| java.lang.Object org.hsqldb.Grantee
Grantee | public class Grantee (Code) | | A Grantee Object holds the name, access and administrative rights for a
particular grantee.
It supplies the methods used to grant, revoke, test
and check a grantee's access rights to other database objects.
It also holds a reference to the common PUBLIC User Object,
which represent the special user refered to in
GRANT ... TO PUBLIC statements.
The check(), isAccessible() and getGrantedClassNames() methods check the
rights granted to the PUBLIC User Object, in addition to individually
granted rights, in order to decide which rights exist for the user.
Method names ending in Direct indicate methods which do not recurse
to look through Roles which "this" object is a member of.
We use the word "Admin" (e.g., in private variable "admin" and method
"isAdmin()) to mean this Grantee has admin priv by any means.
We use the word "adminDirect" (e.g., in private variable "adminDirect"
and method "isAdminDirect()) to mean this Grantee has admin priv
directly.
author: boucherb@users author: fredt@usrs author: unsaved@users version: 1.8.0 since: 1.8.0 |
Constructor Summary | |
| Grantee(String name, Grantee inGrantee, GranteeManager man) Constructor, with a argument reference to the PUBLIC User Object which
is null if this is the SYS or PUBLIC user.
The dependency upon a GranteeManager is undesirable. |
Method Summary | |
public String | allRolesString() | void | check(HsqlName dbobject, int rights) Checks if any of the rights represented by the rights
argument have been granted on the specified database object. | void | check(String dbobject) | void | checkAdmin() Checks whether this Grantee has administrative privs either directly
or indirectly. | void | clearPrivileges() Revokes all rights from this Grantee object. | public HashSet | getAllRoles() Gets direct and nested roles. | String | getAllRolesString() | public HashSet | getDirectRoles() Gets direct roles, not roles nested within them. | String | getDirectRolesString() | HashSet | getGrantedClassNames(boolean andToPublic) Retrieves the distinct set of Java Class FQNs
for which this User object has been
granted ALL (the Class execution privilege). | HashSet | getGrantedClassNamesDirect() Retrieves the distinct set of Java Class FQNs
for which this User object has directly been
granted ALL (the Class execution privilege). | String | getName() | IntValueHashMap | getRights() Retrieves the map object that represents the rights that have been
granted on database objects. | public void | grant(String role) | void | grant(Object dbobject, int rights) Grants the specified rights on the specified database object. | public boolean | hasRole(String role) | public boolean | hasRoleDirect(String role) | boolean | isAccessible(HsqlName dbObject, int rights) Returns true if any of the rights represented by the
rights argument has been granted on the database object identified
by the dbobject argument. | boolean | isAccessible(String functionName) Returns true if any right at all has been granted to this User object
on the database object identified by the dbObject argument. | boolean | isAccessible(HsqlName dbObject) Returns true if any right at all has been granted to this User object
on the database object identified by the dbObject argument. | boolean | isAdmin() Returns true if this Grantee has administrative privs either directly
or indirectly. | boolean | isAdminDirect() Returns true if this grantee object is for a user with Direct
database administrator privileges.
I.e., if this User/Role has Admin priv. | protected boolean | isDirectlyAccessible(Object dbObject, int rights) Returns true if any of the rights represented by the
rights argument has been granted on the database object identified
by the dbObject argument. | String[] | listGrantedTablePrivileges(HsqlName name) Retrieves a string[] whose elements are the names of the rights
explicitly granted with the GRANT command to this User
object on the Table object identified by the
name argument. | public void | revoke(String role) | void | revoke(Object dbobject, int rights) Revokes the specified rights on the specified database object. | void | revokeDbObject(Object dbobject) | void | setAdminDirect() Violates naming convention (for backward compatibility). | public String | setToString(Set set) | void | updateAllRights() Method used with all Grantee objects to set the full set of rights
according to those inherited form ROLE Grantee objects and those
granted to the object itself. | boolean | updateNestedRoles(String role) Recursive method used with ROLE Grantee objects to set the fullRightsMap
and admin flag for all the roles.
If a new ROLE is granted to a ROLE Grantee object, the ROLE should first
be added to the Set of ROLE Grantee objects (roles) for the grantee.
The grantee will be the parameter.
If the direct permissions granted to an existing ROLE Grentee is
modified no extra initial action is necessary.
The existing Grantee will b the parameter.
If an existing ROLE is REVOKEed from a ROLE, it should first be removed
from the set of ROLE Grantee objects in the containing ROLE.
The containing ROLE will be the parameter.
If an existing ROLE is DROPped, all its privileges should be cleared
first. |
roles | HashSet roles(Code) | | These are the DIRECT roles. Each of these may contain nested roles
|
Grantee | Grantee(String name, Grantee inGrantee, GranteeManager man) throws HsqlException(Code) | | Constructor, with a argument reference to the PUBLIC User Object which
is null if this is the SYS or PUBLIC user.
The dependency upon a GranteeManager is undesirable. Hopefully we
can get rid of this dependency with an IOC or Listener re-design.
|
check | void check(HsqlName dbobject, int rights) throws HsqlException(Code) | | Checks if any of the rights represented by the rights
argument have been granted on the specified database object.
This is done by checking that a mapping exists in the rights map
from the dbobject argument for at least one of the rights
contained in the rights argument. Otherwise, it throws.
|
checkAdmin | void checkAdmin() throws HsqlException(Code) | | Checks whether this Grantee has administrative privs either directly
or indirectly. Otherwise it throws.
|
clearPrivileges | void clearPrivileges()(Code) | | Revokes all rights from this Grantee object. The map is cleared and
the database administrator role attribute is set false.
|
getAllRoles | public HashSet getAllRoles()(Code) | | Gets direct and nested roles.
|
getDirectRoles | public HashSet getDirectRoles()(Code) | | Gets direct roles, not roles nested within them.
|
getGrantedClassNames | HashSet getGrantedClassNames(boolean andToPublic) throws HsqlException(Code) | | Retrieves the distinct set of Java Class FQNs
for which this User object has been
granted ALL (the Class execution privilege).
Parameters: andToPublic - if true , then the set includes thenames of classes accessible to this User objectthrough grants to its Roles + PUBLIC User object attribute, else only role grants+ direct grants are included. the distinct set of Java Class FQNs for which thisthis User object has been grantedALL . |
getGrantedClassNamesDirect | HashSet getGrantedClassNamesDirect() throws HsqlException(Code) | | Retrieves the distinct set of Java Class FQNs
for which this User object has directly been
granted ALL (the Class execution privilege).
Does NOT check nested the pubGrantee nor nested roles.
the distinct set of Java Class FQNs for which thisthis User object has been grantedALL . |
getRights | IntValueHashMap getRights()(Code) | | Retrieves the map object that represents the rights that have been
granted on database objects.
The map has keys and values with the following interpretation:
- The keys are generally (but not limited to) objects having
an attribute or value equal to the name of an actual database
object.
- Specifically, the keys act as database object identifiers.
- The values are always Integer objects, each formed by combining
a set of flags, one for each of the access rights defined in
UserManager: {SELECT, INSERT, UPDATE and DELETE}.
|
grant | void grant(Object dbobject, int rights)(Code) | | Grants the specified rights on the specified database object.
Keys stored in rightsMap for database tables are their HsqlName
attribute. This allows rights to persist when a table is renamed.
|
hasRoleDirect | public boolean hasRoleDirect(String role)(Code) | | |
isAccessible | boolean isAccessible(HsqlName dbObject, int rights) throws HsqlException(Code) | | Returns true if any of the rights represented by the
rights argument has been granted on the database object identified
by the dbobject argument.
This is done by checking that a mapping exists in the rights map
from the dbobject argument for at least one of the rights
contained in the rights argument.
Only does one level of recursion to check the PUBLIC role.
|
isAccessible | boolean isAccessible(String functionName) throws HsqlException(Code) | | Returns true if any right at all has been granted to this User object
on the database object identified by the dbObject argument.
|
isAccessible | boolean isAccessible(HsqlName dbObject) throws HsqlException(Code) | | Returns true if any right at all has been granted to this User object
on the database object identified by the dbObject argument.
|
isAdmin | boolean isAdmin()(Code) | | Returns true if this Grantee has administrative privs either directly
or indirectly.
|
isAdminDirect | boolean isAdminDirect()(Code) | | Returns true if this grantee object is for a user with Direct
database administrator privileges.
I.e., if this User/Role has Admin priv. directly, not via a
nested Role.
|
isDirectlyAccessible | protected boolean isDirectlyAccessible(Object dbObject, int rights) throws HsqlException(Code) | | Returns true if any of the rights represented by the
rights argument has been granted on the database object identified
by the dbObject argument.
This is done by checking that a mapping exists in the rights map
from the dbObject argument for at least one of the rights
contained in the rights argument.
Considers none of pubGranee, nested roles, admin privs, globally
available Class object.
|
listGrantedTablePrivileges | String[] listGrantedTablePrivileges(HsqlName name)(Code) | | Retrieves a string[] whose elements are the names of the rights
explicitly granted with the GRANT command to this User
object on the Table object identified by the
name argument.
array of Strings naming the rights granted to thisUser object on the Table objectidentified by the name argument. Parameters: name - a Table object identifier |
revoke | void revoke(Object dbobject, int rights)(Code) | | Revokes the specified rights on the specified database object.
If, after removing the specified rights, no rights remain on the
database object, then the key/value pair for that object is removed
from the rights map
|
revokeDbObject | void revokeDbObject(Object dbobject)(Code) | | Revokes all rights on the specified database object.
This method removes any existing mapping from the rights map
|
setAdminDirect | void setAdminDirect()(Code) | | Violates naming convention (for backward compatibility).
Should be "setAdminDirect(boolean").
|
updateAllRights | void updateAllRights()(Code) | | Method used with all Grantee objects to set the full set of rights
according to those inherited form ROLE Grantee objects and those
granted to the object itself.
|
updateNestedRoles | boolean updateNestedRoles(String role)(Code) | | Recursive method used with ROLE Grantee objects to set the fullRightsMap
and admin flag for all the roles.
If a new ROLE is granted to a ROLE Grantee object, the ROLE should first
be added to the Set of ROLE Grantee objects (roles) for the grantee.
The grantee will be the parameter.
If the direct permissions granted to an existing ROLE Grentee is
modified no extra initial action is necessary.
The existing Grantee will b the parameter.
If an existing ROLE is REVOKEed from a ROLE, it should first be removed
from the set of ROLE Grantee objects in the containing ROLE.
The containing ROLE will be the parameter.
If an existing ROLE is DROPped, all its privileges should be cleared
first. The ROLE will be the parameter. After calling this method on
all other roles, the DROPped role should be removed from all grantees.
After the initial modification, this method should be called iteratively
on all the ROLE Grantee objects contained in RoleManager.
The updateAllRights() method is then called iteratively on all the
USER Grantee objects contained in UserManager.
Parameters: role - a modified, revoked or dropped role. true if this Grantee has possibly changed as a result |
|
|