01: /*
02:
03: Derby - Class org.apache.derby.impl.sql.execute.PrivilegeInfo
04:
05: Licensed to the Apache Software Foundation (ASF) under one or more
06: contributor license agreements. See the NOTICE file distributed with
07: this work for additional information regarding copyright ownership.
08: The ASF licenses this file to you under the Apache License, Version 2.0
09: (the "License"); you may not use this file except in compliance with
10: the License. You may obtain a copy of the License at
11:
12: http://www.apache.org/licenses/LICENSE-2.0
13:
14: Unless required by applicable law or agreed to in writing, software
15: distributed under the License is distributed on an "AS IS" BASIS,
16: WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17: See the License for the specific language governing permissions and
18: limitations under the License.
19:
20: */
21:
22: package org.apache.derby.impl.sql.execute;
23:
24: import org.apache.derby.catalog.UUID;
25: import org.apache.derby.iapi.sql.dictionary.TupleDescriptor;
26: import org.apache.derby.iapi.sql.dictionary.SchemaDescriptor;
27: import org.apache.derby.iapi.sql.dictionary.DataDictionary;
28: import org.apache.derby.iapi.services.sanity.SanityManager;
29: import org.apache.derby.iapi.sql.Activation;
30: import org.apache.derby.iapi.reference.SQLState;
31:
32: import org.apache.derby.iapi.error.StandardException;
33:
34: import java.util.List;
35:
36: public abstract class PrivilegeInfo {
37:
38: /**
39: * This is the guts of the Execution-time logic for GRANT/REVOKE
40: *
41: * @param activation
42: * @param grant true if grant, false if revoke
43: * @param grantees a list of authorization ids (strings)
44: *
45: * @exception StandardException Thrown on failure
46: */
47: abstract public void executeGrantRevoke(Activation activation,
48: boolean grant, List grantees) throws StandardException;
49:
50: /**
51: * Determines whether a user is the owner of an object
52: * (table, function, or procedure). Note that Database Owner can access
53: * database objects without needing to be their owner
54: *
55: * @param user authorizationId of current user
56: * @param objectDescriptor object being checked against
57: * @param sd SchemaDescriptor
58: * @param dd DataDictionary
59: *
60: * @exception StandardException if user does not own the object
61: */
62: protected void checkOwnership(String user,
63: TupleDescriptor objectDescriptor, SchemaDescriptor sd,
64: DataDictionary dd) throws StandardException {
65: if (!user.equals(sd.getAuthorizationId())
66: && !user.equals(dd.getAuthorizationDatabaseOwner()))
67: throw StandardException.newException(
68: SQLState.AUTH_NOT_OWNER, user, objectDescriptor
69: .getDescriptorType(), sd.getSchemaName(),
70: objectDescriptor.getDescriptorName());
71: }
72:
73: /**
74: * This method adds a warning if a revoke statement has not revoked
75: * any privileges from a grantee.
76: *
77: * @param activation
78: * @param grant true if grant, false if revoke
79: * @param privileges_revoked true, if at least one privilege has been
80: * revoked from a grantee, false otherwise
81: * @param grantee authorization id of the user
82: */
83: protected void addWarningIfPrivilegeNotRevoked(
84: Activation activation, boolean grant,
85: boolean privileges_revoked, String grantee) {
86: if (!grant && !privileges_revoked)
87: activation.addWarning(StandardException.newWarning(
88: SQLState.LANG_PRIVILEGE_NOT_REVOKED, grantee));
89: }
90: }
|