Return-Path: Delivered-To: apmail-db-derby-commits-archive@www.apache.org Received: (qmail 94628 invoked from network); 25 Mar 2006 16:03:12 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 25 Mar 2006 16:03:12 -0000 Received: (qmail 32998 invoked by uid 500); 25 Mar 2006 16:03:12 -0000 Delivered-To: apmail-db-derby-commits-archive@db.apache.org Received: (qmail 32971 invoked by uid 500); 25 Mar 2006 16:03:12 -0000 Mailing-List: contact derby-commits-help@db.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: "Derby Development" List-Id: Delivered-To: mailing list derby-commits@db.apache.org Received: (qmail 32960 invoked by uid 99); 25 Mar 2006 16:03:11 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 25 Mar 2006 08:03:11 -0800 X-ASF-Spam-Status: No, hits=-9.4 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [209.237.227.194] (HELO minotaur.apache.org) (209.237.227.194) by apache.org (qpsmtpd/0.29) with SMTP; Sat, 25 Mar 2006 08:03:11 -0800 Received: (qmail 94594 invoked by uid 65534); 25 Mar 2006 16:02:50 -0000 Message-ID: <20060325160250.94593.qmail@minotaur.apache.org> Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r388775 - in /db/derby/code/trunk/java/engine/org/apache/derby: iapi/sql/dictionary/ impl/sql/compile/ impl/sql/conn/ Date: Sat, 25 Mar 2006 16:02:49 -0000 To: derby-commits@db.apache.org From: bandaram@apache.org X-Mailer: svnmailer-1.0.7 X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Author: bandaram Date: Sat Mar 25 08:02:48 2006 New Revision: 388775 URL: http://svn.apache.org/viewcvs?rev=388775&view=rev Log: DERBY-464: This batch of Grant & Revoke changes include: 1) Prevent GRANT statements on Synonyms, VTIs and Views (for now...pending more changes). 2) Change interface to StatementPermission objects... Dan suggested changing interface to include LCC. Submitted by Satheesh Bandaram (satheesh@sourcery.org) Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementColumnPermission.java db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementPermission.java db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementRoutinePermission.java db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementSchemaPermission.java db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementTablePermission.java db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/PrivilegeNode.java db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/conn/GenericAuthorizer.java Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementColumnPermission.java URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementColumnPermission.java?rev=388775&r1=388774&r2=388775&view=diff ============================================================================== --- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementColumnPermission.java (original) +++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementColumnPermission.java Sat Mar 25 08:02:48 2006 @@ -25,7 +25,7 @@ import org.apache.derby.iapi.sql.conn.Authorizer; import org.apache.derby.iapi.reference.SQLState; import org.apache.derby.iapi.services.io.FormatableBitSet; -import org.apache.derby.iapi.store.access.TransactionController; +import org.apache.derby.iapi.sql.conn.LanguageConnectionContext; /** * This class describes a column permission used (required) by a statement. @@ -81,19 +81,15 @@ } /** - * @param tc the TransactionController - * @param dd A DataDictionary - * @param authorizationId A user - * @param forGrant - * - * @exception StandardException if the permission has not been granted + * @see StatementPermission#check */ - public void check(TransactionController tc, - DataDictionary dd, + public void check( LanguageConnectionContext lcc, String authorizationId, boolean forGrant) throws StandardException { + DataDictionary dd = lcc.getDataDictionary(); + if( hasPermissionOnTable(dd, authorizationId, forGrant)) return; FormatableBitSet permittedColumns = null; Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementPermission.java URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementPermission.java?rev=388775&r1=388774&r2=388775&view=diff ============================================================================== --- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementPermission.java (original) +++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementPermission.java Sat Mar 25 08:02:48 2006 @@ -20,7 +20,7 @@ package org.apache.derby.iapi.sql.dictionary; -import org.apache.derby.iapi.store.access.TransactionController; +import org.apache.derby.iapi.sql.conn.LanguageConnectionContext; import org.apache.derby.iapi.error.StandardException; /** @@ -30,15 +30,13 @@ public abstract class StatementPermission { /** - * @param tc the TransactionController - * @param dd A DataDictionary - * @param authorizationId A user + * @param lcc LanguageConnectionContext + * @param authorizationId AuthorizationId * @param forGrant * * @exception StandardException if the permission has not been granted */ - public abstract void check( TransactionController tc, - DataDictionary dd, + public abstract void check( LanguageConnectionContext lcc, String authorizationId, boolean forGrant) throws StandardException; } Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementRoutinePermission.java URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementRoutinePermission.java?rev=388775&r1=388774&r2=388775&view=diff ============================================================================== --- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementRoutinePermission.java (original) +++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementRoutinePermission.java Sat Mar 25 08:02:48 2006 @@ -23,6 +23,7 @@ import org.apache.derby.iapi.error.StandardException; import org.apache.derby.catalog.UUID; import org.apache.derby.iapi.sql.conn.Authorizer; +import org.apache.derby.iapi.sql.conn.LanguageConnectionContext; import org.apache.derby.iapi.reference.SQLState; import org.apache.derby.iapi.sql.dictionary.RoutinePermsDescriptor; import org.apache.derby.iapi.store.access.TransactionController; @@ -41,18 +42,15 @@ } /** - * @param tc the TransactionController - * @param dd A DataDictionary - * @param authorizationId A user - * @param forGrant - * - * @exception StandardException if the permission has not been granted + * @see StatementPermission#check */ - public void check( TransactionController tc, - DataDictionary dd, + public void check( LanguageConnectionContext lcc, String authorizationId, boolean forGrant) throws StandardException { + DataDictionary dd = lcc.getDataDictionary(); + TransactionController tc = lcc.getTransactionExecute(); + RoutinePermsDescriptor perms = dd.getRoutinePermissions( routineUUID, authorizationId); if( perms == null || ! perms.getHasExecutePermission()) perms = dd.getRoutinePermissions(routineUUID, Authorizer.PUBLIC_AUTHORIZATION_ID); Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementSchemaPermission.java URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementSchemaPermission.java?rev=388775&r1=388774&r2=388775&view=diff ============================================================================== --- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementSchemaPermission.java (original) +++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementSchemaPermission.java Sat Mar 25 08:02:48 2006 @@ -24,6 +24,7 @@ import org.apache.derby.iapi.sql.conn.Authorizer; import org.apache.derby.iapi.reference.SQLState; import org.apache.derby.iapi.sql.dictionary.SchemaDescriptor; +import org.apache.derby.iapi.sql.conn.LanguageConnectionContext; import org.apache.derby.iapi.store.access.TransactionController; /** @@ -44,18 +45,15 @@ } /** - * @param tc the TransactionController - * @param dd A DataDictionary - * @param authid authorizationId - * @param forGrant - * - * @exception StandardException if schema authorization not granted + * @see StatementPermission#check */ - public void check(TransactionController tc, - DataDictionary dd, + public void check( LanguageConnectionContext lcc, String authid, boolean forGrant) throws StandardException { + DataDictionary dd = lcc.getDataDictionary(); + TransactionController tc = lcc.getTransactionExecute(); + if (privType == Authorizer.MODIFY_SCHEMA_PRIV) { SchemaDescriptor sd = dd.getSchemaDescriptor(schemaName, tc, false); Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementTablePermission.java URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementTablePermission.java?rev=388775&r1=388774&r2=388775&view=diff ============================================================================== --- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementTablePermission.java (original) +++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementTablePermission.java Sat Mar 25 08:02:48 2006 @@ -23,8 +23,8 @@ import org.apache.derby.iapi.error.StandardException; import org.apache.derby.catalog.UUID; import org.apache.derby.iapi.sql.conn.Authorizer; +import org.apache.derby.iapi.sql.conn.LanguageConnectionContext; import org.apache.derby.iapi.reference.SQLState; -import org.apache.derby.iapi.store.access.TransactionController; /** * This class describes a table permission used (required) by a statement. @@ -36,8 +36,8 @@ protected int privType; // One of Authorizer.SELECT_PRIV, UPDATE_PRIV, etc. /** - * Constructor for StatementTablePermission. Creates an instance of table permission requested - * for the given access. + * Constructor for StatementTablePermission. Creates an instance of + * table permission requested for the given access. * * @param tableUUID UUID of the table * @param privType Access privilege requested @@ -102,19 +102,15 @@ } /** - * @param tc the TransactionController - * @param dd A DataDictionary - * @param authorizationId A user - * @param forGrant - * - * @exception StandardException if the permission has not been granted + * @see StatementPermission#check */ - public void check( TransactionController tc, - DataDictionary dd, + public void check( LanguageConnectionContext lcc, String authorizationId, boolean forGrant) throws StandardException { + DataDictionary dd = lcc.getDataDictionary(); + if( ! hasPermissionOnTable( dd, authorizationId, forGrant)) { TableDescriptor td = getTableDescriptor( dd); Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/PrivilegeNode.java URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/PrivilegeNode.java?rev=388775&r1=388774&r2=388775&view=diff ============================================================================== --- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/PrivilegeNode.java (original) +++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/PrivilegeNode.java Sat Mar 25 08:02:48 2006 @@ -117,10 +117,15 @@ if( td == null) throw StandardException.newException( SQLState.LANG_TABLE_NOT_FOUND, tableName); - // Don't allow authorization on SESSION schema tables. Causes confusion if - // a temporary table is created later with same name. - if (isSessionSchema(sd.getSchemaName())) - throw StandardException.newException(SQLState.LANG_OPERATION_NOT_ALLOWED_ON_SESSION_SCHEMA_TABLES); + // Don't allow authorization on SESSION schema tables. Causes confusion if + // a temporary table is created later with same name. + if (isSessionSchema(sd.getSchemaName())) + throw StandardException.newException(SQLState.LANG_OPERATION_NOT_ALLOWED_ON_SESSION_SCHEMA_TABLES); + + // GrantRevoke TODO: Need to enable for views later. Disable for now. + // Disable grant on VTIs and Synonyms + if (td.getTableType() != TableDescriptor.BASE_TABLE_TYPE) + throw StandardException.newException(SQLState.AUTH_GRANT_REVOKE_NOT_ALLOWED, tableName.getFullTableName()); specificPrivileges.bind( td); dependencyProvider = td; Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/conn/GenericAuthorizer.java URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/conn/GenericAuthorizer.java?rev=388775&r1=388774&r2=388775&view=diff ============================================================================== --- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/conn/GenericAuthorizer.java (original) +++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/conn/GenericAuthorizer.java Sat Mar 25 08:02:48 2006 @@ -151,11 +151,10 @@ if( requiredPermissionsList != null && ! requiredPermissionsList.isEmpty() && !authorizationId.equals(dd.getAuthorizationDBA())) { - TransactionController tc = activation.getTransactionController(); for( Iterator iter = requiredPermissionsList.iterator(); iter.hasNext();) { - ((StatementPermission) iter.next()).check( tc, dd, authorizationId, false); + ((StatementPermission) iter.next()).check( lcc, authorizationId, false); } } }