001: /*
002:
003: Derby - Class org.apache.derby.iapi.sql.dictionary.StatementRoutinePermission
004:
005: Licensed to the Apache Software Foundation (ASF) under one or more
006: contributor license agreements. See the NOTICE file distributed with
007: this work for additional information regarding copyright ownership.
008: The ASF licenses this file to you under the Apache License, Version 2.0
009: (the "License"); you may not use this file except in compliance with
010: the License. You may obtain a copy of the License at
011:
012: http://www.apache.org/licenses/LICENSE-2.0
013:
014: Unless required by applicable law or agreed to in writing, software
015: distributed under the License is distributed on an "AS IS" BASIS,
016: WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
017: See the License for the specific language governing permissions and
018: limitations under the License.
019:
020: */
021:
022: package org.apache.derby.iapi.sql.dictionary;
023:
024: import org.apache.derby.iapi.error.StandardException;
025: import org.apache.derby.iapi.sql.conn.Authorizer;
026: import org.apache.derby.iapi.reference.SQLState;
027: import org.apache.derby.iapi.sql.dictionary.SchemaDescriptor;
028: import org.apache.derby.iapi.sql.conn.LanguageConnectionContext;
029: import org.apache.derby.iapi.store.access.TransactionController;
030: import org.apache.derby.iapi.services.sanity.SanityManager;
031:
032: /**
033: * This class describes a schema permission required by a statement.
034: */
035:
036: public class StatementSchemaPermission extends StatementPermission {
037: /**
038: * The schema name
039: */
040: private String schemaName;
041: /**
042: * Authorization id
043: */
044: private String aid;
045: /**
046: * One of Authorizer.CREATE_SCHEMA_PRIV, MODIFY_SCHEMA_PRIV,
047: * DROP_SCHEMA_PRIV, etc.
048: */
049: private int privType;
050:
051: public StatementSchemaPermission(String schemaName, String aid,
052: int privType) {
053: this .schemaName = schemaName;
054: this .aid = aid;
055: this .privType = privType;
056: }
057:
058: /**
059: * @see StatementPermission#check
060: */
061: public void check(LanguageConnectionContext lcc, String authid,
062: boolean forGrant) throws StandardException {
063: DataDictionary dd = lcc.getDataDictionary();
064: TransactionController tc = lcc.getTransactionExecute();
065:
066: switch (privType) {
067: case Authorizer.MODIFY_SCHEMA_PRIV:
068: case Authorizer.DROP_SCHEMA_PRIV:
069: SchemaDescriptor sd = dd.getSchemaDescriptor(schemaName,
070: tc, false);
071: // If schema hasn't been created already, no need to check
072: // for drop schema, an exception will be thrown if the schema
073: // does not exists.
074: if (sd == null)
075: return;
076:
077: if (!authid.equals(sd.getAuthorizationId()))
078: throw StandardException.newException(
079: SQLState.AUTH_NO_ACCESS_NOT_OWNER, authid,
080: schemaName);
081: break;
082:
083: case Authorizer.CREATE_SCHEMA_PRIV:
084: // Non-DBA Users can only create schemas that match their authid
085: // Also allow only DBA to set authid to another user
086: // Note that for DBA, check interface wouldn't be called at all
087: if (!schemaName.equals(authid)
088: || (aid != null && !aid.equals(authid)))
089: throw StandardException.newException(
090: SQLState.AUTH_NOT_DATABASE_OWNER, authid,
091: schemaName);
092: break;
093:
094: default:
095: if (SanityManager.DEBUG) {
096: SanityManager.THROWASSERT("Unexpected value ("
097: + privType + ") for privType");
098: }
099: break;
100: }
101: }
102:
103: /**
104: * Schema level permission is never required as list of privileges required
105: * for triggers/constraints/views and hence we don't do any work here, but
106: * simply return null
107: *
108: * @see StatementPermission#check
109: */
110: public PermissionsDescriptor getPermissionDescriptor(String authid,
111: DataDictionary dd) throws StandardException {
112: return null;
113: }
114: }
|