You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by rh...@apache.org on 2014/03/03 20:26:13 UTC
svn commit: r1573686 - in /db/derby/code/trunk/java:
engine/org/apache/derby/impl/sql/compile/
testing/org/apache/derbyTesting/functionTests/tests/lang/
Author: rhillegas
Date: Mon Mar 3 19:26:13 2014
New Revision: 1573686
URL: http://svn.apache.org/r1573686
Log:
DERBY-6434: Don't require privileges implicitly added by SELECT-driven INSERTS; tests passed cleanly on derby-6434-05-aa-selectDrivenInserts.diff.
Modified:
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CastNode.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/QueryTreeNode.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/SelectNode.java
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/GrantRevokeDDLTest.java
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CastNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CastNode.java?rev=1573686&r1=1573685&r2=1573686&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CastNode.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CastNode.java Mon Mar 3 19:26:13 2014
@@ -459,6 +459,11 @@ class CastNode extends ValueNode
)
{ setNullability( true ); }
else { setNullability(castOperand.getTypeServices().isNullable()); }
+
+ if (targetUDT != null)
+ {
+ addUDTUsagePriv( this );
+ }
}
/**
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/QueryTreeNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/QueryTreeNode.java?rev=1573686&r1=1573685&r2=1573686&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/QueryTreeNode.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/QueryTreeNode.java Mon Mar 3 19:26:13 2014
@@ -1363,14 +1363,22 @@ public abstract class QueryTreeNode impl
{
if ( !isPrivilegeCollectionRequired() ) { return; }
- for ( ValueNode val : valueNodes )
+ for ( ValueNode val : valueNodes ) { addUDTUsagePriv( val ); }
+ }
+
+ /**
+ * Add USAGE privilege for a single UDT.
+ */
+ void addUDTUsagePriv( ValueNode val )
+ throws StandardException
+ {
+ if ( !isPrivilegeCollectionRequired() ) { return; }
+
+ DataTypeDescriptor dtd = val.getTypeServices();
+ if ( (dtd != null) && dtd.getTypeId().userType() )
{
- DataTypeDescriptor dtd = val.getTypeServices();
- if ( (dtd != null) && dtd.getTypeId().userType() )
- {
- AliasDescriptor ad = getUDTDesc( dtd );
- getCompilerContext().addRequiredUsagePriv( ad );
- }
+ AliasDescriptor ad = getUDTDesc( dtd );
+ getCompilerContext().addRequiredUsagePriv( ad );
}
}
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/SelectNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/SelectNode.java?rev=1573686&r1=1573685&r2=1573686&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/SelectNode.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/SelectNode.java Mon Mar 3 19:26:13 2014
@@ -517,6 +517,11 @@ class SelectNode extends ResultSetNode
void bindExpressions(FromList fromListParam)
throws StandardException
{
+ //
+ // Don't add USAGE privilege on user-defined types.
+ //
+ boolean wasSkippingTypePrivileges = getCompilerContext().skipTypePrivileges( true );
+
int fromListParamSize = fromListParam.size();
int fromListSize = fromList.size();
int numDistinctAggs;
@@ -712,6 +717,8 @@ class SelectNode extends ResultSetNode
bindOffsetFetch(qec.getOffset(i), qec.getFetchFirst(i));
}
+
+ getCompilerContext().skipTypePrivileges( wasSkippingTypePrivileges );
}
/**
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/GrantRevokeDDLTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/GrantRevokeDDLTest.java?rev=1573686&r1=1573685&r2=1573686&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/GrantRevokeDDLTest.java (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/GrantRevokeDDLTest.java Mon Mar 3 19:26:13 2014
@@ -11957,6 +11957,148 @@ public final class GrantRevokeDDLTest ex
}
/**
+ * Test that INSERT statements driven by SELECTs require the correct privileges as
+ * described on DERBY-6434.
+ */
+ public void test_6434_select()
+ throws Exception
+ {
+ Connection dboConnection = openUserConnection( TEST_DBO );
+ Connection ruthConnection = openUserConnection( RUTH );
+
+ //
+ // Schema
+ //
+ goodStatement
+ (
+ dboConnection,
+ "create type SourceValueType_6434_3 external name 'java.util.HashMap' language java"
+ );
+ goodStatement
+ (
+ dboConnection,
+ "create type TargetValueType_6434_3 external name 'java.util.HashMap' language java"
+ );
+ goodStatement
+ (
+ dboConnection,
+ "create function sourceValueExtractor_6434_3( hashMap SourceValueType_6434_3, hashKey varchar( 32672 ) ) returns int\n" +
+ "language java parameter style java deterministic no sql\n" +
+ "external name 'org.apache.derbyTesting.functionTests.tests.lang.UDTTest.getIntValue'\n"
+ );
+ goodStatement
+ (
+ dboConnection,
+ "create function sourceValueMaker_6434_3( hashKey varchar( 32672 ), hashValue int ) returns SourceValueType_6434_3\n" +
+ "language java parameter style java deterministic no sql\n" +
+ "external name 'org.apache.derbyTesting.functionTests.tests.lang.UDTTest.makeHashMap'\n"
+ );
+ goodStatement
+ (
+ dboConnection,
+ "create function targetValueMaker_6434_3( hashKey varchar( 32672 ), hashValue int ) returns TargetValueType_6434_3\n" +
+ "language java parameter style java deterministic no sql\n" +
+ "external name 'org.apache.derbyTesting.functionTests.tests.lang.UDTTest.makeHashMap'\n"
+ );
+ goodStatement
+ (
+ dboConnection,
+ "create table targetTable_6434_3( a TargetValueType_6434_3 )"
+ );
+ goodStatement
+ (
+ dboConnection,
+ "create table sourceTable_6434_3( b SourceValueType_6434_3 )"
+ );
+
+ //
+ // Privileges
+ //
+ goodStatement
+ (
+ dboConnection,
+ "grant insert on targetTable_6434_3 to ruth"
+ );
+ goodStatement
+ (
+ dboConnection,
+ "grant execute on function sourceValueExtractor_6434_3 to ruth"
+ );
+ goodStatement
+ (
+ dboConnection,
+ "grant execute on function sourceValueMaker_6434_3 to ruth"
+ );
+ goodStatement
+ (
+ dboConnection,
+ "grant execute on function targetValueMaker_6434_3 to ruth"
+ );
+ goodStatement
+ (
+ dboConnection,
+ "grant select on sourceTable_6434_3 to ruth"
+ );
+
+ // the problem SELECT-driven INSERT
+ goodStatement
+ (
+ ruthConnection,
+ "insert into test_dbo.targetTable_6434_3\n" +
+ " select test_dbo.targetValueMaker_6434_3( 'bar', test_dbo.sourceValueExtractor_6434_3( b, 'foo' ) )\n" +
+ " from test_dbo.sourceTable_6434_3\n"
+ );
+
+ // make sure that privilege checks are still needed for explicit casts
+ expectExecutionError
+ (
+ ruthConnection,
+ NO_GENERIC_PERMISSION,
+ "select * from test_dbo.sourceTable_6434_3\n" +
+ "where ( cast( null as test_dbo.SourceValueType_6434_3 ) ) is not null\n"
+ );
+
+ //
+ // Drop schema
+ //
+ goodStatement
+ (
+ dboConnection,
+ "drop table sourceTable_6434_3"
+ );
+ goodStatement
+ (
+ dboConnection,
+ "drop table targetTable_6434_3"
+ );
+ goodStatement
+ (
+ dboConnection,
+ "drop function targetValueMaker_6434_3"
+ );
+ goodStatement
+ (
+ dboConnection,
+ "drop function sourceValueMaker_6434_3"
+ );
+ goodStatement
+ (
+ dboConnection,
+ "drop function sourceValueExtractor_6434_3"
+ );
+ goodStatement
+ (
+ dboConnection,
+ "drop type TargetValueType_6434_3 restrict"
+ );
+ goodStatement
+ (
+ dboConnection,
+ "drop type SourceValueType_6434_3 restrict"
+ );
+ }
+
+ /**
* Test that INSERT and UPDATEs run CHECK constraints with definer's rights.
*/
public void test_6432()