You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by mi...@apache.org on 2006/08/31 16:39:56 UTC
svn commit: r438942 - in /db/derby/code/trunk/java:
engine/org/apache/derby/impl/sql/compile/
testing/org/apache/derbyTesting/functionTests/master/
testing/org/apache/derbyTesting/functionTests/tests/lang/
Author: mikem
Date: Thu Aug 31 07:39:55 2006
New Revision: 438942
URL: http://svn.apache.org/viewvc?rev=438942&view=rev
Log:
DERBY-1583
contributed by Bryan Pendleton
If a particular
ColumnDescriptor has no associated TableDescriptor at the
time that CompilerContextImpl.addRequiredColumnPriv is
called, then there is no column privilege that needs to be added.
Modified:
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CompilerContextImpl.java
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/altertable.out
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/grantRevokeDDL.out
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/altertable_derby.properties
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/grantRevokeDDL.sql
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CompilerContextImpl.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CompilerContextImpl.java?rev=438942&r1=438941&r2=438942&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CompilerContextImpl.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CompilerContextImpl.java Thu Aug 31 07:39:55 2006
@@ -726,7 +726,7 @@
/**
* Add a column privilege to the list of used column privileges.
*
- * @param column
+ * @param column The column whose privileges we're interested in.
*/
public void addRequiredColumnPriv( ColumnDescriptor column)
{
@@ -738,7 +738,23 @@
|| currPrivType == Authorizer.EXECUTE_PRIV
|| column == null)
return;
+ /*
+ * Note that to look up the privileges for this column,
+ * we need to know what table the column is in. However,
+ * not all ColumnDescriptor objects are associated with
+ * a table object. Sometimes a ColumnDescriptor
+ * describes a column but doesn't specify the table. An
+ * example of this occurs in the set-clause of the
+ * UPDATE statement in SQL, where we may have a
+ * ColumnDescriptor which describes the expression that
+ * is being used in the UPDATE statement to provide the
+ * new value that will be computed by the UPDATE. In such a
+ * case, there is no column privilege to be added, so we
+ * just take an early return. DERBY-1583 has more details.
+ */
TableDescriptor td = column.getTableDescriptor();
+ if (td == null)
+ return;
UUID tableUUID = td.getUUID();
StatementTablePermission key = new StatementTablePermission( tableUUID, currPrivType);
StatementColumnPermission tableColumnPrivileges
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/altertable.out
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/altertable.out?rev=438942&r1=438941&r2=438942&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/altertable.out (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/altertable.out Thu Aug 31 07:39:55 2006
@@ -1,3 +1,4 @@
+WARNING 01J14: SQL authorization is being used without first enabling authentication.
ij> -- alter table tests
-- add column
-- (add constraint & drop constraint to be added)
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/grantRevokeDDL.out
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/grantRevokeDDL.out?rev=438942&r1=438941&r2=438942&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/grantRevokeDDL.out (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/grantRevokeDDL.out Thu Aug 31 07:39:55 2006
@@ -2936,4 +2936,108 @@
ERROR: Failed with SQLSTATE 28506
ij(USER2)> commit;
ij(USER2)> autocommit on;
-ij(USER2)>
+ij(USER2)> -- Simple test case for DERBY-1583: column privilege checking should not
+-- assume column descriptors have non-null table references.
+set connection mamta1;
+ij(MAMTA1)> create table t11TriggerRevokeTest (c111 int not null primary key, c12 int);
+0 rows inserted/updated/deleted
+ij(MAMTA1)> insert into t11TriggerRevokeTest values (1, 101), (2, 202), (3, 303);
+3 rows inserted/updated/deleted
+ij(MAMTA1)> grant TRIGGER on t11TriggerRevokeTest to mamta2;
+0 rows inserted/updated/deleted
+ij(MAMTA1)> create table t12TriggerRevokeTest (c121 int, c122 int, c123 int);
+0 rows inserted/updated/deleted
+ij(MAMTA1)> insert into t12TriggerRevokeTest values (10, 1010, 2010),(20,1020,2020);
+2 rows inserted/updated/deleted
+ij(MAMTA1)> grant UPDATE(c122, c121) on t12TriggerRevokeTest to mamta2;
+0 rows inserted/updated/deleted
+ij(MAMTA1)> set connection mamta2;
+ij(MAMTA2)> create trigger tr11t11 after insert on mamta1.t11TriggerRevokeTest
+for each statement mode db2sql
+ update mamta1.t12TriggerRevokeTest set c122 = 99;
+0 rows inserted/updated/deleted
+ij(MAMTA2)> set connection mamta1;
+ij(MAMTA1)> select * from t11TriggerRevokeTest;
+C111 |C12
+-----------------------
+1 |101
+2 |202
+3 |303
+3 rows selected
+ij(MAMTA1)> select * from t12TriggerRevokeTest;
+C121 |C122 |C123
+-----------------------------------
+10 |1010 |2010
+20 |1020 |2020
+2 rows selected
+ij(MAMTA1)> -- This should fire the trigger, changing the c122 values to 99
+insert into t11TriggerRevokeTest values(4, 404);
+1 row inserted/updated/deleted
+ij(MAMTA1)> select * from t11TriggerRevokeTest;
+C111 |C12
+-----------------------
+1 |101
+2 |202
+3 |303
+4 |404
+4 rows selected
+ij(MAMTA1)> select * from t12TriggerRevokeTest;
+C121 |C122 |C123
+-----------------------------------
+10 |99 |2010
+20 |99 |2020
+2 rows selected
+ij(MAMTA1)> -- revoking the privilege should drop the trigger
+revoke TRIGGER on t11TriggerRevokeTest from mamta2;
+0 rows inserted/updated/deleted
+ij(MAMTA1)> update t12TriggerRevokeTest set c122 = 42;
+2 rows inserted/updated/deleted
+ij(MAMTA1)> -- now when we insert the trigger should NOT be fired, c122 values should
+-- be unchanged and so should be 42
+insert into t11TriggerRevokeTest values (5,505);
+1 row inserted/updated/deleted
+ij(MAMTA1)> select * from t11TriggerRevokeTest;
+C111 |C12
+-----------------------
+1 |101
+2 |202
+3 |303
+4 |404
+5 |505
+5 rows selected
+ij(MAMTA1)> select * from t12TriggerRevokeTest;
+C121 |C122 |C123
+-----------------------------------
+10 |42 |2010
+20 |42 |2020
+2 rows selected
+ij(MAMTA1)> -- Simple test case for DERBY-1724, which is a different manifestation
+-- of DERBY-1583
+set connection mamta1;
+ij(MAMTA1)> create table t1001 (c varchar(1));
+0 rows inserted/updated/deleted
+ij(MAMTA1)> insert into t1001 values 'a', 'b', 'c';
+3 rows inserted/updated/deleted
+ij(MAMTA1)> autocommit off;
+ij(MAMTA1)> grant select on t1001 to mamta3;
+0 rows inserted/updated/deleted
+ij(MAMTA1)> set connection mamta2;
+ij(MAMTA2)> create table ttt1 (i int);
+0 rows inserted/updated/deleted
+ij(MAMTA2)> insert into ttt1 values 1;
+1 row inserted/updated/deleted
+ij(MAMTA2)> grant all privileges on ttt1 to mamta1;
+0 rows inserted/updated/deleted
+ij(MAMTA2)> set connection mamta1;
+ij(MAMTA1)> select * from mamta2.ttt1;
+I
+-----------
+1
+1 row selected
+ij(MAMTA1)> insert into mamta2.ttt1 values 2;
+1 row inserted/updated/deleted
+ij(MAMTA1)> update mamta2.ttt1 set i = 888;
+2 rows inserted/updated/deleted
+ij(MAMTA1)> commit;
+ij(MAMTA1)> autocommit on;
+ij(MAMTA1)>
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/altertable_derby.properties
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/altertable_derby.properties?rev=438942&r1=438941&r2=438942&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/altertable_derby.properties (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/altertable_derby.properties Thu Aug 31 07:39:55 2006
@@ -2,3 +2,4 @@
# the statement cache off to ensure no trailing dependencies exist
derby.language.statementCacheSize=0
derby.locks.waitTimeout=4
+derby.database.sqlAuthorization=true
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/grantRevokeDDL.sql
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/grantRevokeDDL.sql?rev=438942&r1=438941&r2=438942&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/grantRevokeDDL.sql (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/grantRevokeDDL.sql Thu Aug 31 07:39:55 2006
@@ -1855,4 +1855,53 @@
lock table user1.t100 in exclusive mode;
lock table user1.t100 in share mode;
commit;
-autocommit on;
\ No newline at end of file
+autocommit on;
+
+-- Simple test case for DERBY-1583: column privilege checking should not
+-- assume column descriptors have non-null table references.
+
+set connection mamta1;
+create table t11TriggerRevokeTest (c111 int not null primary key, c12 int);
+insert into t11TriggerRevokeTest values (1, 101), (2, 202), (3, 303);
+grant TRIGGER on t11TriggerRevokeTest to mamta2;
+create table t12TriggerRevokeTest (c121 int, c122 int, c123 int);
+insert into t12TriggerRevokeTest values (10, 1010, 2010),(20,1020,2020);
+grant UPDATE(c122, c121) on t12TriggerRevokeTest to mamta2;
+set connection mamta2;
+create trigger tr11t11 after insert on mamta1.t11TriggerRevokeTest
+for each statement mode db2sql
+ update mamta1.t12TriggerRevokeTest set c122 = 99;
+set connection mamta1;
+select * from t11TriggerRevokeTest;
+select * from t12TriggerRevokeTest;
+-- This should fire the trigger, changing the c122 values to 99
+insert into t11TriggerRevokeTest values(4, 404);
+select * from t11TriggerRevokeTest;
+select * from t12TriggerRevokeTest;
+-- revoking the privilege should drop the trigger
+revoke TRIGGER on t11TriggerRevokeTest from mamta2;
+update t12TriggerRevokeTest set c122 = 42;
+-- now when we insert the trigger should NOT be fired, c122 values should
+-- be unchanged and so should be 42
+insert into t11TriggerRevokeTest values (5,505);
+select * from t11TriggerRevokeTest;
+select * from t12TriggerRevokeTest;
+
+-- Simple test case for DERBY-1724, which is a different manifestation
+-- of DERBY-1583
+
+set connection mamta1;
+create table t1001 (c varchar(1));
+insert into t1001 values 'a', 'b', 'c';
+autocommit off;
+grant select on t1001 to mamta3;
+set connection mamta2;
+create table ttt1 (i int);
+insert into ttt1 values 1;
+grant all privileges on ttt1 to mamta1;
+set connection mamta1;
+select * from mamta2.ttt1;
+insert into mamta2.ttt1 values 2;
+update mamta2.ttt1 set i = 888;
+commit;
+autocommit on;