You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by ba...@apache.org on 2006/03/25 17:02:49 UTC
svn commit: r388775 - in /db/derby/code/trunk/java/engine/org/apache/derby:
iapi/sql/dictionary/ impl/sql/compile/ impl/sql/conn/
Author: bandaram
Date: Sat Mar 25 08:02:48 2006
New Revision: 388775
URL: http://svn.apache.org/viewcvs?rev=388775&view=rev
Log:
DERBY-464: This batch of Grant & Revoke changes include:
1) Prevent GRANT statements on Synonyms, VTIs and Views (for now...pending more changes).
2) Change interface to StatementPermission objects... Dan suggested changing interface to include LCC.
Submitted by Satheesh Bandaram (satheesh@sourcery.org)
Modified:
db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementColumnPermission.java
db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementPermission.java
db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementRoutinePermission.java
db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementSchemaPermission.java
db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementTablePermission.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/PrivilegeNode.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/conn/GenericAuthorizer.java
Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementColumnPermission.java
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementColumnPermission.java?rev=388775&r1=388774&r2=388775&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementColumnPermission.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementColumnPermission.java Sat Mar 25 08:02:48 2006
@@ -25,7 +25,7 @@
import org.apache.derby.iapi.sql.conn.Authorizer;
import org.apache.derby.iapi.reference.SQLState;
import org.apache.derby.iapi.services.io.FormatableBitSet;
-import org.apache.derby.iapi.store.access.TransactionController;
+import org.apache.derby.iapi.sql.conn.LanguageConnectionContext;
/**
* This class describes a column permission used (required) by a statement.
@@ -81,19 +81,15 @@
}
/**
- * @param tc the TransactionController
- * @param dd A DataDictionary
- * @param authorizationId A user
- * @param forGrant
- *
- * @exception StandardException if the permission has not been granted
+ * @see StatementPermission#check
*/
- public void check(TransactionController tc,
- DataDictionary dd,
+ public void check( LanguageConnectionContext lcc,
String authorizationId,
boolean forGrant)
throws StandardException
{
+ DataDictionary dd = lcc.getDataDictionary();
+
if( hasPermissionOnTable(dd, authorizationId, forGrant))
return;
FormatableBitSet permittedColumns = null;
Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementPermission.java
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementPermission.java?rev=388775&r1=388774&r2=388775&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementPermission.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementPermission.java Sat Mar 25 08:02:48 2006
@@ -20,7 +20,7 @@
package org.apache.derby.iapi.sql.dictionary;
-import org.apache.derby.iapi.store.access.TransactionController;
+import org.apache.derby.iapi.sql.conn.LanguageConnectionContext;
import org.apache.derby.iapi.error.StandardException;
/**
@@ -30,15 +30,13 @@
public abstract class StatementPermission
{
/**
- * @param tc the TransactionController
- * @param dd A DataDictionary
- * @param authorizationId A user
+ * @param lcc LanguageConnectionContext
+ * @param authorizationId AuthorizationId
* @param forGrant
*
* @exception StandardException if the permission has not been granted
*/
- public abstract void check( TransactionController tc,
- DataDictionary dd,
+ public abstract void check( LanguageConnectionContext lcc,
String authorizationId,
boolean forGrant) throws StandardException;
}
Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementRoutinePermission.java
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementRoutinePermission.java?rev=388775&r1=388774&r2=388775&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementRoutinePermission.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementRoutinePermission.java Sat Mar 25 08:02:48 2006
@@ -23,6 +23,7 @@
import org.apache.derby.iapi.error.StandardException;
import org.apache.derby.catalog.UUID;
import org.apache.derby.iapi.sql.conn.Authorizer;
+import org.apache.derby.iapi.sql.conn.LanguageConnectionContext;
import org.apache.derby.iapi.reference.SQLState;
import org.apache.derby.iapi.sql.dictionary.RoutinePermsDescriptor;
import org.apache.derby.iapi.store.access.TransactionController;
@@ -41,18 +42,15 @@
}
/**
- * @param tc the TransactionController
- * @param dd A DataDictionary
- * @param authorizationId A user
- * @param forGrant
- *
- * @exception StandardException if the permission has not been granted
+ * @see StatementPermission#check
*/
- public void check( TransactionController tc,
- DataDictionary dd,
+ public void check( LanguageConnectionContext lcc,
String authorizationId,
boolean forGrant) throws StandardException
{
+ DataDictionary dd = lcc.getDataDictionary();
+ TransactionController tc = lcc.getTransactionExecute();
+
RoutinePermsDescriptor perms = dd.getRoutinePermissions( routineUUID, authorizationId);
if( perms == null || ! perms.getHasExecutePermission())
perms = dd.getRoutinePermissions(routineUUID, Authorizer.PUBLIC_AUTHORIZATION_ID);
Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementSchemaPermission.java
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementSchemaPermission.java?rev=388775&r1=388774&r2=388775&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementSchemaPermission.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementSchemaPermission.java Sat Mar 25 08:02:48 2006
@@ -24,6 +24,7 @@
import org.apache.derby.iapi.sql.conn.Authorizer;
import org.apache.derby.iapi.reference.SQLState;
import org.apache.derby.iapi.sql.dictionary.SchemaDescriptor;
+import org.apache.derby.iapi.sql.conn.LanguageConnectionContext;
import org.apache.derby.iapi.store.access.TransactionController;
/**
@@ -44,18 +45,15 @@
}
/**
- * @param tc the TransactionController
- * @param dd A DataDictionary
- * @param authid authorizationId
- * @param forGrant
- *
- * @exception StandardException if schema authorization not granted
+ * @see StatementPermission#check
*/
- public void check(TransactionController tc,
- DataDictionary dd,
+ public void check( LanguageConnectionContext lcc,
String authid,
boolean forGrant) throws StandardException
{
+ DataDictionary dd = lcc.getDataDictionary();
+ TransactionController tc = lcc.getTransactionExecute();
+
if (privType == Authorizer.MODIFY_SCHEMA_PRIV)
{
SchemaDescriptor sd = dd.getSchemaDescriptor(schemaName, tc, false);
Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementTablePermission.java
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementTablePermission.java?rev=388775&r1=388774&r2=388775&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementTablePermission.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementTablePermission.java Sat Mar 25 08:02:48 2006
@@ -23,8 +23,8 @@
import org.apache.derby.iapi.error.StandardException;
import org.apache.derby.catalog.UUID;
import org.apache.derby.iapi.sql.conn.Authorizer;
+import org.apache.derby.iapi.sql.conn.LanguageConnectionContext;
import org.apache.derby.iapi.reference.SQLState;
-import org.apache.derby.iapi.store.access.TransactionController;
/**
* This class describes a table permission used (required) by a statement.
@@ -36,8 +36,8 @@
protected int privType; // One of Authorizer.SELECT_PRIV, UPDATE_PRIV, etc.
/**
- * Constructor for StatementTablePermission. Creates an instance of table permission requested
- * for the given access.
+ * Constructor for StatementTablePermission. Creates an instance of
+ * table permission requested for the given access.
*
* @param tableUUID UUID of the table
* @param privType Access privilege requested
@@ -102,19 +102,15 @@
}
/**
- * @param tc the TransactionController
- * @param dd A DataDictionary
- * @param authorizationId A user
- * @param forGrant
- *
- * @exception StandardException if the permission has not been granted
+ * @see StatementPermission#check
*/
- public void check( TransactionController tc,
- DataDictionary dd,
+ public void check( LanguageConnectionContext lcc,
String authorizationId,
boolean forGrant)
throws StandardException
{
+ DataDictionary dd = lcc.getDataDictionary();
+
if( ! hasPermissionOnTable( dd, authorizationId, forGrant))
{
TableDescriptor td = getTableDescriptor( dd);
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/PrivilegeNode.java
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/PrivilegeNode.java?rev=388775&r1=388774&r2=388775&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/PrivilegeNode.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/PrivilegeNode.java Sat Mar 25 08:02:48 2006
@@ -117,10 +117,15 @@
if( td == null)
throw StandardException.newException( SQLState.LANG_TABLE_NOT_FOUND, tableName);
- // Don't allow authorization on SESSION schema tables. Causes confusion if
- // a temporary table is created later with same name.
- if (isSessionSchema(sd.getSchemaName()))
- throw StandardException.newException(SQLState.LANG_OPERATION_NOT_ALLOWED_ON_SESSION_SCHEMA_TABLES);
+ // Don't allow authorization on SESSION schema tables. Causes confusion if
+ // a temporary table is created later with same name.
+ if (isSessionSchema(sd.getSchemaName()))
+ throw StandardException.newException(SQLState.LANG_OPERATION_NOT_ALLOWED_ON_SESSION_SCHEMA_TABLES);
+
+ // GrantRevoke TODO: Need to enable for views later. Disable for now.
+ // Disable grant on VTIs and Synonyms
+ if (td.getTableType() != TableDescriptor.BASE_TABLE_TYPE)
+ throw StandardException.newException(SQLState.AUTH_GRANT_REVOKE_NOT_ALLOWED, tableName.getFullTableName());
specificPrivileges.bind( td);
dependencyProvider = td;
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/conn/GenericAuthorizer.java
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/conn/GenericAuthorizer.java?rev=388775&r1=388774&r2=388775&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/conn/GenericAuthorizer.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/conn/GenericAuthorizer.java Sat Mar 25 08:02:48 2006
@@ -151,11 +151,10 @@
if( requiredPermissionsList != null && ! requiredPermissionsList.isEmpty() &&
!authorizationId.equals(dd.getAuthorizationDBA()))
{
- TransactionController tc = activation.getTransactionController();
for( Iterator iter = requiredPermissionsList.iterator();
iter.hasNext();)
{
- ((StatementPermission) iter.next()).check( tc, dd, authorizationId, false);
+ ((StatementPermission) iter.next()).check( lcc, authorizationId, false);
}
}
}