
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/CoreDDFinderClassInfo.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/CoreDDFinderClassInfo.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/CoreDDFinderClassInfo.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/CoreDDFinderClassInfo.java Sun Jul 9 09:17:53 2006
@@ -40,9 +40,13 @@
case StoredFormatIds.TABLE_DESCRIPTOR_FINDER_V01_ID:
case StoredFormatIds.TRIGGER_DESCRIPTOR_FINDER_V01_ID:
case StoredFormatIds.VIEW_DESCRIPTOR_FINDER_V01_ID:
+ case StoredFormatIds.TABLE_PERMISSION_FINDER_V01_ID:
+ case StoredFormatIds.ROUTINE_PERMISSION_FINDER_V01_ID:
return new DDdependableFinder(fmtId);
case StoredFormatIds.COLUMN_DESCRIPTOR_FINDER_V01_ID:
return new DDColumnDependableFinder(fmtId);
+ case StoredFormatIds.COLUMNS_PERMISSION_FINDER_V01_ID:
+ return new DDColumnPermissionsDependableFinder(fmtId);
default:
return null;
}
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DDdependableFinder.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DDdependableFinder.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DDdependableFinder.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DDdependableFinder.java Sun Jul 9 09:17:53 2006
@@ -33,7 +33,6 @@
import org.apache.derby.iapi.sql.conn.LanguageConnectionContext;
import org.apache.derby.iapi.sql.dictionary.ColumnDescriptor;
import org.apache.derby.iapi.sql.dictionary.DefaultDescriptor;
-import org.apache.derby.iapi.sql.dictionary.FileInfoDescriptor;
import org.apache.derby.iapi.sql.dictionary.DataDictionary;
import org.apache.derby.iapi.sql.dictionary.DataDictionaryContext;
import org.apache.derby.iapi.sql.dictionary.TableDescriptor;
@@ -249,6 +248,15 @@
case StoredFormatIds.VIEW_DESCRIPTOR_FINDER_V01_ID:
return Dependable.VIEW;
+ case StoredFormatIds.TABLE_PERMISSION_FINDER_V01_ID:
+ return Dependable.TABLE_PERMISSION;
+
+ case StoredFormatIds.COLUMNS_PERMISSION_FINDER_V01_ID:
+ return Dependable.COLUMNS_PERMISSION;
+
+ case StoredFormatIds.ROUTINE_PERMISSION_FINDER_V01_ID:
+ return Dependable.ROUTINE_PERMISSION;
+
default:
if (SanityManager.DEBUG)
{
@@ -302,6 +310,7 @@
protected Dependable getDependable(DataDictionary dd, UUID dependableObjectID)
throws StandardException
{
+ LanguageConnectionContext lcc;
switch (formatId)
{
case StoredFormatIds.ALIAS_DESCRIPTOR_FINDER_V01_ID:
@@ -339,6 +348,18 @@
case StoredFormatIds.VIEW_DESCRIPTOR_FINDER_V01_ID:
return dd.getViewDescriptor(dependableObjectID);
+ case StoredFormatIds.TABLE_PERMISSION_FINDER_V01_ID:
+ lcc = (LanguageConnectionContext)
+ ContextService.getContext(LanguageConnectionContext.CONTEXT_ID);
+ return dd.getTablePermissions(dependableObjectID,
+ lcc.getAuthorizationId());
+
+ case StoredFormatIds.ROUTINE_PERMISSION_FINDER_V01_ID:
+ lcc = (LanguageConnectionContext)
+ ContextService.getContext(LanguageConnectionContext.CONTEXT_ID);
+ return dd.getRoutinePermissions(dependableObjectID,
+ lcc.getAuthorizationId());
+
default:
if (SanityManager.DEBUG)
{
@@ -356,6 +377,7 @@
protected String getSQLObjectName(DataDictionary dd, UUID dependableObjectID)
throws StandardException
{
+ LanguageConnectionContext lcc;
switch (formatId)
{
case StoredFormatIds.ALIAS_DESCRIPTOR_FINDER_V01_ID:
@@ -388,6 +410,7 @@
case StoredFormatIds.TABLE_DESCRIPTOR_FINDER_V01_ID:
case StoredFormatIds.COLUMN_DESCRIPTOR_FINDER_V01_ID:
+ case StoredFormatIds.COLUMNS_PERMISSION_FINDER_V01_ID:
return getDependable(dd, dependableObjectID).getObjectName();
case StoredFormatIds.TRIGGER_DESCRIPTOR_FINDER_V01_ID:
@@ -395,6 +418,18 @@
case StoredFormatIds.VIEW_DESCRIPTOR_FINDER_V01_ID:
return dd.getTableDescriptor(dependableObjectID).getName();
+
+ case StoredFormatIds.TABLE_PERMISSION_FINDER_V01_ID:
+ lcc = (LanguageConnectionContext)
+ ContextService.getContext(LanguageConnectionContext.CONTEXT_ID);
+ return dd.getTablePermissions(dependableObjectID,
+ lcc.getAuthorizationId()).getObjectName();
+
+ case StoredFormatIds.ROUTINE_PERMISSION_FINDER_V01_ID:
+ lcc = (LanguageConnectionContext)
+ ContextService.getContext(LanguageConnectionContext.CONTEXT_ID);
+ return dd.getRoutinePermissions(dependableObjectID,
+ lcc.getAuthorizationId()).getObjectName();
default:
if (SanityManager.DEBUG)
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java Sun Jul 9 09:17:53 2006
@@ -9797,7 +9797,7 @@
* Get one user's column privileges for a table.
*
* @param tableUUID
- * @param privType Authorizer.SELECT_PRIV, Authorizer.UPDATE_PRIV, or Authorizer.REFERENCES_PRIV
+ * @param privType(as int) Authorizer.SELECT_PRIV, Authorizer.UPDATE_PRIV, or Authorizer.REFERENCES_PRIV
* @param forGrant
* @param authorizationId The user name
*
@@ -9827,6 +9827,39 @@
return (ColPermsDescriptor) getPermissions( key);
} // end of getColumnPermissions
+ /**
+ * Get one user's column privileges for a table. This routine gets called by
+ * ColPermsDescriptor.getDependableFinder and that method has hold of
+ * privilege type in String form.
+ *
+ * @param tableUUID
+ * @param privType(as String) Authorizer.SELECT_PRIV, Authorizer.UPDATE_PRIV, or Authorizer.REFERENCES_PRIV
+ * @param forGrant
+ * @param authorizationId The user name
+ *
+ * @return a ColPermsDescriptor or null if the user has no separate column
+ * permissions of the specified type on the table. Note that the user may have been granted
+ * permission on all the columns of the table (no column list), in which case this routine
+ * will return null. You must also call getTablePermissions to see if the user has permission
+ * on a set of columns.
+ *
+ * @exception StandardException
+ */
+ public ColPermsDescriptor getColumnPermissions( UUID tableUUID,
+ String privTypeStr,
+ boolean forGrant,
+ String authorizationId)
+ throws StandardException
+ {
+ ColPermsDescriptor key = new ColPermsDescriptor( this,
+ authorizationId,
+ (String) null,
+ tableUUID,
+ privTypeStr);
+ return (ColPermsDescriptor) getPermissions( key);
+
+ }
+
private static final String[] colPrivTypeMap;
private static final String[] colPrivTypeMapForGrant;
static {
@@ -9839,7 +9872,7 @@
colPrivTypeMap[ Authorizer.REFERENCES_PRIV] = "r";
colPrivTypeMapForGrant[ Authorizer.REFERENCES_PRIV] = "R";
}
-
+
/**
* Get one user's permissions for a routine (function or procedure).
*
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSCOLPERMSRowFactory.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSCOLPERMSRowFactory.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSCOLPERMSRowFactory.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSCOLPERMSRowFactory.java Sun Jul 9 09:17:53 2006
@@ -59,12 +59,13 @@
static final String TABLENAME_STRING = "SYSCOLPERMS";
// Column numbers for the SYSCOLPERMS table. 1 based
- private static final int GRANTEE_COL_NUM = 1;
- private static final int GRANTOR_COL_NUM = 2;
- private static final int TABLEID_COL_NUM = 3;
- private static final int TYPE_COL_NUM = 4;
- private static final int COLUMNS_COL_NUM = 5;
- private static final int COLUMN_COUNT = 5;
+ private static final int SYSCOLPERMS_COLPERMSID = 1;
+ private static final int GRANTEE_COL_NUM = 2;
+ private static final int GRANTOR_COL_NUM = 3;
+ private static final int TABLEID_COL_NUM = 4;
+ private static final int TYPE_COL_NUM = 5;
+ private static final int COLUMNS_COL_NUM = 6;
+ private static final int COLUMN_COUNT = 6;
public static final int GRANTEE_TABLE_TYPE_GRANTOR_INDEX_NUM = 0;
private static final int[][] indexColumnPositions =
@@ -95,6 +96,8 @@
public ExecRow makeRow(TupleDescriptor td, TupleDescriptor parent) throws StandardException
{
+ UUID oid;
+ String colPermID = null;
DataValueDescriptor grantee = null;
DataValueDescriptor grantor = null;
String tableID = null;
@@ -109,6 +112,13 @@
else
{
ColPermsDescriptor cpd = (ColPermsDescriptor) td;
+ oid = cpd.getUUID();
+ if ( oid == null )
+ {
+ oid = getUUIDFactory().createUUID();
+ cpd.setUUID(oid);
+ }
+ colPermID = oid.toString();
grantee = getAuthorizationID( cpd.getGrantee());
grantor = getAuthorizationID( cpd.getGrantor());
tableID = cpd.getTableUUID().toString();
@@ -116,6 +126,7 @@
columns = cpd.getColumns();
}
ExecRow row = getExecutionFactory().getValueRow( COLUMN_COUNT);
+ row.setColumn( SYSCOLPERMS_COLPERMSID, dvf.getCharDataValue(colPermID));
row.setColumn( GRANTEE_COL_NUM, grantee);
row.setColumn( GRANTOR_COL_NUM, grantor);
row.setColumn( TABLEID_COL_NUM, dvf.getCharDataValue( tableID));
@@ -134,6 +145,8 @@
SanityManager.ASSERT( row.nColumns() == COLUMN_COUNT,
"Wrong size row passed to SYSCOLPERMSRowFactory.buildDescriptor");
+ String colPermsUUIDString = row.getColumn( SYSCOLPERMS_COLPERMSID).getString();
+ UUID colPermsUUID = getUUIDFactory().recreateUUID(colPermsUUIDString);
String tableUUIDString = row.getColumn( TABLEID_COL_NUM).getString();
UUID tableUUID = getUUIDFactory().recreateUUID(tableUUIDString);
String type = row.getColumn( TYPE_COL_NUM).getString();
@@ -144,10 +157,13 @@
"r".equals( type) || "R".equals( type),
"Invalid type passed to SYSCOLPERMSRowFactory.buildDescriptor");
- return new ColPermsDescriptor( dataDictionary,
- getAuthorizationID( row, GRANTEE_COL_NUM),
- getAuthorizationID( row, GRANTOR_COL_NUM),
- tableUUID, type, columns);
+ ColPermsDescriptor colPermsDesc =
+ new ColPermsDescriptor( dataDictionary,
+ getAuthorizationID( row, GRANTEE_COL_NUM),
+ getAuthorizationID( row, GRANTOR_COL_NUM),
+ tableUUID, type, columns);
+ colPermsDesc.setUUID(colPermsUUID);
+ return colPermsDesc;
} // end of buildDescriptor
/** builds a column list for the catalog */
@@ -157,6 +173,15 @@
{
columnList = new SystemColumn[ COLUMN_COUNT];
+ columnList[ SYSCOLPERMS_COLPERMSID - 1] =
+ new SystemColumnImpl( convertIdCase( "COLPERMSID"),
+ SYSCOLPERMS_COLPERMSID,
+ 0, // precision
+ 0, // scale
+ false, // nullability
+ "CHAR",
+ true,
+ 36);
columnList[ GRANTEE_COL_NUM - 1] =
new SystemColumnImpl( convertIdCase( "GRANTEE"),
GRANTEE_COL_NUM,
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSROUTINEPERMSRowFactory.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSROUTINEPERMSRowFactory.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSROUTINEPERMSRowFactory.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSROUTINEPERMSRowFactory.java Sun Jul 9 09:17:53 2006
@@ -24,7 +24,6 @@
import org.apache.derby.iapi.sql.dictionary.TupleDescriptor;
import org.apache.derby.iapi.sql.dictionary.RoutinePermsDescriptor;
import org.apache.derby.iapi.sql.dictionary.DataDictionary;
-import org.apache.derby.iapi.sql.dictionary.DataDescriptorGenerator;
import org.apache.derby.iapi.sql.dictionary.PermissionsCatalogRowFactory;
import org.apache.derby.iapi.sql.dictionary.PermissionsDescriptor;
@@ -34,17 +33,12 @@
import org.apache.derby.iapi.sql.execute.ExecRow;
import org.apache.derby.iapi.sql.execute.ExecIndexRow;
import org.apache.derby.iapi.sql.execute.ExecutionFactory;
-import org.apache.derby.iapi.types.TypeId;
import org.apache.derby.iapi.types.DataValueFactory;
import org.apache.derby.iapi.types.RowLocation;
import org.apache.derby.iapi.types.DataValueDescriptor;
-import org.apache.derby.iapi.types.NumberDataValue;
import org.apache.derby.iapi.types.StringDataValue;
import org.apache.derby.iapi.services.uuid.UUIDFactory;
import org.apache.derby.catalog.UUID;
-import org.apache.derby.catalog.Statistics;
-
-import java.sql.Timestamp;
/**
* Factory for creating a SYSROUTINEPERMS row.
@@ -56,11 +50,12 @@
static final String TABLENAME_STRING = "SYSROUTINEPERMS";
// Column numbers for the SYSROUTINEPERMS table. 1 based
- private static final int GRANTEE_COL_NUM = 1;
- private static final int GRANTOR_COL_NUM = 2;
- private static final int ALIASID_COL_NUM = 3;
- private static final int GRANTOPTION_COL_NUM = 4;
- private static final int COLUMN_COUNT = 4;
+ private static final int SYSROUTINEPERMS_ROUTINPERMSID = 1;
+ private static final int GRANTEE_COL_NUM = 2;
+ private static final int GRANTOR_COL_NUM = 3;
+ private static final int ALIASID_COL_NUM = 4;
+ private static final int GRANTOPTION_COL_NUM = 5;
+ private static final int COLUMN_COUNT = 5;
static final int GRANTEE_ALIAS_GRANTOR_INDEX_NUM = 0;
private static final int[][] indexColumnPositions =
@@ -91,6 +86,8 @@
public ExecRow makeRow(TupleDescriptor td, TupleDescriptor parent) throws StandardException
{
+ UUID oid;
+ String routinePermID = null;
DataValueDescriptor grantee = null;
DataValueDescriptor grantor = null;
String routineID = null;
@@ -103,12 +100,20 @@
else
{
RoutinePermsDescriptor rpd = (RoutinePermsDescriptor) td;
+ oid = rpd.getUUID();
+ if ( oid == null )
+ {
+ oid = getUUIDFactory().createUUID();
+ rpd.setUUID(oid);
+ }
+ routinePermID = oid.toString();
grantee = getAuthorizationID( rpd.getGrantee());
grantor = getAuthorizationID( rpd.getGrantor());
if( rpd.getRoutineUUID() != null)
routineID = rpd.getRoutineUUID().toString();
}
ExecRow row = getExecutionFactory().getValueRow( COLUMN_COUNT);
+ row.setColumn( SYSROUTINEPERMS_ROUTINPERMSID, dvf.getCharDataValue(routinePermID));
row.setColumn( GRANTEE_COL_NUM, grantee);
row.setColumn( GRANTOR_COL_NUM, grantor);
row.setColumn( ALIASID_COL_NUM, dvf.getCharDataValue( routineID));
@@ -126,13 +131,18 @@
SanityManager.ASSERT( row.nColumns() == COLUMN_COUNT,
"Wrong size row passed to SYSROUTINEPERMSRowFactory.buildDescriptor");
+ String routinePermsUUIDString = row.getColumn(SYSROUTINEPERMS_ROUTINPERMSID).getString();
+ UUID routinePermsUUID = getUUIDFactory().recreateUUID(routinePermsUUIDString);
String aliasUUIDString = row.getColumn( ALIASID_COL_NUM).getString();
UUID aliasUUID = getUUIDFactory().recreateUUID(aliasUUIDString);
- return new RoutinePermsDescriptor( dataDictionary,
- getAuthorizationID( row, GRANTEE_COL_NUM),
- getAuthorizationID( row, GRANTOR_COL_NUM),
- aliasUUID);
+ RoutinePermsDescriptor routinePermsDesc =
+ new RoutinePermsDescriptor( dataDictionary,
+ getAuthorizationID( row, GRANTEE_COL_NUM),
+ getAuthorizationID( row, GRANTOR_COL_NUM),
+ aliasUUID);
+ routinePermsDesc.setUUID(routinePermsUUID);
+ return routinePermsDesc;
} // end of buildDescriptor
/** builds a column list for the catalog */
@@ -142,6 +152,15 @@
{
columnList = new SystemColumn[ COLUMN_COUNT];
+ columnList[ SYSROUTINEPERMS_ROUTINPERMSID - 1] =
+ new SystemColumnImpl( convertIdCase( "ROUTINEPERMSID"),
+ SYSROUTINEPERMS_ROUTINPERMSID,
+ 0, // precision
+ 0, // scale
+ false, // nullability
+ "CHAR",
+ true,
+ 36);
columnList[ GRANTEE_COL_NUM - 1] =
new SystemColumnImpl( convertIdCase( "GRANTEE"),
GRANTEE_COL_NUM,
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSTABLEPERMSRowFactory.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSTABLEPERMSRowFactory.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSTABLEPERMSRowFactory.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSTABLEPERMSRowFactory.java Sun Jul 9 09:17:53 2006
@@ -29,6 +29,7 @@
import org.apache.derby.iapi.sql.dictionary.DataDescriptorGenerator;
import org.apache.derby.iapi.sql.dictionary.DataDictionary;
import org.apache.derby.iapi.sql.dictionary.SystemColumn;
+import org.apache.derby.iapi.sql.dictionary.TableDescriptor;
import org.apache.derby.iapi.sql.dictionary.TablePermsDescriptor;
import org.apache.derby.iapi.sql.dictionary.TupleDescriptor;
import org.apache.derby.iapi.sql.execute.ExecIndexRow;
@@ -49,16 +50,17 @@
static final String TABLENAME_STRING = "SYSTABLEPERMS";
// Column numbers for the SYSTABLEPERMS table. 1 based
- private static final int GRANTEE_COL_NUM = 1;
- private static final int GRANTOR_COL_NUM = 2;
- private static final int TABLEID_COL_NUM = 3;
- private static final int SELECTPRIV_COL_NUM = 4;
- private static final int DELETEPRIV_COL_NUM = 5;
- private static final int INSERTPRIV_COL_NUM = 6;
- private static final int UPDATEPRIV_COL_NUM = 7;
- private static final int REFERENCESPRIV_COL_NUM = 8;
- private static final int TRIGGERPRIV_COL_NUM = 9;
- private static final int COLUMN_COUNT = 9;
+ private static final int SYSTABLEPERMS_TABLEPERMSID = 1;
+ private static final int GRANTEE_COL_NUM = 2;
+ private static final int GRANTOR_COL_NUM = 3;
+ private static final int TABLEID_COL_NUM = 4;
+ private static final int SELECTPRIV_COL_NUM = 5;
+ private static final int DELETEPRIV_COL_NUM = 6;
+ private static final int INSERTPRIV_COL_NUM = 7;
+ private static final int UPDATEPRIV_COL_NUM = 8;
+ private static final int REFERENCESPRIV_COL_NUM = 9;
+ private static final int TRIGGERPRIV_COL_NUM = 10;
+ private static final int COLUMN_COUNT = 10;
public static final int GRANTEE_TABLE_GRANTOR_INDEX_NUM = 0;
private static final int[][] indexColumnPositions =
@@ -89,8 +91,10 @@
public ExecRow makeRow(TupleDescriptor td, TupleDescriptor parent) throws StandardException
{
+ UUID oid;
DataValueDescriptor grantee = null;
DataValueDescriptor grantor = null;
+ String tablePermID = null;
String tableID = null;
String selectPriv = null;
String deletePriv = null;
@@ -107,7 +111,15 @@
else
{
TablePermsDescriptor tpd = (TablePermsDescriptor) td;
- grantee = getAuthorizationID( tpd.getGrantee());
+ oid = tpd.getUUID();
+ if ( oid == null )
+ {
+ oid = getUUIDFactory().createUUID();
+ tpd.setUUID(oid);
+ }
+ tablePermID = oid.toString();
+
+ grantee = getAuthorizationID( tpd.getGrantee());
grantor = getAuthorizationID( tpd.getGrantor());
tableID = tpd.getTableUUID().toString();
selectPriv = tpd.getSelectPriv();
@@ -118,6 +130,7 @@
triggerPriv = tpd.getTriggerPriv();
}
ExecRow row = getExecutionFactory().getValueRow( COLUMN_COUNT);
+ row.setColumn( SYSTABLEPERMS_TABLEPERMSID, dvf.getCharDataValue(tablePermID));
row.setColumn( GRANTEE_COL_NUM, grantee);
row.setColumn( GRANTOR_COL_NUM, grantor);
row.setColumn( TABLEID_COL_NUM, dvf.getCharDataValue( tableID));
@@ -137,10 +150,12 @@
DataDictionary dataDictionary)
throws StandardException
{
- if( SanityManager.DEBUG)
+ if( SanityManager.DEBUG)
SanityManager.ASSERT( row.nColumns() == COLUMN_COUNT,
"Wrong size row passed to SYSTABLEPERMSRowFactory.buildDescriptor");
+ String tablePermsUUIDString = row.getColumn(SYSTABLEPERMS_TABLEPERMSID).getString();
+ UUID tablePermsUUID = getUUIDFactory().recreateUUID(tablePermsUUIDString);
String tableUUIDString = row.getColumn( TABLEID_COL_NUM).getString();
UUID tableUUID = getUUIDFactory().recreateUUID(tableUUIDString);
String selectPriv = row.getColumn( SELECTPRIV_COL_NUM).getString();
@@ -165,12 +180,15 @@
"Invalid SYSTABLEPERMS.triggerPriv column value: " + triggerPriv);
}
- return new TablePermsDescriptor( dataDictionary,
+ TablePermsDescriptor tabPermsDesc =
+ new TablePermsDescriptor( dataDictionary,
getAuthorizationID( row, GRANTEE_COL_NUM),
getAuthorizationID( row, GRANTOR_COL_NUM),
tableUUID,
selectPriv, deletePriv, insertPriv,
updatePriv, referencesPriv, triggerPriv);
+ tabPermsDesc.setUUID(tablePermsUUID);
+ return tabPermsDesc;
} // end of buildDescriptor
/** builds a column list for the catalog */
@@ -180,6 +198,15 @@
{
columnList = new SystemColumn[ COLUMN_COUNT];
+ columnList[ SYSTABLEPERMS_TABLEPERMSID - 1] =
+ new SystemColumnImpl( convertIdCase( "TABLEPERMSID"),
+ SYSTABLEPERMS_TABLEPERMSID,
+ 0, // precision
+ 0, // scale
+ false, // nullability
+ "CHAR",
+ true,
+ 36);
columnList[ GRANTEE_COL_NUM - 1] =
new SystemColumnImpl( convertIdCase( "GRANTEE"),
GRANTEE_COL_NUM,
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CreateSchemaNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CreateSchemaNode.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CreateSchemaNode.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CreateSchemaNode.java Sun Jul 9 09:17:53 2006
@@ -110,7 +110,8 @@
super.bind();
CompilerContext cc = getCompilerContext();
- cc.addRequiredSchemaPriv(name, aid, Authorizer.CREATE_SCHEMA_PRIV);
+ if (isPrivilegeCollectionRequired())
+ cc.addRequiredSchemaPriv(name, aid, Authorizer.CREATE_SCHEMA_PRIV);
return this;
}
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CreateTriggerNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CreateTriggerNode.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CreateTriggerNode.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CreateTriggerNode.java Sun Jul 9 09:17:53 2006
@@ -247,10 +247,12 @@
{
throw StandardException.newException(SQLState.LANG_OPERATION_NOT_ALLOWED_ON_SESSION_SCHEMA_TABLES);
}
-
- compilerContext.pushCurrentPrivType(Authorizer.TRIGGER_PRIV);
- compilerContext.addRequiredTablePriv(triggerTableDescriptor);
- compilerContext.popCurrentPrivType();
+ if (isPrivilegeCollectionRequired())
+ {
+ compilerContext.pushCurrentPrivType(Authorizer.TRIGGER_PRIV);
+ compilerContext.addRequiredTablePriv(triggerTableDescriptor);
+ compilerContext.popCurrentPrivType();
+ }
/*
** Regenerates the actionText and actionNode if necessary.
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/DDLStatementNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/DDLStatementNode.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/DDLStatementNode.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/DDLStatementNode.java Sun Jul 9 09:17:53 2006
@@ -238,10 +238,11 @@
sd = new SchemaDescriptor(getDataDictionary(), schemaName,
(String) null, (UUID)null, false);
- cc.addRequiredSchemaPriv(schemaName, null, Authorizer.CREATE_SCHEMA_PRIV);
+ if (isPrivilegeCollectionRequired())
+ cc.addRequiredSchemaPriv(schemaName, null, Authorizer.CREATE_SCHEMA_PRIV);
}
- if (ownerCheck)
+ if (ownerCheck && isPrivilegeCollectionRequired())
cc.addRequiredSchemaPriv(sd.getSchemaName(), null,
Authorizer.MODIFY_SCHEMA_PRIV);
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/DeleteNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/DeleteNode.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/DeleteNode.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/DeleteNode.java Sun Jul 9 09:17:53 2006
@@ -391,9 +391,12 @@
}
}
- getCompilerContext().pushCurrentPrivType( getPrivType());
- getCompilerContext().addRequiredTablePriv( targetTableDescriptor);
- getCompilerContext().popCurrentPrivType();
+ if (isPrivilegeCollectionRequired())
+ {
+ getCompilerContext().pushCurrentPrivType( getPrivType());
+ getCompilerContext().addRequiredTablePriv( targetTableDescriptor);
+ getCompilerContext().popCurrentPrivType();
+ }
}
finally
{
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FKConstraintDefinitionNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FKConstraintDefinitionNode.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FKConstraintDefinitionNode.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FKConstraintDefinitionNode.java Sun Jul 9 09:17:53 2006
@@ -117,7 +117,8 @@
// Set tableDescriptor for this column descriptor. Needed for adding required table
// access permission. Column descriptors may not have this set already.
cd.setTableDescriptor(td);
- getCompilerContext().addRequiredColumnPriv(cd);
+ if (isPrivilegeCollectionRequired())
+ getCompilerContext().addRequiredColumnPriv(cd);
}
}
@@ -132,7 +133,8 @@
// Set tableDescriptor for this column descriptor. Needed for adding required table
// access permission. Column descriptors may not have this set already.
cd.setTableDescriptor(td);
- getCompilerContext().addRequiredColumnPriv(cd);
+ if (isPrivilegeCollectionRequired())
+ getCompilerContext().addRequiredColumnPriv(cd);
}
}
}
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromBaseTable.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromBaseTable.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromBaseTable.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromBaseTable.java Sun Jul 9 09:17:53 2006
@@ -33,10 +33,7 @@
import org.apache.derby.iapi.util.ReuseFactory;
import org.apache.derby.iapi.services.classfile.VMOpcode;
-import org.apache.derby.iapi.services.loader.GeneratedMethod;
-import org.apache.derby.iapi.services.context.ContextManager;
import org.apache.derby.iapi.services.compiler.MethodBuilder;
-import org.apache.derby.iapi.services.monitor.Monitor;
import org.apache.derby.iapi.services.property.PropertyUtil;
import org.apache.derby.iapi.services.sanity.SanityManager;
@@ -65,18 +62,11 @@
import org.apache.derby.iapi.sql.dictionary.TableDescriptor;
import org.apache.derby.iapi.sql.dictionary.ViewDescriptor;
-import org.apache.derby.iapi.sql.execute.CursorResultSet;
import org.apache.derby.iapi.sql.execute.ExecRow;
import org.apache.derby.iapi.sql.execute.ExecutionContext;
-
-import org.apache.derby.iapi.sql.ResultSet;
-import org.apache.derby.iapi.sql.Activation;
import org.apache.derby.iapi.sql.LanguageProperties;
-import org.apache.derby.iapi.types.TypeId;
-
-import org.apache.derby.iapi.store.access.Qualifier;
import org.apache.derby.iapi.store.access.StaticCompiledOpenConglomInfo;
import org.apache.derby.iapi.store.access.StoreCostController;
import org.apache.derby.iapi.store.access.ScanController;
@@ -87,12 +77,6 @@
import org.apache.derby.impl.sql.compile.ExpressionClassBuilder;
import org.apache.derby.impl.sql.compile.ActivationClassBuilder;
-import org.apache.derby.impl.sql.execute.HashScanResultSet;
-
-
-
-import java.sql.Connection;
-
import java.util.Enumeration;
import java.util.Properties;
import java.util.Vector;
@@ -2214,7 +2198,22 @@
{
resultColumns.setCountMismatchAllowed(true);
}
-
+ //Views execute with definer's privileges and if any one of
+ //those privileges' are revoked from the definer, the view gets
+ //dropped. So, a view can exist in Derby only if it's owner has
+ //all the privileges needed to create one. In order to do a
+ //select from a view, a user only needs select privilege on the
+ //view and doesn't need any privilege for objects accessed by
+ //the view. Hence, when collecting privilege requirement for a
+ //sql accessing a view, we only need to look for select privilege
+ //on the actual view and that is what the following code is
+ //checking.
+ for (int i = 0; i < resultColumns.size(); i++) {
+ ResultColumn rc = (ResultColumn) resultColumns.elementAt(i);
+ if (rc.isPrivilegeCollectionRequired())
+ compilerContext.addRequiredColumnPriv( rc.getTableColumnDescriptor());
+ }
+
fsq = (FromTable) getNodeFactory().getNode(
C_NodeTypes.FROM_SUBQUERY,
rsn,
@@ -2224,6 +2223,13 @@
getContextManager());
// Transfer the nesting level to the new FromSubquery
fsq.setLevel(level);
+ //We are getting ready to bind the query underneath the view. Since
+ //that query is going to run with definer's privileges, we do not
+ //need to collect any privilege requirement for that query.
+ //Following call is marking the query to run with definer
+ //privileges. This marking will make sure that we do not collect
+ //any privilege requirement for it.
+ fsq.disablePrivilegeCollection();
return fsq.bindNonVTITables(dataDictionary, fromListParam);
}
finally
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromList.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromList.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromList.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromList.java Sun Jul 9 09:17:53 2006
@@ -20,8 +20,6 @@
package org.apache.derby.impl.sql.compile;
-import org.apache.derby.iapi.services.context.ContextManager;
-
import org.apache.derby.iapi.services.sanity.SanityManager;
import org.apache.derby.iapi.sql.compile.CompilerContext;
@@ -578,8 +576,8 @@
columnReference.setSourceLevel(currentLevel);
columnNameMatch = true;
- CompilerContext cc = getCompilerContext();
- cc.addRequiredColumnPriv( resultColumn.getTableColumnDescriptor());
+ if (fromTable.isPrivilegeCollectionRequired())
+ getCompilerContext().addRequiredColumnPriv( resultColumn.getTableColumnDescriptor());
}
else
{
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromSubquery.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromSubquery.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromSubquery.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromSubquery.java Sun Jul 9 09:17:53 2006
@@ -703,6 +703,15 @@
return rcList;
}
+ /**
+ * @see QueryTreeNode#disablePrivilegeCollection
+ */
+ public void disablePrivilegeCollection()
+ {
+ super.disablePrivilegeCollection();
+ subquery.disablePrivilegeCollection();
+ }
+
/**
* Search to see if a query references the specifed table name.
*
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/InsertNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/InsertNode.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/InsertNode.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/InsertNode.java Sun Jul 9 09:17:53 2006
@@ -502,9 +502,13 @@
autoincRowLocation =
dd.computeAutoincRowLocations(tc, targetTableDescriptor);
- getCompilerContext().pushCurrentPrivType(getPrivType());
- getCompilerContext().addRequiredTablePriv(targetTableDescriptor);
- getCompilerContext().popCurrentPrivType();
+ if (isPrivilegeCollectionRequired())
+ {
+ getCompilerContext().pushCurrentPrivType(getPrivType());
+ getCompilerContext().addRequiredTablePriv(targetTableDescriptor);
+ getCompilerContext().popCurrentPrivType();
+ }
+
}
else
{
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/JavaToSQLValueNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/JavaToSQLValueNode.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/JavaToSQLValueNode.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/JavaToSQLValueNode.java Sun Jul 9 09:17:53 2006
@@ -216,6 +216,16 @@
return javaNode;
}
+ /**
+ * @see QueryTreeNode#disablePrivilegeCollection
+ */
+ public void disablePrivilegeCollection()
+ {
+ super.disablePrivilegeCollection();
+ if (javaNode != null)
+ javaNode.disablePrivilegeCollection();
+ }
+
/**
* Bind this expression. This means binding the sub-expressions,
* as well as figuring out what the return type is for this expression.
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/PrivilegeNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/PrivilegeNode.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/PrivilegeNode.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/PrivilegeNode.java Sun Jul 9 09:17:53 2006
@@ -122,9 +122,9 @@
if (isSessionSchema(sd.getSchemaName()))
throw StandardException.newException(SQLState.LANG_OPERATION_NOT_ALLOWED_ON_SESSION_SCHEMA_TABLES);
- // GrantRevoke TODO: Need to enable for views later. Disable for now.
- // Disable grant on VTIs and Synonyms
- if (td.getTableType() != TableDescriptor.BASE_TABLE_TYPE)
+ // GrantRevoke TODO: Disable grant on VTIs and Synonyms
+ if (td.getTableType() != TableDescriptor.BASE_TABLE_TYPE &&
+ td.getTableType() != TableDescriptor.VIEW_TYPE)
throw StandardException.newException(SQLState.AUTH_GRANT_REVOKE_NOT_ALLOWED, tableName.getFullTableName());
specificPrivileges.bind( td);
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/QueryTreeNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/QueryTreeNode.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/QueryTreeNode.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/QueryTreeNode.java Sun Jul 9 09:17:53 2006
@@ -95,6 +95,30 @@
private GenericConstantActionFactory constantActionFactory;
/**
+ * In Derby SQL Standard Authorization, views, triggers and constraints
+ * execute with definer's privileges. Taking a specific eg of views
+ * user1
+ * create table t1 (c11 int);
+ * create view v1 as select * from user1.t1;
+ * grant select on v1 to user2;
+ * user2
+ * select * from user1.v1;
+ * Running with definer's privileges mean that since user2 has select
+ * privileges on view v1 owned by user1, then that is sufficient for user2
+ * to do a select from view v1. View v1 underneath might access some
+ * objects that user2 doesn't have privileges on, but that is not a problem
+ * since views execute with definer's privileges. In order to implement this
+ * behavior, when doing a select from view v1, we only want to check for
+ * select privilege on view v1. While processing the underlying query for
+ * view v1, we want to stop collecting the privilege requirements for the
+ * query underneath. Following flag, isPrivilegeCollectionRequired is used
+ * for this purpose. The flag will be true when we are the top level of view
+ * and then it is turned off while we process the query underlying the view
+ * v1.
+ */
+ boolean isPrivilegeCollectionRequired = true;
+
+ /**
* Set the ContextManager for this node.
*
* @param cm The ContextManager.
@@ -497,6 +521,39 @@
final boolean isSessionSchema(String schemaName)
{
return SchemaDescriptor.STD_DECLARED_GLOBAL_TEMPORARY_TABLES_SCHEMA_NAME.equals(schemaName);
+ }
+
+ /**
+ * Triggers, constraints and views get executed with their definer's
+ * privileges and they can exist in the system only if their definers'
+ * still have all the privileges to creeate them. Based on this, any
+ * time a trigger/view/constraint is executing, we do not need to waste
+ * time in checking if the definer still has the right set of privileges.
+ * At compile time, we wil make sure that we do not collect the privilege
+ * requirement for objects accessed with definer privileges by calling the
+ * following method.
+ */
+ public void disablePrivilegeCollection()
+ {
+ isPrivilegeCollectionRequired = false;
+ }
+
+ /**
+ * Return true from this method means that we need to collect privilege
+ * requirement for this node. For following cases, this method will
+ * return true.
+ * 1)execute view - collect privilege to access view but do not collect
+ * privilege requirements for objects accessed by actual view uqery
+ * 2)execute select - collect privilege requirements for objects accessed
+ * by select statement
+ * 3)create view - collect privileges for select statement : the select
+ * statement for create view falls under 2) category above.
+ *
+ * @return true if need to collect privilege requirement for this node
+ */
+ public boolean isPrivilegeCollectionRequired()
+ {
+ return(isPrivilegeCollectionRequired);
}
/**
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ResultColumn.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ResultColumn.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ResultColumn.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ResultColumn.java Sun Jul 9 09:17:53 2006
@@ -678,7 +678,8 @@
setColumnDescriptor(tableDescriptor, columnDescriptor);
setVirtualColumnId(columnId);
- getCompilerContext().addRequiredColumnPriv( columnDescriptor);
+ if (isPrivilegeCollectionRequired())
+ getCompilerContext().addRequiredColumnPriv( columnDescriptor);
}
/**
@@ -1322,6 +1323,16 @@
public boolean updatableByCursor()
{
return updatableByCursor;
+ }
+
+ /**
+ * @see QueryTreeNode#disablePrivilegeCollection
+ */
+ public void disablePrivilegeCollection()
+ {
+ super.disablePrivilegeCollection();
+ if (expression != null)
+ expression.disablePrivilegeCollection();
}
/**
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ResultColumnList.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ResultColumnList.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ResultColumnList.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ResultColumnList.java Sun Jul 9 09:17:53 2006
@@ -2482,6 +2482,18 @@
}
}
+ /**
+ * @see QueryTreeNode#disablePrivilegeCollection
+ */
+ public void disablePrivilegeCollection()
+ {
+ super.disablePrivilegeCollection();
+
+ int size = size();
+ for (int index = 0; index < size; index++)
+ ((ResultColumn) elementAt(index)).disablePrivilegeCollection();
+ }
+
/**
* Verify that all of the column names in this list are contained
* within the ColumnDefinitionNodes within the TableElementList.
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ResultSetNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ResultSetNode.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ResultSetNode.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ResultSetNode.java Sun Jul 9 09:17:53 2006
@@ -598,6 +598,16 @@
getContextManager());
}
+ /**
+ * @see QueryTreeNode#disablePrivilegeCollection
+ */
+ public void disablePrivilegeCollection()
+ {
+ super.disablePrivilegeCollection();
+ if (resultColumns != null)
+ resultColumns.disablePrivilegeCollection();
+ }
+
/**
* Bind the result columns of this ResultSetNode when there is no
* base table to bind them to. This is useful for SELECT statements,
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/SelectNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/SelectNode.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/SelectNode.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/SelectNode.java Sun Jul 9 09:17:53 2006
@@ -1968,6 +1968,17 @@
return false;
}
+ /**
+ * @see QueryTreeNode#disablePrivilegeCollection
+ */
+ public void disablePrivilegeCollection()
+ {
+ super.disablePrivilegeCollection();
+ int fromListSize = fromList.size();
+ for( int i = 0; i < fromListSize; i++)
+ ((FromTable) fromList.elementAt(i)).disablePrivilegeCollection();
+ }
+
/**
* Return whether or not this ResultSetNode contains a subquery with a
* reference to the specified target table.
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/StaticMethodCallNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/StaticMethodCallNode.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/StaticMethodCallNode.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/StaticMethodCallNode.java Sun Jul 9 09:17:53 2006
@@ -235,7 +235,8 @@
alreadyBound = true;
- getCompilerContext().addRequiredRoutinePriv(ad);
+ if (isPrivilegeCollectionRequired())
+ getCompilerContext().addRequiredRoutinePriv(ad);
// If this is a function call with a variable length
// return type, then we need to push a CAST node.
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateConstraintConstantAction.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateConstraintConstantAction.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateConstraintConstantAction.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateConstraintConstantAction.java Sun Jul 9 09:17:53 2006
@@ -33,20 +33,15 @@
import org.apache.derby.iapi.sql.dictionary.DDUtils;
import org.apache.derby.iapi.sql.dictionary.ColumnDescriptor;
-import org.apache.derby.iapi.sql.dictionary.ColumnDescriptorList;
import org.apache.derby.iapi.sql.dictionary.ConglomerateDescriptor;
import org.apache.derby.iapi.sql.dictionary.ConstraintDescriptor;
-import org.apache.derby.iapi.sql.dictionary.ConstraintDescriptorList;
import org.apache.derby.iapi.sql.dictionary.DataDescriptorGenerator;
import org.apache.derby.iapi.sql.dictionary.DataDictionary;
-import org.apache.derby.iapi.sql.dictionary.DataDictionaryContext;
import org.apache.derby.iapi.sql.dictionary.ForeignKeyConstraintDescriptor;
import org.apache.derby.iapi.sql.dictionary.ReferencedKeyConstraintDescriptor;
import org.apache.derby.iapi.sql.dictionary.SchemaDescriptor;
import org.apache.derby.iapi.sql.dictionary.TableDescriptor;
-import org.apache.derby.iapi.types.DataValueFactory;
-
import org.apache.derby.iapi.reference.SQLState;
import org.apache.derby.iapi.sql.depend.DependencyManager;
@@ -54,12 +49,9 @@
import org.apache.derby.iapi.sql.depend.ProviderInfo;
import org.apache.derby.iapi.sql.execute.ConstantAction;
-import org.apache.derby.iapi.sql.execute.ExecIndexRow;
import org.apache.derby.iapi.sql.Activation;
-import org.apache.derby.iapi.store.access.ConglomerateController;
-import org.apache.derby.iapi.store.access.ScanController;
import org.apache.derby.iapi.store.access.TransactionController;
import org.apache.derby.iapi.services.loader.ClassFactory;
@@ -360,6 +352,8 @@
/* Create stored dependency on the referenced constraint */
dm.addDependency(conDesc, referencedConstraint, lcc.getContextManager());
+ //store constraint's dependency on REFERENCES privileges in the dependeny system
+ storeConstraintDependenciesOnPrivileges(activation, conDesc, referencedConstraint.getTableId());
break;
default:
@@ -426,7 +420,7 @@
DependencyManager.CREATE_CONSTRAINT, lcc);
}
}
-
+
/**
* Is the constant action for a foreign key
*
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateTriggerConstantAction.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateTriggerConstantAction.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateTriggerConstantAction.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateTriggerConstantAction.java Sun Jul 9 09:17:53 2006
@@ -27,7 +27,6 @@
import org.apache.derby.iapi.sql.execute.ConstantAction;
import org.apache.derby.iapi.sql.dictionary.DataDescriptorGenerator;
-import org.apache.derby.iapi.sql.dictionary.DataDictionaryContext;
import org.apache.derby.iapi.sql.dictionary.DataDictionary;
import org.apache.derby.iapi.sql.dictionary.SchemaDescriptor;
import org.apache.derby.iapi.sql.dictionary.SPSDescriptor;
@@ -308,6 +307,8 @@
dm.addDependency(triggerd, actionspsd, lcc.getContextManager());
dm.addDependency(triggerd, triggerTable, lcc.getContextManager());
dm.addDependency(actionspsd, triggerTable, lcc.getContextManager());
+ //store trigger's dependency on various privileges in the dependeny system
+ storeViewTriggerDependenciesOnPrivileges(activation, triggerd);
}