Source Code Cross Referenced for PermissionsCacheable.java in  » Database-DBMS » db-derby-10.2 » org » apache » derby » impl » sql » catalog » Java Source Code / Java DocumentationJava Source Code and Java Documentation

001:        /*
002:
003:           Derby - Class org.apache.derby.impl.sql.catalog.PermissionsCacheable
004:
005:           Licensed to the Apache Software Foundation (ASF) under one or more
006:           contributor license agreements.  See the NOTICE file distributed with
007:           this work for additional information regarding copyright ownership.
008:           The ASF licenses this file to you under the Apache License, Version 2.0
009:           (the "License"); you may not use this file except in compliance with
010:           the License.  You may obtain a copy of the License at
011:
012:        	  http://www.apache.org/licenses/LICENSE-2.0
013:
014:           Unless required by applicable law or agreed to in writing, software
015:           distributed under the License is distributed on an "AS IS" BASIS,
016:           WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
017:           See the License for the specific language governing permissions and
018:           limitations under the License.
019:
020:         */
021:
022:        package org.apache.derby.impl.sql.catalog;
023:
024:        import org.apache.derby.iapi.error.StandardException;
025:
026:        import org.apache.derby.iapi.services.cache.Cacheable;
027:        import org.apache.derby.iapi.services.cache.CacheManager;
028:        import org.apache.derby.iapi.services.io.FormatableBitSet;
029:
030:        import org.apache.derby.iapi.sql.conn.Authorizer;
031:        import org.apache.derby.iapi.sql.conn.ConnectionUtil;
032:
033:        import org.apache.derby.iapi.sql.dictionary.TableDescriptor;
034:        import org.apache.derby.iapi.sql.dictionary.SchemaDescriptor;
035:        import org.apache.derby.iapi.sql.dictionary.AliasDescriptor;
036:        import org.apache.derby.iapi.sql.dictionary.TablePermsDescriptor;
037:        import org.apache.derby.iapi.sql.dictionary.PermissionsDescriptor;
038:        import org.apache.derby.iapi.sql.dictionary.ColPermsDescriptor;
039:        import org.apache.derby.iapi.sql.dictionary.RoutinePermsDescriptor;
040:
041:        import org.apache.derby.iapi.services.sanity.SanityManager;
042:
043:        /**
044:         * This class implements a Cacheable for a DataDictionary cache of
045:         * permissions.
046:         */
047:        class PermissionsCacheable implements  Cacheable {
048:            protected final DataDictionaryImpl dd;
049:            private PermissionsDescriptor permissions;
050:
051:            PermissionsCacheable(DataDictionaryImpl dd) {
052:                this .dd = dd;
053:            }
054:
055:            /* Cacheable interface */
056:            public Cacheable setIdentity(Object key) throws StandardException {
057:                // If the user does not have permission then cache an empty (no permission) descriptor in
058:                // case the same user asks again. That is particularly important for table permission because
059:                // we ask about table permission before column permissions. If a user has permission to use a
060:                // proper subset of the columns we will still ask about table permission every time he tries
061:                // to access that column subset.
062:                if (key instanceof  TablePermsDescriptor) {
063:                    TablePermsDescriptor tablePermsKey = (TablePermsDescriptor) key;
064:                    permissions = dd
065:                            .getUncachedTablePermsDescriptor(tablePermsKey);
066:                    if (permissions == null) {
067:                        // The owner has all privileges unless they have been revoked.
068:                        TableDescriptor td = dd
069:                                .getTableDescriptor(tablePermsKey
070:                                        .getTableUUID());
071:                        SchemaDescriptor sd = td.getSchemaDescriptor();
072:                        if (sd.isSystemSchema())
073:                            // RESOLVE The access to system tables is hard coded to SELECT only to everyone.
074:                            // Is this the way we want Derby to work? Should we allow revocation of read access
075:                            // to system tables? If so we must explicitly add a row to the SYS.SYSTABLEPERMISSIONS
076:                            // table for each system table when a database is created.
077:                            permissions = new TablePermsDescriptor(dd,
078:                                    tablePermsKey.getGrantee(), (String) null,
079:                                    tablePermsKey.getTableUUID(), "Y", "N",
080:                                    "N", "N", "N", "N");
081:                        else if (tablePermsKey.getGrantee().equals(
082:                                sd.getAuthorizationId()))
083:                            permissions = new TablePermsDescriptor(dd,
084:                                    tablePermsKey.getGrantee(),
085:                                    Authorizer.SYSTEM_AUTHORIZATION_ID,
086:                                    tablePermsKey.getTableUUID(), "Y", "Y",
087:                                    "Y", "Y", "Y", "Y");
088:                        else
089:                            permissions = new TablePermsDescriptor(dd,
090:                                    tablePermsKey.getGrantee(), (String) null,
091:                                    tablePermsKey.getTableUUID(), "N", "N",
092:                                    "N", "N", "N", "N");
093:                    }
094:                } else if (key instanceof  ColPermsDescriptor) {
095:                    ColPermsDescriptor colPermsKey = (ColPermsDescriptor) key;
096:                    permissions = dd.getUncachedColPermsDescriptor(colPermsKey);
097:                    if (permissions == null)
098:                        permissions = new ColPermsDescriptor(dd, colPermsKey
099:                                .getGrantee(), (String) null, colPermsKey
100:                                .getTableUUID(), colPermsKey.getType(),
101:                                (FormatableBitSet) null);
102:                } else if (key instanceof  RoutinePermsDescriptor) {
103:                    RoutinePermsDescriptor routinePermsKey = (RoutinePermsDescriptor) key;
104:                    permissions = dd
105:                            .getUncachedRoutinePermsDescriptor(routinePermsKey);
106:                    if (permissions == null) {
107:                        // The owner has all privileges unless they have been revoked.
108:                        try {
109:                            AliasDescriptor ad = dd
110:                                    .getAliasDescriptor(routinePermsKey
111:                                            .getRoutineUUID());
112:                            SchemaDescriptor sd = dd.getSchemaDescriptor(ad
113:                                    .getSchemaUUID(), ConnectionUtil
114:                                    .getCurrentLCC().getTransactionExecute());
115:                            if (sd.isSystemSchema()
116:                                    && !sd.isSchemaWithGrantableRoutines())
117:                                permissions = new RoutinePermsDescriptor(dd,
118:                                        routinePermsKey.getGrantee(),
119:                                        (String) null, routinePermsKey
120:                                                .getRoutineUUID(), true);
121:                            else if (routinePermsKey.getGrantee().equals(
122:                                    sd.getAuthorizationId()))
123:                                permissions = new RoutinePermsDescriptor(dd,
124:                                        routinePermsKey.getGrantee(),
125:                                        Authorizer.SYSTEM_AUTHORIZATION_ID,
126:                                        routinePermsKey.getRoutineUUID(), true);
127:                        } catch (java.sql.SQLException sqle) {
128:                            throw StandardException.plainWrapException(sqle);
129:                        }
130:                    }
131:                } else {
132:                    if (SanityManager.DEBUG)
133:                        SanityManager.NOTREACHED();
134:                    return null;
135:                }
136:                if (permissions != null)
137:                    return this ;
138:                return null;
139:            } // end of setIdentity
140:
141:            public Cacheable createIdentity(Object key, Object createParameter)
142:                    throws StandardException {
143:                if (SanityManager.DEBUG) {
144:                    SanityManager
145:                            .ASSERT(
146:                                    (key instanceof  TablePermsDescriptor)
147:                                            || (key instanceof  ColPermsDescriptor)
148:                                            || (key instanceof  RoutinePermsDescriptor),
149:                                    "Invalid class, "
150:                                            + key.getClass().getName()
151:                                            + ", passed as key to PermissionsCacheable.createIdentity");
152:                }
153:                if (key == null)
154:                    return null;
155:                permissions = (PermissionsDescriptor) ((PermissionsDescriptor) key)
156:                        .clone();
157:                return this ;
158:            } // end of createIdentity
159:
160:            public void clearIdentity() {
161:                permissions = null;
162:            }
163:
164:            public Object getIdentity() {
165:                return permissions;
166:            }
167:
168:            public boolean isDirty() {
169:                return false;
170:            }
171:
172:            public void clean(boolean forRemove) throws StandardException {
173:            }
174:        }