01: /*
02:
03: Derby - Class org.apache.derby.iapi.sql.dictionary.StatementPermission
04:
05: Licensed to the Apache Software Foundation (ASF) under one or more
06: contributor license agreements. See the NOTICE file distributed with
07: this work for additional information regarding copyright ownership.
08: The ASF licenses this file to you under the Apache License, Version 2.0
09: (the "License"); you may not use this file except in compliance with
10: the License. You may obtain a copy of the License at
11:
12: http://www.apache.org/licenses/LICENSE-2.0
13:
14: Unless required by applicable law or agreed to in writing, software
15: distributed under the License is distributed on an "AS IS" BASIS,
16: WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17: See the License for the specific language governing permissions and
18: limitations under the License.
19:
20: */
21:
22: package org.apache.derby.iapi.sql.dictionary;
23:
24: import org.apache.derby.iapi.sql.conn.LanguageConnectionContext;
25: import org.apache.derby.iapi.error.StandardException;
26:
27: /**
28: * This class describes a permission require by a statement.
29: */
30:
31: public abstract class StatementPermission {
32: /**
33: * Restrict implementations to this package to reduce
34: * risk of external code spoofing the GRANT/REVOKE system
35: * by providing its own fake implementations.
36: *
37: */
38: StatementPermission() {
39: }
40:
41: /**
42: * @param lcc LanguageConnectionContext
43: * @param authorizationId AuthorizationId
44: * @param forGrant
45: *
46: * @exception StandardException if the permission has not been granted
47: */
48: public abstract void check(LanguageConnectionContext lcc,
49: String authorizationId, boolean forGrant)
50: throws StandardException;
51:
52: /**
53: *
54: * Get the PermissionDescriptor for the passed authorization id for this
55: * object. This method gets called during the execution phase of create
56: * view/constraint/trigger. The return value of this method is saved in
57: * dependency system to keep track of views/constraints/triggers
58: * dependencies on required permissions. This happens in execution phase
59: * after it has been established that passed authorization id has all the
60: * permissions it needs to create that view/constraint/trigger. Which means
61: * that we can only get to writing into dependency system once all the required
62: * privileges are confirmed.
63: *
64: * @param authid AuthorizationId
65: * @param dd DataDictionary
66: *
67: * @return PermissionsDescriptor The PermissionDescriptor for the passed
68: * authorization id on this object
69: *
70: * @exception StandardException
71: */
72: public abstract PermissionsDescriptor getPermissionDescriptor(
73: String authid, DataDictionary dd) throws StandardException;
74: }
|