db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d..@apache.org
Subject svn commit: r420306 [1/6] - in /db/derby/code/trunk/java: engine/org/apache/derby/catalog/ engine/org/apache/derby/iapi/services/io/ engine/org/apache/derby/iapi/sql/dictionary/ engine/org/apache/derby/impl/sql/catalog/ engine/org/apache/derby/impl/sql...
Date Sun, 09 Jul 2006 16:17:57 GMT
Author: djd
Date: Sun Jul  9 09:17:53 2006
New Revision: 420306

URL: http://svn.apache.org/viewvc?rev=420306&view=rev
Log:
DERBY-1330 (partial) Create dependencies between triggers, constraints & views and their required privileges.
Patch submitted by Mamta Satoor msatoor@gmail.com

Modified:
    db/derby/code/trunk/java/engine/org/apache/derby/catalog/Dependable.java
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/RegisteredFormatIds.java
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/StoredFormatIds.java
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/ColPermsDescriptor.java
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDescriptorGenerator.java
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDictionary.java
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/PermissionsDescriptor.java
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/RoutinePermsDescriptor.java
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementColumnPermission.java
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementPermission.java
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementRoutinePermission.java
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementSchemaPermission.java
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementTablePermission.java
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/TablePermsDescriptor.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/CoreDDFinderClassInfo.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DDdependableFinder.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSCOLPERMSRowFactory.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSROUTINEPERMSRowFactory.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSTABLEPERMSRowFactory.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CreateSchemaNode.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CreateTriggerNode.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/DDLStatementNode.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/DeleteNode.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FKConstraintDefinitionNode.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromBaseTable.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromList.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromSubquery.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/InsertNode.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/JavaToSQLValueNode.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/PrivilegeNode.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/QueryTreeNode.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ResultColumn.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ResultColumnList.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ResultSetNode.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/SelectNode.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/StaticMethodCallNode.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateConstraintConstantAction.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateTriggerConstantAction.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateViewConstantAction.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/DDLConstantAction.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/syscat.out
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/jdk14/syscat.out
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/syscat.out
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/grantRevokeDDL.out
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/syscat.out
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/grantRevokeDDL.sql
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/ProcedureTest.java

Modified: db/derby/code/trunk/java/engine/org/apache/derby/catalog/Dependable.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/catalog/Dependable.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/catalog/Dependable.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/catalog/Dependable.java Sun Jul  9 09:17:53 2006
@@ -57,6 +57,9 @@
 	public static final String TRIGGER						= "Trigger";
 	public static final String VIEW							= "View";
 	public static final String SCHEMA						= "Schema";
+	public static final String TABLE_PERMISSION             = "TablePrivilege";
+	public static final String COLUMNS_PERMISSION           = "ColumnsPrivilege";
+	public static final String ROUTINE_PERMISSION           = "RoutinePrivilege";
 
 
 	/**

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/RegisteredFormatIds.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/RegisteredFormatIds.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/RegisteredFormatIds.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/RegisteredFormatIds.java Sun Jul  9 09:17:53 2006
@@ -521,5 +521,8 @@
         /* 458 */   "org.apache.derby.iapi.types.DTSClassInfo", //InstanceGetter, XML_ID
         /* 459 */   "org.apache.derby.impl.store.raw.data.EncryptContainerOperation",
         /* 460 */   "org.apache.derby.impl.store.raw.data.EncryptContainerUndoOperation",
+        /* 461 */   "org.apache.derby.impl.sql.catalog.CoreDDFinderClassInfo",
+        /* 462 */   "org.apache.derby.impl.sql.catalog.CoreDDFinderClassInfo",
+        /* 463 */   "org.apache.derby.impl.sql.catalog.CoreDDFinderClassInfo",
 };
 }

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/StoredFormatIds.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/StoredFormatIds.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/StoredFormatIds.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/StoredFormatIds.java Sun Jul  9 09:17:53 2006
@@ -308,6 +308,24 @@
      */
         static public final int TABLE_DESCRIPTOR_FINDER_V01_ID =
                 (MIN_ID_2 + 137);
+
+        /**
+        class org.apache.derby.impl.sql.catalog.CoreDDFinderClassInfo
+     */
+        static public final int ROUTINE_PERMISSION_FINDER_V01_ID =
+                (MIN_ID_2 + 461);
+
+        /**
+        class org.apache.derby.impl.sql.catalog.CoreDDFinderClassInfo
+     */
+        static public final int TABLE_PERMISSION_FINDER_V01_ID =
+                (MIN_ID_2 + 462);
+
+        /**
+        class org.apache.derby.impl.sql.catalog.CoreDDFinderClassInfo
+     */
+        static public final int COLUMNS_PERMISSION_FINDER_V01_ID =
+                (MIN_ID_2 + 463);
         
         /**
         class org.apache.derby.impl.sql.catalog.DataDictionaryDescriptorFinder
@@ -1834,7 +1852,7 @@
          * Make sure this is updated when a new module is added
          */
         public static final int MAX_ID_2 =
-                (MIN_ID_2 + 460);
+                (MIN_ID_2 + 463);
 
         // DO NOT USE 4 BYTE IDS ANYMORE
         static public final int MAX_ID_4 =

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/ColPermsDescriptor.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/ColPermsDescriptor.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/ColPermsDescriptor.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/ColPermsDescriptor.java Sun Jul  9 09:17:53 2006
@@ -20,10 +20,16 @@
 
 package org.apache.derby.iapi.sql.dictionary;
 
+import org.apache.derby.catalog.Dependable;
+import org.apache.derby.catalog.DependableFinder;
 import org.apache.derby.catalog.UUID;
 
+import org.apache.derby.iapi.error.StandardException;
 import org.apache.derby.iapi.sql.dictionary.DataDictionary;
 import org.apache.derby.iapi.services.io.FormatableBitSet;
+import org.apache.derby.iapi.services.io.StoredFormatIds;
+import org.apache.derby.impl.sql.catalog.DDColumnPermissionsDependableFinder;
+//import org.apache.derby.impl.sql.catalog.DDdependableFinder;
 
 /**
  * This class describes a row in the SYS.SYSCOLPERMS system table, which keeps
@@ -34,18 +40,20 @@
     private final UUID tableUUID;
     private final String type;
     private final FormatableBitSet columns;
+    private final String tableName;
 	
 	public ColPermsDescriptor( DataDictionary dd,
-                               String grantee,
+			                   String grantee,
                                String grantor,
                                UUID tableUUID,
                                String type,
-                               FormatableBitSet columns)
+                               FormatableBitSet columns) throws StandardException
 	{
 		super (dd, grantee, grantor);
         this.tableUUID = tableUUID;
         this.type = type;
         this.columns = columns;
+        tableName = dd.getTableDescriptor(tableUUID).getName();
 	}
 
     /**
@@ -55,7 +63,7 @@
                                String grantee,
                                String grantor,
                                UUID tableUUID,
-                               String type)
+                               String type) throws StandardException
     {
         this( dd, grantee, grantor, tableUUID, type, (FormatableBitSet) null);
     }
@@ -72,14 +80,15 @@
 
 	public String toString()
 	{
-		return "colPerms: grantor=" + getGrantee() + 
+		return "colPerms: grantee=" + getGrantee() + 
+        ",colPermsUUID=" + getUUID() +
 			",grantor=" + getGrantor() +
           ",tableUUID=" + getTableUUID() +
           ",type=" + getType() +
           ",columns=" + getColumns();
 	}		
 
-    /**
+	/**
      * @return true iff the key part of this permissions descriptor equals the key part of another permissions
      *         descriptor.
      */
@@ -101,4 +110,54 @@
         return super.keyHashCode() + tableUUID.hashCode() +
           ((type == null) ? 0 : type.hashCode());
     }
+	
+	/**
+	 * @see PermissionsDescriptor#checkOwner
+	 */
+	public boolean checkOwner(String authorizationId) throws StandardException
+	{
+		TableDescriptor td = getDataDictionary().getTableDescriptor(tableUUID);
+		if (td.getSchemaDescriptor().getAuthorizationId().equals(authorizationId))
+			return true;
+		else
+			return false;
+	}
+
+	//////////////////////////////////////////////
+	//
+	// PROVIDER INTERFACE
+	//
+	//////////////////////////////////////////////
+
+	/**
+	 * Return the name of this Provider.  (Useful for errors.)
+	 *
+	 * @return String	The name of this provider.
+	 */
+	public String getObjectName()
+	{
+		return "Column Privilege on " + tableName; 
+	}
+
+	/**
+	 * Get the provider's type.
+	 *
+	 * @return char		The provider's type.
+	 */
+	public String getClassType()
+	{
+		return Dependable.COLUMNS_PERMISSION;
+	}
+
+	/**		
+		@return the stored form of this provider
+
+			@see Dependable#getDependableFinder
+	 */
+	public DependableFinder getDependableFinder() 
+	{
+	    return	new DDColumnPermissionsDependableFinder(StoredFormatIds.COLUMNS_PERMISSION_FINDER_V01_ID, 
+	    		type);
+	}
+
 }

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDescriptorGenerator.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDescriptorGenerator.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDescriptorGenerator.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDescriptorGenerator.java Sun Jul  9 09:17:53 2006
@@ -440,6 +440,7 @@
                                                          String referencesPerm,
                                                          String triggerPerm,
                                                          String grantor)
+	throws StandardException
     {
         if( "N".equals( selectPerm) && "N".equals( deletePerm) && "N".equals( insertPerm)
             && "N".equals( updatePerm) && "N".equals( referencesPerm) && "N".equals( triggerPerm))
@@ -475,7 +476,7 @@
     public ColPermsDescriptor newColPermsDescriptor( TableDescriptor td,
                                                      String type,
                                                      FormatableBitSet columns,
-                                                     String grantor)
+                                                     String grantor) throws StandardException
     {
         return new ColPermsDescriptor( dataDictionary,
                                        (String) null,
@@ -492,6 +493,7 @@
      * @param grantor
      */
     public RoutinePermsDescriptor newRoutinePermsDescriptor( AliasDescriptor ad, String grantor)
+	throws StandardException
     {
         return new RoutinePermsDescriptor( dataDictionary,
                                            (String) null,

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDictionary.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDictionary.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDictionary.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDictionary.java Sun Jul  9 09:17:53 2006
@@ -1605,6 +1605,30 @@
         throws StandardException;
 
     /**
+     * Get one user's column privileges for a table. This routine gets called by
+     * ColPermsDescriptor.getDependableFinder and that method has hold of 
+     * privilege type in String form.
+     *
+     * @param tableUUID
+     * @param privType(as String) Authorizer.SELECT_PRIV, Authorizer.UPDATE_PRIV, or Authorizer.REFERENCES_PRIV
+     * @param forGrant
+     * @param authorizationId The user name
+     *
+     * @return a ColPermsDescriptor or null if the user has no separate column
+     *         permissions of the specified type on the table. Note that the user may have been granted
+     *         permission on all the columns of the table (no column list), in which case this routine
+     *         will return null. You must also call getTablePermissions to see if the user has permission
+     *         on a set of columns.
+     *
+     * @exception StandardException
+     */
+    public ColPermsDescriptor getColumnPermissions( UUID tableUUID,
+            String privTypeStr,
+            boolean forGrant,
+            String authorizationId)
+    throws StandardException;
+
+    /**
      * Get one user's permissions for a routine (function or procedure).
      *
      * @param routineUUID

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/PermissionsDescriptor.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/PermissionsDescriptor.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/PermissionsDescriptor.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/PermissionsDescriptor.java Sun Jul  9 09:17:53 2006
@@ -20,6 +20,9 @@
 
 package org.apache.derby.iapi.sql.dictionary;
 
+import org.apache.derby.catalog.UUID;
+import org.apache.derby.iapi.error.StandardException;
+import org.apache.derby.iapi.sql.depend.Provider;
 import org.apache.derby.iapi.sql.dictionary.DataDictionary;
 import org.apache.derby.iapi.services.sanity.SanityManager;
 
@@ -27,8 +30,10 @@
  * This class is used by rows in the SYS.SYSTABLEPERMS, SYS.SYSCOLPERMS, and SYS.SYSROUTINEPERMS
  * system tables.
  */
-public abstract class PermissionsDescriptor extends TupleDescriptor implements Cloneable
+public abstract class PermissionsDescriptor extends TupleDescriptor 
+	implements Cloneable, Provider
 {
+	protected UUID oid;
 	protected String grantee;
 	protected String grantor;
 
@@ -82,4 +87,57 @@
 	/*----- getter functions for rowfactory ------*/
 	public String getGrantee() { return grantee;}
 	public String getGrantor() { return grantor;}
+
+	/**
+	 * Gets the UUID of the table.
+	 *
+	 * @return	The UUID of the table.
+	 */
+	public UUID	getUUID() { return oid;}
+
+	/**
+	 * Sets the UUID of the table
+	 *
+	 * @param oid	The UUID of the table to be set in the descriptor
+	 */
+	public void setUUID(UUID oid) {	this.oid = oid;}
+	
+	/**
+	 * This method checks if the passed authorization id is same as the owner 
+	 * of the object on which this permission is defined. This method gets
+	 * called by create view/constraint/trigger to see if this permission 
+	 * needs to be saved in dependency system for the view/constraint/trigger. 
+	 * If the same user is the owner of the the object being accessed and the 
+	 * newly created object, then no need to keep this privilege dependency 
+	 *
+	 * @return boolean	If passed authorization id is owner of the table
+	 */
+	public abstract boolean checkOwner(String authorizationId) throws StandardException;
+
+	//////////////////////////////////////////////
+	//
+	// PROVIDER INTERFACE
+	//
+	////////////////////////////////////////////////////////////////////
+
+	/**
+	 * Get the provider's UUID
+	 *
+	 * @return 	The provider's UUID
+	 */
+	public UUID getObjectID()
+	{
+		return oid;
+	}
+
+	/**
+	 * Is this provider persistent?  A stored dependency will be required
+	 * if both the dependent and provider are persistent.
+	 *
+	 * @return boolean              Whether or not this provider is persistent.
+	 */
+	public boolean isPersistent()
+	{
+		return true;
+	}
 }

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/RoutinePermsDescriptor.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/RoutinePermsDescriptor.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/RoutinePermsDescriptor.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/RoutinePermsDescriptor.java Sun Jul  9 09:17:53 2006
@@ -20,9 +20,14 @@
 
 package org.apache.derby.iapi.sql.dictionary;
 
+import org.apache.derby.catalog.Dependable;
+import org.apache.derby.catalog.DependableFinder;
 import org.apache.derby.catalog.UUID;
 
+import org.apache.derby.iapi.error.StandardException;
+import org.apache.derby.iapi.services.io.StoredFormatIds;
 import org.apache.derby.iapi.sql.dictionary.DataDictionary;
+import org.apache.derby.impl.sql.catalog.DDdependableFinder;
 
 /**
  * This class describes rows in the SYS.SYSROUTINEPERMS system table, which keeps track of the routine
@@ -31,23 +36,25 @@
 public class RoutinePermsDescriptor extends PermissionsDescriptor
 {
     private final UUID routineUUID;
+    private final String routineName;
     private final boolean hasExecutePermission;
 	
 	public RoutinePermsDescriptor( DataDictionary dd,
                                    String grantee,
                                    String grantor,
                                    UUID routineUUID,
-                                   boolean hasExecutePermission)
+                                   boolean hasExecutePermission) throws StandardException
 	{
         super (dd, grantee, grantor);
         this.routineUUID = routineUUID;
         this.hasExecutePermission = hasExecutePermission;
+        routineName = dd.getAliasDescriptor(routineUUID).getObjectName();
 	}
 	
 	public RoutinePermsDescriptor( DataDictionary dd,
                                    String grantee,
                                    String grantor,
-                                   UUID routineUUID)
+                                   UUID routineUUID) throws StandardException
 	{
         this( dd, grantee, grantor, routineUUID, true);
 	}
@@ -57,7 +64,7 @@
      */
 	public RoutinePermsDescriptor( DataDictionary dd,
                                    String grantee,
-                                   String grantor)
+                                   String grantor) throws StandardException
     {
         this( dd, grantee, grantor, (UUID) null);
     }
@@ -73,7 +80,8 @@
 
 	public String toString()
 	{
-		return "routinePerms: grantor=" + getGrantee() + 
+		return "routinePerms: grantee=" + getGrantee() + 
+        ",routinePermsUUID=" + getUUID() +
           ",grantor=" + getGrantor() +
           ",routineUUID=" + getRoutineUUID();
 	}		
@@ -98,4 +106,52 @@
     {
         return super.keyHashCode() + routineUUID.hashCode();
     }
+	
+	/**
+	 * @see PermissionsDescriptor#checkOwner
+	 */
+	public boolean checkOwner(String authorizationId) throws StandardException
+	{
+		UUID sd = getDataDictionary().getAliasDescriptor(routineUUID).getSchemaUUID();
+		if (getDataDictionary().getSchemaDescriptor(sd, null).getAuthorizationId().equals(authorizationId))
+			return true;
+		else
+			return false;
+	}
+
+	//////////////////////////////////////////////
+	//
+	// PROVIDER INTERFACE
+	//
+	//////////////////////////////////////////////
+
+	/**
+	 * Return the name of this Provider.  (Useful for errors.)
+	 *
+	 * @return String	The name of this provider.
+	 */
+	public String getObjectName()
+	{
+		return "Routine Privilege on " + routineName; 
+	}
+
+	/**
+	 * Get the provider's type.
+	 *
+	 * @return char		The provider's type.
+	 */
+	public String getClassType()
+	{
+		return Dependable.ROUTINE_PERMISSION;
+	}
+
+	/**		
+		@return the stored form of this provider
+
+			@see Dependable#getDependableFinder
+	 */
+	public DependableFinder getDependableFinder() 
+	{
+	    return	new DDdependableFinder(StoredFormatIds.ROUTINE_PERMISSION_FINDER_V01_ID);
+	}
 }

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementColumnPermission.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementColumnPermission.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementColumnPermission.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementColumnPermission.java Sun Jul  9 09:17:53 2006
@@ -93,9 +93,6 @@
 		if( hasPermissionOnTable(dd, authorizationId, forGrant))
 			return;
 		FormatableBitSet permittedColumns = null;
-		FormatableBitSet grantablePermittedColumns = null;
-		FormatableBitSet publicPermittedColumns = null;
-		FormatableBitSet publicPrantablePermittedColumns = null;
 		if( ! forGrant)
 		{
 			permittedColumns = addPermittedColumns( dd,
@@ -156,4 +153,71 @@
 		}
 		return permittedColumns;
 	} // end of addPermittedColumns
+
+	/**
+	 * @see StatementPermission#getPermissionDescriptor
+	 */
+	public PermissionsDescriptor getPermissionDescriptor(String authid, DataDictionary dd)
+	throws StandardException
+	{
+		//If table permission found for authorizationid, then simply return that
+		if (oneAuthHasPermissionOnTable( dd, authid, false))
+			return dd.getTablePermissions(tableUUID, authid);
+		//If table permission found for PUBLIC, then simply return that
+		if (oneAuthHasPermissionOnTable( dd, Authorizer.PUBLIC_AUTHORIZATION_ID, false))
+			return dd.getTablePermissions(tableUUID, Authorizer.PUBLIC_AUTHORIZATION_ID);
+		
+		//If table level permission not found, then we have to find permissions 
+		//at column level. Look for column level permission for the passed 
+		//authorizer. If found any of the required column level permissions,
+		//return the permission descriptor for it.
+		ColPermsDescriptor colsPermsDesc = dd.getColumnPermissions(tableUUID, privType, false, authid);
+		if( colsPermsDesc != null)
+		{
+			if( colsPermsDesc.getColumns() != null){
+				FormatableBitSet permittedColumns = colsPermsDesc.getColumns();
+				for( int i = columns.anySetBit(); i >= 0; i = columns.anySetBit( i))
+				{
+					if(permittedColumns.get(i))
+						return colsPermsDesc;
+				}
+			}
+		}
+		return null;
+	}
+	
+	/**
+	 * This method gets called in execution phase after it is established that 
+	 * all the required privileges exist for the given sql. This method gets 
+	 * called by create view/trigger/constraint to record their dependency on 
+	 * various privileges.
+	 * Special code is required to track column level privileges.
+	 * It is possible that some column level privileges are available to the
+	 * passed authorizer id but the rest required column level privileges
+	 * are available at PUBLIC level. In this method, we check if all the
+	 * required column level privileges are found for the passed authorizer.
+	 * If yes, then simply return null, indicating that no dependency is 
+	 * required at PUBLIC level, because all the required privileges were found
+	 * at the user level. But if some column level privileges are not
+	 * available at user level, then they have to exist at the PUBLIC
+	 * level when this method gets called.  
+	 */
+	public PermissionsDescriptor getPUBLIClevelColPermsDescriptor(String authid, DataDictionary dd)
+	throws StandardException
+	{
+		ColPermsDescriptor colsPermsDesc = dd.getColumnPermissions(tableUUID, privType, false, authid);
+		FormatableBitSet permittedColumns = colsPermsDesc.getColumns();
+		boolean allColumnsCoveredByUserLevelPrivilege = true;
+		for( int i = columns.anySetBit(); i >= 0 && allColumnsCoveredByUserLevelPrivilege; i = columns.anySetBit( i))
+		{
+			if(permittedColumns.get(i))
+				continue;
+			else
+				allColumnsCoveredByUserLevelPrivilege = false;
+		}
+		if (allColumnsCoveredByUserLevelPrivilege)
+			return null;
+		else
+			return (dd.getColumnPermissions(tableUUID, privType, false, Authorizer.PUBLIC_AUTHORIZATION_ID));	
+	}
 }

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementPermission.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementPermission.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementPermission.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementPermission.java Sun Jul  9 09:17:53 2006
@@ -39,4 +39,27 @@
 	public abstract void check( LanguageConnectionContext lcc,
 								String authorizationId,
 								boolean forGrant) throws StandardException;
+
+	/**
+	 * 
+	 * Get the PermissionDescriptor for the passed authorization id for this
+	 * object. This method gets called during the execution phase of create 
+	 * view/constraint/trigger. The return value of this method is saved in
+	 * dependency system to keep track of views/constraints/triggers 
+	 * dependencies on required permissions. This happens in execution phase 
+	 * after it has been established that passed authorization id has all the 
+	 * permissions it needs to create that view/constraint/trigger. Which means 
+	 * that we can only get to writing into dependency system once all the required 
+	 * privileges are confirmed. 
+	 *   
+	 * @param authorizationId	AuthorizationId
+	 * @param dd	DataDictionary
+	 * 
+	 * @return PermissionsDescriptor	The PermissionDescriptor for the passed
+	 *  authorization id on this object
+	 * 
+	 * @exception StandardException
+	 */
+	public abstract PermissionsDescriptor getPermissionDescriptor(String authid, DataDictionary dd)
+	throws StandardException;
 }

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementRoutinePermission.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementRoutinePermission.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementRoutinePermission.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementRoutinePermission.java Sun Jul  9 09:17:53 2006
@@ -71,4 +71,13 @@
 												  ad.getDescriptorName());
 		}
 	} // end of check
+
+	/**
+	 * @see StatementPermission#getPermissionDescriptor
+	 */
+	public PermissionsDescriptor getPermissionDescriptor(String authid, DataDictionary dd)
+	throws StandardException
+	{
+		return dd.getRoutinePermissions(routineUUID,authid);
+	}
 }

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementSchemaPermission.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementSchemaPermission.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementSchemaPermission.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementSchemaPermission.java Sun Jul  9 09:17:53 2006
@@ -75,4 +75,17 @@
 					SQLState.AUTH_NOT_DATABASE_OWNER, authid, schemaName);
 		}
 	}
+
+	/**
+	 * Schema level permission is never required as list of privileges required
+	 * for triggers/constraints/views and hence we don't do any work here, but
+	 * simply return null
+	 * 
+	 * @see StatementPermission#check
+	 */
+	public PermissionsDescriptor getPermissionDescriptor(String authid, DataDictionary dd)
+	throws StandardException
+	{
+		return null;
+	}
 }

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementTablePermission.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementTablePermission.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementTablePermission.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementTablePermission.java Sun Jul  9 09:17:53 2006
@@ -141,7 +141,7 @@
 		  || oneAuthHasPermissionOnTable( dd, authorizationId, forGrant);
 	}
 
-	private boolean oneAuthHasPermissionOnTable(DataDictionary dd, String authorizationId, boolean forGrant)
+	protected boolean oneAuthHasPermissionOnTable(DataDictionary dd, String authorizationId, boolean forGrant)
 		throws StandardException
 	{
 		TablePermsDescriptor perms = dd.getTablePermissions( tableUUID, authorizationId);
@@ -174,6 +174,19 @@
 
 		return "Y".equals(priv) || (!forGrant) && "y".equals( priv);
 	} // end of hasPermissionOnTable
+
+	/**
+	 * @see StatementPermission#getPermissionDescriptor
+	 */
+	public PermissionsDescriptor getPermissionDescriptor(String authid, DataDictionary dd)
+	throws StandardException
+	{
+		//if the required type of privilege exists for the given authorizer,
+		//then pass the permission descriptor for it.
+		if (oneAuthHasPermissionOnTable( dd, authid, false))
+			return dd.getTablePermissions(tableUUID, authid);
+		else return null;
+	}
 
 	/**
 	 * Return privilege needed for this access as string

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/TablePermsDescriptor.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/TablePermsDescriptor.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/TablePermsDescriptor.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/TablePermsDescriptor.java Sun Jul  9 09:17:53 2006
@@ -20,9 +20,14 @@
 
 package org.apache.derby.iapi.sql.dictionary;
 
+import org.apache.derby.catalog.Dependable;
+import org.apache.derby.catalog.DependableFinder;
 import org.apache.derby.catalog.UUID;
 
+import org.apache.derby.iapi.services.io.StoredFormatIds;
 import org.apache.derby.iapi.sql.dictionary.DataDictionary;
+import org.apache.derby.iapi.error.StandardException;
+import org.apache.derby.impl.sql.catalog.DDdependableFinder;
 
 /**
  * This class describes a row in the SYS.SYSTABLEPERMS system table, which
@@ -31,6 +36,7 @@
 public class TablePermsDescriptor extends PermissionsDescriptor
 {
     private final UUID tableUUID;
+    private final String tableName;
     private final String selectPriv;
     private final String deletePriv;
     private final String insertPriv;
@@ -47,7 +53,7 @@
                                  String insertPriv,
                                  String updatePriv,
                                  String referencesPriv,
-                                 String triggerPriv)
+                                 String triggerPriv) throws StandardException
 	{
 		super (dd, grantee, grantor);
         this.tableUUID = tableUUID;
@@ -57,6 +63,7 @@
         this.updatePriv = updatePriv;
         this.referencesPriv = referencesPriv;
         this.triggerPriv = triggerPriv;
+        tableName = dd.getTableDescriptor(tableUUID).getName();
 	}
 
     /**
@@ -65,7 +72,7 @@
     public TablePermsDescriptor( DataDictionary dd,
                                  String grantee,
                                  String grantor,
-                                 UUID tableUUID)
+                                 UUID tableUUID) throws StandardException
     {
         this( dd, grantee, grantor, tableUUID,
               (String) null, (String) null, (String) null, (String) null, (String) null, (String) null);
@@ -87,7 +94,8 @@
 
 	public String toString()
 	{
-		return "tablePerms: grantee=" + getGrantee() + 
+		return "tablePerms: grantee=" + getGrantee() +
+		",tablePermsUUID=" + getUUID() +
 			",grantor=" + getGrantor() +
           ",tableUUID=" + getTableUUID() +
           ",selectPriv=" + getSelectPriv() +
@@ -117,4 +125,52 @@
     {
         return super.keyHashCode() + tableUUID.hashCode();
     }
+	
+	/**
+	 * @see PermissionsDescriptor#checkOwner
+	 */
+	public boolean checkOwner(String authorizationId) throws StandardException
+	{
+		TableDescriptor td = getDataDictionary().getTableDescriptor(tableUUID);
+		if (td.getSchemaDescriptor().getAuthorizationId().equals(authorizationId))
+			return true;
+		else
+			return false;
+	}
+
+	//////////////////////////////////////////////
+	//
+	// PROVIDER INTERFACE
+	//
+	//////////////////////////////////////////////
+
+	/**
+	 * Return the name of this Provider.  (Useful for errors.)
+	 *
+	 * @return String	The name of this provider.
+	 */
+	public String getObjectName()
+	{
+		return "Table Privilege on " + tableName; 
+	}
+
+	/**
+	 * Get the provider's type.
+	 *
+	 * @return char		The provider's type.
+	 */
+	public String getClassType()
+	{
+		return Dependable.TABLE_PERMISSION;
+	}
+
+	/**		
+		@return the stored form of this provider
+
+			@see Dependable#getDependableFinder
+	 */
+	public DependableFinder getDependableFinder() 
+	{
+	    return	new DDdependableFinder(StoredFormatIds.TABLE_PERMISSION_FINDER_V01_ID);
+	}
 }

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/CoreDDFinderClassInfo.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/CoreDDFinderClassInfo.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/CoreDDFinderClassInfo.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/CoreDDFinderClassInfo.java Sun Jul  9 09:17:53 2006
@@ -40,9 +40,13 @@
 			case StoredFormatIds.TABLE_DESCRIPTOR_FINDER_V01_ID:
 			case StoredFormatIds.TRIGGER_DESCRIPTOR_FINDER_V01_ID:
 			case StoredFormatIds.VIEW_DESCRIPTOR_FINDER_V01_ID:
+			case StoredFormatIds.TABLE_PERMISSION_FINDER_V01_ID:
+			case StoredFormatIds.ROUTINE_PERMISSION_FINDER_V01_ID:
 				return new DDdependableFinder(fmtId);
 			case StoredFormatIds.COLUMN_DESCRIPTOR_FINDER_V01_ID:
 				return new DDColumnDependableFinder(fmtId);
+			case StoredFormatIds.COLUMNS_PERMISSION_FINDER_V01_ID:
+				return new DDColumnPermissionsDependableFinder(fmtId);
 			default:
 				return null;
 		}

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DDdependableFinder.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DDdependableFinder.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DDdependableFinder.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DDdependableFinder.java Sun Jul  9 09:17:53 2006
@@ -33,7 +33,6 @@
 import org.apache.derby.iapi.sql.conn.LanguageConnectionContext;
 import org.apache.derby.iapi.sql.dictionary.ColumnDescriptor;
 import org.apache.derby.iapi.sql.dictionary.DefaultDescriptor;
-import org.apache.derby.iapi.sql.dictionary.FileInfoDescriptor;
 import org.apache.derby.iapi.sql.dictionary.DataDictionary;
 import org.apache.derby.iapi.sql.dictionary.DataDictionaryContext;
 import org.apache.derby.iapi.sql.dictionary.TableDescriptor;
@@ -249,6 +248,15 @@
 			case StoredFormatIds.VIEW_DESCRIPTOR_FINDER_V01_ID:
 				return Dependable.VIEW;
 
+			case StoredFormatIds.TABLE_PERMISSION_FINDER_V01_ID:
+				return Dependable.TABLE_PERMISSION;
+			
+			case StoredFormatIds.COLUMNS_PERMISSION_FINDER_V01_ID:
+				return Dependable.COLUMNS_PERMISSION;
+
+			case StoredFormatIds.ROUTINE_PERMISSION_FINDER_V01_ID:
+				return Dependable.ROUTINE_PERMISSION;
+
 			default:
 				if (SanityManager.DEBUG)
 				{
@@ -302,6 +310,7 @@
 	protected Dependable getDependable(DataDictionary dd, UUID dependableObjectID)
 		throws StandardException
 	{
+		LanguageConnectionContext lcc;
 		switch (formatId)
 		{
 			case StoredFormatIds.ALIAS_DESCRIPTOR_FINDER_V01_ID:
@@ -339,6 +348,18 @@
 			case StoredFormatIds.VIEW_DESCRIPTOR_FINDER_V01_ID:
 				return dd.getViewDescriptor(dependableObjectID);
 
+			case StoredFormatIds.TABLE_PERMISSION_FINDER_V01_ID:
+				lcc = (LanguageConnectionContext)
+				ContextService.getContext(LanguageConnectionContext.CONTEXT_ID);
+				return dd.getTablePermissions(dependableObjectID,
+						lcc.getAuthorizationId());
+
+			case StoredFormatIds.ROUTINE_PERMISSION_FINDER_V01_ID:
+				lcc = (LanguageConnectionContext)
+				ContextService.getContext(LanguageConnectionContext.CONTEXT_ID);
+				return dd.getRoutinePermissions(dependableObjectID,
+						lcc.getAuthorizationId());
+
 			default:
 				if (SanityManager.DEBUG)
 				{
@@ -356,6 +377,7 @@
 	protected String getSQLObjectName(DataDictionary dd, UUID dependableObjectID)
 		throws StandardException
 	{
+		LanguageConnectionContext lcc;
 		switch (formatId)
 		{
 			case StoredFormatIds.ALIAS_DESCRIPTOR_FINDER_V01_ID:
@@ -388,6 +410,7 @@
 
 			case StoredFormatIds.TABLE_DESCRIPTOR_FINDER_V01_ID:
 			case StoredFormatIds.COLUMN_DESCRIPTOR_FINDER_V01_ID:
+			case StoredFormatIds.COLUMNS_PERMISSION_FINDER_V01_ID:
 				return getDependable(dd, dependableObjectID).getObjectName();
 
 			case StoredFormatIds.TRIGGER_DESCRIPTOR_FINDER_V01_ID:
@@ -395,6 +418,18 @@
 
 			case StoredFormatIds.VIEW_DESCRIPTOR_FINDER_V01_ID:
 				return dd.getTableDescriptor(dependableObjectID).getName();
+
+			case StoredFormatIds.TABLE_PERMISSION_FINDER_V01_ID:
+				lcc = (LanguageConnectionContext)
+				ContextService.getContext(LanguageConnectionContext.CONTEXT_ID);
+				return dd.getTablePermissions(dependableObjectID,
+						lcc.getAuthorizationId()).getObjectName();
+
+			case StoredFormatIds.ROUTINE_PERMISSION_FINDER_V01_ID:
+				lcc = (LanguageConnectionContext)
+				ContextService.getContext(LanguageConnectionContext.CONTEXT_ID);
+				return dd.getRoutinePermissions(dependableObjectID,
+						lcc.getAuthorizationId()).getObjectName();
 
 			default:
 				if (SanityManager.DEBUG)

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java Sun Jul  9 09:17:53 2006
@@ -9797,7 +9797,7 @@
      * Get one user's column privileges for a table.
      *
      * @param tableUUID
-     * @param privType Authorizer.SELECT_PRIV, Authorizer.UPDATE_PRIV, or Authorizer.REFERENCES_PRIV
+     * @param privType(as int) Authorizer.SELECT_PRIV, Authorizer.UPDATE_PRIV, or Authorizer.REFERENCES_PRIV
      * @param forGrant
      * @param authorizationId The user name
      *
@@ -9827,6 +9827,39 @@
         return (ColPermsDescriptor) getPermissions( key);
     } // end of getColumnPermissions
 
+    /**
+     * Get one user's column privileges for a table. This routine gets called by
+     * ColPermsDescriptor.getDependableFinder and that method has hold of 
+     * privilege type in String form.
+     *
+     * @param tableUUID
+     * @param privType(as String) Authorizer.SELECT_PRIV, Authorizer.UPDATE_PRIV, or Authorizer.REFERENCES_PRIV
+     * @param forGrant
+     * @param authorizationId The user name
+     *
+     * @return a ColPermsDescriptor or null if the user has no separate column
+     *         permissions of the specified type on the table. Note that the user may have been granted
+     *         permission on all the columns of the table (no column list), in which case this routine
+     *         will return null. You must also call getTablePermissions to see if the user has permission
+     *         on a set of columns.
+     *
+     * @exception StandardException
+     */
+    public ColPermsDescriptor getColumnPermissions( UUID tableUUID,
+            String privTypeStr,
+            boolean forGrant,
+            String authorizationId)
+    throws StandardException
+	{
+        ColPermsDescriptor key = new ColPermsDescriptor( this,
+                                                         authorizationId,
+                                                         (String) null,
+                                                         tableUUID,
+                                                         privTypeStr);
+        return (ColPermsDescriptor) getPermissions( key);
+    	
+	}
+
     private static final String[] colPrivTypeMap;
     private static final String[] colPrivTypeMapForGrant;
     static {
@@ -9839,7 +9872,7 @@
         colPrivTypeMap[ Authorizer.REFERENCES_PRIV] = "r";
         colPrivTypeMapForGrant[ Authorizer.REFERENCES_PRIV] = "R";
     }
-    
+
     /**
      * Get one user's permissions for a routine (function or procedure).
      *

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSCOLPERMSRowFactory.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSCOLPERMSRowFactory.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSCOLPERMSRowFactory.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSCOLPERMSRowFactory.java Sun Jul  9 09:17:53 2006
@@ -59,12 +59,13 @@
 	static final String TABLENAME_STRING = "SYSCOLPERMS";
 
     // Column numbers for the SYSCOLPERMS table. 1 based
-    private static final int GRANTEE_COL_NUM = 1;
-    private static final int GRANTOR_COL_NUM = 2;
-    private static final int TABLEID_COL_NUM = 3;
-    private static final int TYPE_COL_NUM = 4;
-    private static final int COLUMNS_COL_NUM = 5;
-    private static final int COLUMN_COUNT = 5;
+	private static final int SYSCOLPERMS_COLPERMSID = 1;
+    private static final int GRANTEE_COL_NUM = 2;
+    private static final int GRANTOR_COL_NUM = 3;
+    private static final int TABLEID_COL_NUM = 4;
+    private static final int TYPE_COL_NUM = 5;
+    private static final int COLUMNS_COL_NUM = 6;
+    private static final int COLUMN_COUNT = 6;
 
     public static final int GRANTEE_TABLE_TYPE_GRANTOR_INDEX_NUM = 0;
 	private static final int[][] indexColumnPositions = 
@@ -95,6 +96,8 @@
 
 	public ExecRow makeRow(TupleDescriptor td, TupleDescriptor parent) throws StandardException
 	{
+        UUID						oid;
+        String colPermID = null;
         DataValueDescriptor grantee = null;
         DataValueDescriptor grantor = null;
         String tableID = null;
@@ -109,6 +112,13 @@
         else
         {
             ColPermsDescriptor cpd = (ColPermsDescriptor) td;
+            oid = cpd.getUUID();
+            if ( oid == null )
+            {
+            	oid = getUUIDFactory().createUUID();
+            	cpd.setUUID(oid);           
+            }
+            colPermID = oid.toString();
             grantee = getAuthorizationID( cpd.getGrantee());
             grantor = getAuthorizationID( cpd.getGrantor());
             tableID = cpd.getTableUUID().toString();
@@ -116,6 +126,7 @@
             columns = cpd.getColumns();
         }
         ExecRow row = getExecutionFactory().getValueRow( COLUMN_COUNT);
+        row.setColumn( SYSCOLPERMS_COLPERMSID, dvf.getCharDataValue(colPermID));
         row.setColumn( GRANTEE_COL_NUM, grantee);
         row.setColumn( GRANTOR_COL_NUM, grantor);
         row.setColumn( TABLEID_COL_NUM, dvf.getCharDataValue( tableID));
@@ -134,6 +145,8 @@
             SanityManager.ASSERT( row.nColumns() == COLUMN_COUNT,
                                   "Wrong size row passed to SYSCOLPERMSRowFactory.buildDescriptor");
 
+        String colPermsUUIDString = row.getColumn( SYSCOLPERMS_COLPERMSID).getString();
+        UUID colPermsUUID = getUUIDFactory().recreateUUID(colPermsUUIDString);
         String tableUUIDString = row.getColumn( TABLEID_COL_NUM).getString();
         UUID tableUUID = getUUIDFactory().recreateUUID(tableUUIDString);
         String type = row.getColumn( TYPE_COL_NUM).getString();
@@ -144,10 +157,13 @@
                                   "r".equals( type) || "R".equals( type),
                                   "Invalid type passed to SYSCOLPERMSRowFactory.buildDescriptor");
 
-        return new ColPermsDescriptor( dataDictionary, 
-                                       getAuthorizationID( row, GRANTEE_COL_NUM),
-                                       getAuthorizationID( row, GRANTOR_COL_NUM),
-                                       tableUUID, type, columns);
+        ColPermsDescriptor colPermsDesc =
+	        new ColPermsDescriptor( dataDictionary, 
+                    getAuthorizationID( row, GRANTEE_COL_NUM),
+                    getAuthorizationID( row, GRANTOR_COL_NUM),
+                    tableUUID, type, columns);
+        colPermsDesc.setUUID(colPermsUUID);
+        return colPermsDesc;
     } // end of buildDescriptor
 
 	/** builds a column list for the catalog */
@@ -157,6 +173,15 @@
         {
             columnList = new SystemColumn[ COLUMN_COUNT];
 
+            columnList[ SYSCOLPERMS_COLPERMSID - 1] =
+                new SystemColumnImpl( convertIdCase( "COLPERMSID"),
+                                      SYSCOLPERMS_COLPERMSID,
+                                      0, // precision
+                                      0, // scale
+                                      false, // nullability
+                                      "CHAR",
+                                      true,
+                                      36);
             columnList[ GRANTEE_COL_NUM - 1] =
               new SystemColumnImpl( convertIdCase( "GRANTEE"),
                                     GRANTEE_COL_NUM,

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSROUTINEPERMSRowFactory.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSROUTINEPERMSRowFactory.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSROUTINEPERMSRowFactory.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSROUTINEPERMSRowFactory.java Sun Jul  9 09:17:53 2006
@@ -24,7 +24,6 @@
 import org.apache.derby.iapi.sql.dictionary.TupleDescriptor;
 import org.apache.derby.iapi.sql.dictionary.RoutinePermsDescriptor;
 import org.apache.derby.iapi.sql.dictionary.DataDictionary;
-import org.apache.derby.iapi.sql.dictionary.DataDescriptorGenerator;
 import org.apache.derby.iapi.sql.dictionary.PermissionsCatalogRowFactory;
 import org.apache.derby.iapi.sql.dictionary.PermissionsDescriptor;
 
@@ -34,17 +33,12 @@
 import org.apache.derby.iapi.sql.execute.ExecRow;
 import org.apache.derby.iapi.sql.execute.ExecIndexRow;
 import org.apache.derby.iapi.sql.execute.ExecutionFactory;
-import org.apache.derby.iapi.types.TypeId;
 import org.apache.derby.iapi.types.DataValueFactory;
 import org.apache.derby.iapi.types.RowLocation;
 import org.apache.derby.iapi.types.DataValueDescriptor;
-import org.apache.derby.iapi.types.NumberDataValue;
 import org.apache.derby.iapi.types.StringDataValue;
 import org.apache.derby.iapi.services.uuid.UUIDFactory;
 import org.apache.derby.catalog.UUID;
-import org.apache.derby.catalog.Statistics;
-
-import java.sql.Timestamp;
 
 /**
  * Factory for creating a SYSROUTINEPERMS row.
@@ -56,11 +50,12 @@
 	static final String TABLENAME_STRING = "SYSROUTINEPERMS";
 
     // Column numbers for the SYSROUTINEPERMS table. 1 based
-    private static final int GRANTEE_COL_NUM = 1;
-    private static final int GRANTOR_COL_NUM = 2;
-    private static final int ALIASID_COL_NUM = 3;
-    private static final int GRANTOPTION_COL_NUM = 4;
-    private static final int COLUMN_COUNT = 4;
+    private static final int SYSROUTINEPERMS_ROUTINPERMSID = 1;
+    private static final int GRANTEE_COL_NUM = 2;
+    private static final int GRANTOR_COL_NUM = 3;
+    private static final int ALIASID_COL_NUM = 4;
+    private static final int GRANTOPTION_COL_NUM = 5;
+    private static final int COLUMN_COUNT = 5;
 
     static final int GRANTEE_ALIAS_GRANTOR_INDEX_NUM = 0;
 	private static final int[][] indexColumnPositions = 
@@ -91,6 +86,8 @@
 
 	public ExecRow makeRow(TupleDescriptor td, TupleDescriptor parent) throws StandardException
 	{
+		UUID oid;
+        String routinePermID = null;
         DataValueDescriptor grantee = null;
         DataValueDescriptor grantor = null;
         String routineID = null;
@@ -103,12 +100,20 @@
         else
         {
             RoutinePermsDescriptor rpd = (RoutinePermsDescriptor) td;
+            oid = rpd.getUUID();
+            if ( oid == null )
+            {
+				oid = getUUIDFactory().createUUID();
+				rpd.setUUID(oid);
+            }
+            routinePermID = oid.toString();
             grantee = getAuthorizationID( rpd.getGrantee());
             grantor = getAuthorizationID( rpd.getGrantor());
             if( rpd.getRoutineUUID() != null)
                 routineID = rpd.getRoutineUUID().toString();
         }
 		ExecRow row = getExecutionFactory().getValueRow( COLUMN_COUNT);
+		row.setColumn( SYSROUTINEPERMS_ROUTINPERMSID, dvf.getCharDataValue(routinePermID));
         row.setColumn( GRANTEE_COL_NUM, grantee);
         row.setColumn( GRANTOR_COL_NUM, grantor);
         row.setColumn( ALIASID_COL_NUM, dvf.getCharDataValue( routineID));
@@ -126,13 +131,18 @@
             SanityManager.ASSERT( row.nColumns() == COLUMN_COUNT,
                                   "Wrong size row passed to SYSROUTINEPERMSRowFactory.buildDescriptor");
 
+        String routinePermsUUIDString = row.getColumn(SYSROUTINEPERMS_ROUTINPERMSID).getString();
+        UUID routinePermsUUID = getUUIDFactory().recreateUUID(routinePermsUUIDString);
         String aliasUUIDString = row.getColumn( ALIASID_COL_NUM).getString();
         UUID aliasUUID = getUUIDFactory().recreateUUID(aliasUUIDString);
 
-        return new RoutinePermsDescriptor( dataDictionary,
-                                           getAuthorizationID( row, GRANTEE_COL_NUM),
-                                           getAuthorizationID( row, GRANTOR_COL_NUM),
-                                           aliasUUID);
+        RoutinePermsDescriptor routinePermsDesc =
+	        new RoutinePermsDescriptor( dataDictionary,
+                    getAuthorizationID( row, GRANTEE_COL_NUM),
+                    getAuthorizationID( row, GRANTOR_COL_NUM),
+                    aliasUUID);
+        routinePermsDesc.setUUID(routinePermsUUID);
+			return routinePermsDesc;
     } // end of buildDescriptor
 
 	/** builds a column list for the catalog */
@@ -142,6 +152,15 @@
         {
             columnList = new SystemColumn[ COLUMN_COUNT];
 
+            columnList[ SYSROUTINEPERMS_ROUTINPERMSID - 1] =
+                new SystemColumnImpl( convertIdCase( "ROUTINEPERMSID"),
+                                      SYSROUTINEPERMS_ROUTINPERMSID,
+                                      0, // precision
+                                      0, // scale
+                                      false, // nullability
+                                      "CHAR",
+                                      true,
+                                      36);
             columnList[ GRANTEE_COL_NUM - 1] =
               new SystemColumnImpl( convertIdCase( "GRANTEE"),
                                     GRANTEE_COL_NUM,

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSTABLEPERMSRowFactory.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSTABLEPERMSRowFactory.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSTABLEPERMSRowFactory.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSTABLEPERMSRowFactory.java Sun Jul  9 09:17:53 2006
@@ -29,6 +29,7 @@
 import org.apache.derby.iapi.sql.dictionary.DataDescriptorGenerator;
 import org.apache.derby.iapi.sql.dictionary.DataDictionary;
 import org.apache.derby.iapi.sql.dictionary.SystemColumn;
+import org.apache.derby.iapi.sql.dictionary.TableDescriptor;
 import org.apache.derby.iapi.sql.dictionary.TablePermsDescriptor;
 import org.apache.derby.iapi.sql.dictionary.TupleDescriptor;
 import org.apache.derby.iapi.sql.execute.ExecIndexRow;
@@ -49,16 +50,17 @@
 	static final String TABLENAME_STRING = "SYSTABLEPERMS";
 
     // Column numbers for the SYSTABLEPERMS table. 1 based
-    private static final int GRANTEE_COL_NUM = 1;
-    private static final int GRANTOR_COL_NUM = 2;
-    private static final int TABLEID_COL_NUM = 3;
-    private static final int SELECTPRIV_COL_NUM = 4;
-    private static final int DELETEPRIV_COL_NUM = 5;
-    private static final int INSERTPRIV_COL_NUM = 6;
-    private static final int UPDATEPRIV_COL_NUM = 7;
-    private static final int REFERENCESPRIV_COL_NUM = 8;
-    private static final int TRIGGERPRIV_COL_NUM = 9;
-    private static final int COLUMN_COUNT = 9;
+	private static final int SYSTABLEPERMS_TABLEPERMSID = 1;
+    private static final int GRANTEE_COL_NUM = 2;
+    private static final int GRANTOR_COL_NUM = 3;
+    private static final int TABLEID_COL_NUM = 4;
+    private static final int SELECTPRIV_COL_NUM = 5;
+    private static final int DELETEPRIV_COL_NUM = 6;
+    private static final int INSERTPRIV_COL_NUM = 7;
+    private static final int UPDATEPRIV_COL_NUM = 8;
+    private static final int REFERENCESPRIV_COL_NUM = 9;
+    private static final int TRIGGERPRIV_COL_NUM = 10;
+    private static final int COLUMN_COUNT = 10;
 
     public static final int GRANTEE_TABLE_GRANTOR_INDEX_NUM = 0;
 	private static final int[][] indexColumnPositions = 
@@ -89,8 +91,10 @@
 
 	public ExecRow makeRow(TupleDescriptor td, TupleDescriptor parent) throws StandardException
 	{
+		UUID						oid;
         DataValueDescriptor grantee = null;
         DataValueDescriptor grantor = null;
+        String tablePermID = null;
         String tableID = null;
         String selectPriv = null;
         String deletePriv = null;
@@ -107,7 +111,15 @@
         else
         {
             TablePermsDescriptor tpd = (TablePermsDescriptor) td;
-            grantee = getAuthorizationID( tpd.getGrantee());
+            oid = tpd.getUUID();
+            if ( oid == null )
+            {
+				oid = getUUIDFactory().createUUID();
+				tpd.setUUID(oid);
+            }
+            tablePermID = oid.toString();
+
+			grantee = getAuthorizationID( tpd.getGrantee());
             grantor = getAuthorizationID( tpd.getGrantor());
             tableID = tpd.getTableUUID().toString();
             selectPriv = tpd.getSelectPriv();
@@ -118,6 +130,7 @@
             triggerPriv = tpd.getTriggerPriv();
         }
         ExecRow row = getExecutionFactory().getValueRow( COLUMN_COUNT);
+        row.setColumn( SYSTABLEPERMS_TABLEPERMSID, dvf.getCharDataValue(tablePermID));
         row.setColumn( GRANTEE_COL_NUM, grantee);
         row.setColumn( GRANTOR_COL_NUM, grantor);
         row.setColumn( TABLEID_COL_NUM, dvf.getCharDataValue( tableID));
@@ -137,10 +150,12 @@
                                            DataDictionary dataDictionary)
 		throws StandardException
     {
-        if( SanityManager.DEBUG)
+		if( SanityManager.DEBUG)
             SanityManager.ASSERT( row.nColumns() == COLUMN_COUNT,
                                   "Wrong size row passed to SYSTABLEPERMSRowFactory.buildDescriptor");
 
+        String tablePermsUUIDString = row.getColumn(SYSTABLEPERMS_TABLEPERMSID).getString();
+        UUID tablePermsUUID = getUUIDFactory().recreateUUID(tablePermsUUIDString);
         String tableUUIDString = row.getColumn( TABLEID_COL_NUM).getString();
         UUID tableUUID = getUUIDFactory().recreateUUID(tableUUIDString);
         String selectPriv  = row.getColumn( SELECTPRIV_COL_NUM).getString();
@@ -165,12 +180,15 @@
                                   "Invalid SYSTABLEPERMS.triggerPriv column value: " + triggerPriv);
         }
 
-        return new TablePermsDescriptor( dataDictionary,
+		TablePermsDescriptor tabPermsDesc =
+        new TablePermsDescriptor( dataDictionary,
                                          getAuthorizationID( row, GRANTEE_COL_NUM),
                                          getAuthorizationID( row, GRANTOR_COL_NUM),
                                          tableUUID,
                                          selectPriv, deletePriv, insertPriv,
                                          updatePriv, referencesPriv, triggerPriv);
+		tabPermsDesc.setUUID(tablePermsUUID);
+		return tabPermsDesc;
     } // end of buildDescriptor
 
 	/** builds a column list for the catalog */
@@ -180,6 +198,15 @@
         {
             columnList = new SystemColumn[ COLUMN_COUNT];
 
+            columnList[ SYSTABLEPERMS_TABLEPERMSID - 1] =
+                new SystemColumnImpl( convertIdCase( "TABLEPERMSID"),
+                                      SYSTABLEPERMS_TABLEPERMSID,
+                                      0, // precision
+                                      0, // scale
+                                      false, // nullability
+                                      "CHAR",
+                                      true,
+                                      36);
             columnList[ GRANTEE_COL_NUM - 1] =
               new SystemColumnImpl( convertIdCase( "GRANTEE"),
                                     GRANTEE_COL_NUM,

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CreateSchemaNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CreateSchemaNode.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CreateSchemaNode.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CreateSchemaNode.java Sun Jul  9 09:17:53 2006
@@ -110,7 +110,8 @@
 		super.bind();
 
 		CompilerContext cc = getCompilerContext();
-		cc.addRequiredSchemaPriv(name, aid, Authorizer.CREATE_SCHEMA_PRIV);
+		if (isPrivilegeCollectionRequired())
+			cc.addRequiredSchemaPriv(name, aid, Authorizer.CREATE_SCHEMA_PRIV);
 
 		return this;
 	}

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CreateTriggerNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CreateTriggerNode.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CreateTriggerNode.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CreateTriggerNode.java Sun Jul  9 09:17:53 2006
@@ -247,10 +247,12 @@
 		{
 				throw StandardException.newException(SQLState.LANG_OPERATION_NOT_ALLOWED_ON_SESSION_SCHEMA_TABLES);
 		}
-
-		compilerContext.pushCurrentPrivType(Authorizer.TRIGGER_PRIV);
-		compilerContext.addRequiredTablePriv(triggerTableDescriptor);
-		compilerContext.popCurrentPrivType();
+		if (isPrivilegeCollectionRequired())
+		{
+			compilerContext.pushCurrentPrivType(Authorizer.TRIGGER_PRIV);
+			compilerContext.addRequiredTablePriv(triggerTableDescriptor);
+			compilerContext.popCurrentPrivType();			
+		}
 
 		/*
 		** Regenerates the actionText and actionNode if necessary.

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/DDLStatementNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/DDLStatementNode.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/DDLStatementNode.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/DDLStatementNode.java Sun Jul  9 09:17:53 2006
@@ -238,10 +238,11 @@
 			sd  = new SchemaDescriptor(getDataDictionary(), schemaName,
 				(String) null, (UUID)null, false);
 
-			cc.addRequiredSchemaPriv(schemaName, null, Authorizer.CREATE_SCHEMA_PRIV);
+			if (isPrivilegeCollectionRequired())
+				cc.addRequiredSchemaPriv(schemaName, null, Authorizer.CREATE_SCHEMA_PRIV);
 		}
 
-		if (ownerCheck)
+		if (ownerCheck && isPrivilegeCollectionRequired())
 			cc.addRequiredSchemaPriv(sd.getSchemaName(), null,
 						Authorizer.MODIFY_SCHEMA_PRIV);
 

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/DeleteNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/DeleteNode.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/DeleteNode.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/DeleteNode.java Sun Jul  9 09:17:53 2006
@@ -391,9 +391,12 @@
 
 				}
 			}
-			getCompilerContext().pushCurrentPrivType( getPrivType());
-			getCompilerContext().addRequiredTablePriv( targetTableDescriptor);
-			getCompilerContext().popCurrentPrivType();
+			if (isPrivilegeCollectionRequired())
+			{
+				getCompilerContext().pushCurrentPrivType( getPrivType());
+				getCompilerContext().addRequiredTablePriv( targetTableDescriptor);
+				getCompilerContext().popCurrentPrivType();
+			}
 		}
 		finally
 		{

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FKConstraintDefinitionNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FKConstraintDefinitionNode.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FKConstraintDefinitionNode.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FKConstraintDefinitionNode.java Sun Jul  9 09:17:53 2006
@@ -117,7 +117,8 @@
 				// Set tableDescriptor for this column descriptor. Needed for adding required table
 				// access permission. Column descriptors may not have this set already.
 				cd.setTableDescriptor(td);
-				getCompilerContext().addRequiredColumnPriv(cd);
+				if (isPrivilegeCollectionRequired())
+					getCompilerContext().addRequiredColumnPriv(cd);
 			}
 
 		}
@@ -132,7 +133,8 @@
 					// Set tableDescriptor for this column descriptor. Needed for adding required table
 					// access permission. Column descriptors may not have this set already.
 					cd.setTableDescriptor(td);
-					getCompilerContext().addRequiredColumnPriv(cd);
+					if (isPrivilegeCollectionRequired())
+						getCompilerContext().addRequiredColumnPriv(cd);
 				}
 			}
 		}

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromBaseTable.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromBaseTable.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromBaseTable.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromBaseTable.java Sun Jul  9 09:17:53 2006
@@ -33,10 +33,7 @@
 import org.apache.derby.iapi.util.ReuseFactory;
 import org.apache.derby.iapi.services.classfile.VMOpcode;
 
-import org.apache.derby.iapi.services.loader.GeneratedMethod;
-import org.apache.derby.iapi.services.context.ContextManager;
 import org.apache.derby.iapi.services.compiler.MethodBuilder;
-import org.apache.derby.iapi.services.monitor.Monitor;
 import org.apache.derby.iapi.services.property.PropertyUtil;
 import org.apache.derby.iapi.services.sanity.SanityManager;
 
@@ -65,18 +62,11 @@
 import org.apache.derby.iapi.sql.dictionary.TableDescriptor;
 import org.apache.derby.iapi.sql.dictionary.ViewDescriptor;
 
-import org.apache.derby.iapi.sql.execute.CursorResultSet;
 import org.apache.derby.iapi.sql.execute.ExecRow;
 import org.apache.derby.iapi.sql.execute.ExecutionContext;
 
-
-import org.apache.derby.iapi.sql.ResultSet;
-import org.apache.derby.iapi.sql.Activation;
 import org.apache.derby.iapi.sql.LanguageProperties;
 
-import org.apache.derby.iapi.types.TypeId;
-
-import org.apache.derby.iapi.store.access.Qualifier;
 import org.apache.derby.iapi.store.access.StaticCompiledOpenConglomInfo;
 import org.apache.derby.iapi.store.access.StoreCostController;
 import org.apache.derby.iapi.store.access.ScanController;
@@ -87,12 +77,6 @@
 import org.apache.derby.impl.sql.compile.ExpressionClassBuilder;
 import org.apache.derby.impl.sql.compile.ActivationClassBuilder;
 
-import org.apache.derby.impl.sql.execute.HashScanResultSet;
-
-
-
-import java.sql.Connection;
-
 import java.util.Enumeration;
 import java.util.Properties;
 import java.util.Vector;
@@ -2214,7 +2198,22 @@
 				{
 					resultColumns.setCountMismatchAllowed(true);
 				}
-	
+				//Views execute with definer's privileges and if any one of 
+				//those privileges' are revoked from the definer, the view gets
+				//dropped. So, a view can exist in Derby only if it's owner has
+				//all the privileges needed to create one. In order to do a 
+				//select from a view, a user only needs select privilege on the
+				//view and doesn't need any privilege for objects accessed by
+				//the view. Hence, when collecting privilege requirement for a
+				//sql accessing a view, we only need to look for select privilege
+				//on the actual view and that is what the following code is
+				//checking.
+				for (int i = 0; i < resultColumns.size(); i++) {
+					ResultColumn rc = (ResultColumn) resultColumns.elementAt(i);
+					if (rc.isPrivilegeCollectionRequired())
+						compilerContext.addRequiredColumnPriv( rc.getTableColumnDescriptor());
+				}
+
 				fsq = (FromTable) getNodeFactory().getNode(
 					C_NodeTypes.FROM_SUBQUERY,
 					rsn, 
@@ -2224,6 +2223,13 @@
 					getContextManager());
 				// Transfer the nesting level to the new FromSubquery
 				fsq.setLevel(level);
+				//We are getting ready to bind the query underneath the view. Since
+				//that query is going to run with definer's privileges, we do not
+				//need to collect any privilege requirement for that query. 
+				//Following call is marking the query to run with definer 
+				//privileges. This marking will make sure that we do not collect
+				//any privilege requirement for it.
+				fsq.disablePrivilegeCollection();
 				return fsq.bindNonVTITables(dataDictionary, fromListParam);
 			}
 			finally

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromList.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromList.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromList.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromList.java Sun Jul  9 09:17:53 2006
@@ -20,8 +20,6 @@
 
 package	org.apache.derby.impl.sql.compile;
 
-import org.apache.derby.iapi.services.context.ContextManager;
-
 import org.apache.derby.iapi.services.sanity.SanityManager;
 
 import org.apache.derby.iapi.sql.compile.CompilerContext;
@@ -578,8 +576,8 @@
 					columnReference.setSourceLevel(currentLevel);
 					columnNameMatch = true;
 
-					CompilerContext cc = getCompilerContext();
-					cc.addRequiredColumnPriv( resultColumn.getTableColumnDescriptor());
+					if (fromTable.isPrivilegeCollectionRequired())
+						getCompilerContext().addRequiredColumnPriv( resultColumn.getTableColumnDescriptor());						
 				}
 				else
 				{

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromSubquery.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromSubquery.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromSubquery.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromSubquery.java Sun Jul  9 09:17:53 2006
@@ -703,6 +703,15 @@
 		return rcList;
 	}
 
+	/** 
+	 * @see QueryTreeNode#disablePrivilegeCollection
+	 */
+	public void disablePrivilegeCollection()
+	{
+		super.disablePrivilegeCollection();
+		subquery.disablePrivilegeCollection();
+	}
+
 	/**
 	 * Search to see if a query references the specifed table name.
 	 *

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/InsertNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/InsertNode.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/InsertNode.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/InsertNode.java Sun Jul  9 09:17:53 2006
@@ -502,9 +502,13 @@
 			autoincRowLocation = 
 				dd.computeAutoincRowLocations(tc, targetTableDescriptor);
 
-			getCompilerContext().pushCurrentPrivType(getPrivType());
-			getCompilerContext().addRequiredTablePriv(targetTableDescriptor);
-			getCompilerContext().popCurrentPrivType();
+			if (isPrivilegeCollectionRequired())
+			{
+				getCompilerContext().pushCurrentPrivType(getPrivType());
+				getCompilerContext().addRequiredTablePriv(targetTableDescriptor);
+				getCompilerContext().popCurrentPrivType();				
+			}
+
 		}
 		else
 		{

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/JavaToSQLValueNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/JavaToSQLValueNode.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/JavaToSQLValueNode.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/JavaToSQLValueNode.java Sun Jul  9 09:17:53 2006
@@ -216,6 +216,16 @@
 		return javaNode;
 	}
 
+	/** 
+	 * @see QueryTreeNode#disablePrivilegeCollection
+	 */
+	public void disablePrivilegeCollection()
+	{
+		super.disablePrivilegeCollection();
+		if (javaNode != null)
+			javaNode.disablePrivilegeCollection();
+	}
+
 	/**
 	 * Bind this expression.  This means binding the sub-expressions,
 	 * as well as figuring out what the return type is for this expression.

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/PrivilegeNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/PrivilegeNode.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/PrivilegeNode.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/PrivilegeNode.java Sun Jul  9 09:17:53 2006
@@ -122,9 +122,9 @@
             if (isSessionSchema(sd.getSchemaName()))
                 throw StandardException.newException(SQLState.LANG_OPERATION_NOT_ALLOWED_ON_SESSION_SCHEMA_TABLES);
 
-            // GrantRevoke TODO: Need to enable for views later. Disable for now.
-            // Disable grant on VTIs and Synonyms
-            if (td.getTableType() != TableDescriptor.BASE_TABLE_TYPE)
+            // GrantRevoke TODO: Disable grant on VTIs and Synonyms
+            if (td.getTableType() != TableDescriptor.BASE_TABLE_TYPE &&
+            		td.getTableType() != TableDescriptor.VIEW_TYPE)
                 throw StandardException.newException(SQLState.AUTH_GRANT_REVOKE_NOT_ALLOWED, tableName.getFullTableName());
 
             specificPrivileges.bind( td);

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/QueryTreeNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/QueryTreeNode.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/QueryTreeNode.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/QueryTreeNode.java Sun Jul  9 09:17:53 2006
@@ -95,6 +95,30 @@
 	private GenericConstantActionFactory	constantActionFactory;
 
 	/**
+	 * In Derby SQL Standard Authorization, views, triggers and constraints 
+	 * execute with definer's privileges. Taking a specific eg of views
+	 * user1
+	 * create table t1 (c11 int);
+	 * create view v1 as select * from user1.t1;
+	 * grant select on v1 to user2;
+	 * user2
+	 * select * from user1.v1;
+	 * Running with definer's privileges mean that since user2 has select
+	 * privileges on view v1 owned by user1, then that is sufficient for user2
+	 * to do a select from view v1. View v1 underneath might access some
+	 * objects that user2 doesn't have privileges on, but that is not a problem
+	 * since views execute with definer's privileges. In order to implement this
+	 * behavior, when doing a select from view v1, we only want to check for
+	 * select privilege on view v1. While processing the underlying query for
+	 * view v1, we want to stop collecting the privilege requirements for the
+	 * query underneath. Following flag, isPrivilegeCollectionRequired is used
+	 * for this purpose. The flag will be true when we are the top level of view
+	 * and then it is turned off while we process the query underlying the view
+	 * v1.             
+	 */
+	boolean isPrivilegeCollectionRequired = true;
+
+	/**
 	 * Set the ContextManager for this node.
 	 * 
 	 * @param cm	The ContextManager.
@@ -497,6 +521,39 @@
 	final boolean isSessionSchema(String schemaName)
 	{
 		return SchemaDescriptor.STD_DECLARED_GLOBAL_TEMPORARY_TABLES_SCHEMA_NAME.equals(schemaName);
+	}
+
+	/**
+	 * Triggers, constraints and views get executed with their definer's
+	 * privileges and they can exist in the system only if their definers'
+	 * still have all the privileges to creeate them. Based on this, any
+	 * time a trigger/view/constraint is executing, we do not need to waste
+	 * time in checking if the definer still has the right set of privileges.
+	 * At compile time, we wil make sure that we do not collect the privilege
+	 * requirement for objects accessed with definer privileges by calling the
+	 * following method. 
+	 */
+	public void disablePrivilegeCollection()
+	{
+		isPrivilegeCollectionRequired = false;
+	}
+
+	/**
+	 * Return true from this method means that we need to collect privilege
+	 * requirement for this node. For following cases, this method will
+	 * return true.
+	 * 1)execute view - collect privilege to access view but do not collect
+	 * privilege requirements for objects accessed by actual view uqery
+	 * 2)execute select - collect privilege requirements for objects accessed
+	 * by select statement
+	 * 3)create view -  collect privileges for select statement : the select
+	 * statement for create view falls under 2) category above.
+	 * 
+	 * @return true if need to collect privilege requirement for this node
+	 */
+	public boolean isPrivilegeCollectionRequired()
+	{
+		return(isPrivilegeCollectionRequired);
 	}
 
 	/**

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ResultColumn.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ResultColumn.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ResultColumn.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ResultColumn.java Sun Jul  9 09:17:53 2006
@@ -678,7 +678,8 @@
 
 		setColumnDescriptor(tableDescriptor, columnDescriptor);
 		setVirtualColumnId(columnId);
-		getCompilerContext().addRequiredColumnPriv( columnDescriptor);
+		if (isPrivilegeCollectionRequired())
+			getCompilerContext().addRequiredColumnPriv( columnDescriptor);
 	}
 	
 	/**
@@ -1322,6 +1323,16 @@
 	public boolean updatableByCursor()
 	{
 		return updatableByCursor;
+	}
+
+	/** 
+	 * @see QueryTreeNode#disablePrivilegeCollection
+	 */
+	public void disablePrivilegeCollection()
+	{
+		super.disablePrivilegeCollection();
+		if (expression != null)
+			expression.disablePrivilegeCollection();
 	}
 
 	/**

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ResultColumnList.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ResultColumnList.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ResultColumnList.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ResultColumnList.java Sun Jul  9 09:17:53 2006
@@ -2482,6 +2482,18 @@
 		}
 	}
 
+	/** 
+	 * @see QueryTreeNode#disablePrivilegeCollection
+	 */
+	public void disablePrivilegeCollection()
+	{
+		super.disablePrivilegeCollection();
+
+		int size = size();
+		for (int index = 0; index < size; index++)
+			((ResultColumn) elementAt(index)).disablePrivilegeCollection();			
+	}
+	
 	/**
 	 * Verify that all of the column names in this list are contained
 	 * within the ColumnDefinitionNodes within the TableElementList.

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ResultSetNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ResultSetNode.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ResultSetNode.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ResultSetNode.java Sun Jul  9 09:17:53 2006
@@ -598,6 +598,16 @@
 									getContextManager());
 	}
 
+	/** 
+	 * @see QueryTreeNode#disablePrivilegeCollection
+	 */
+	public void disablePrivilegeCollection()
+	{
+		super.disablePrivilegeCollection();
+		if (resultColumns != null)
+			resultColumns.disablePrivilegeCollection();
+	}
+
 	/**
 	 * Bind the result columns of this ResultSetNode when there is no
 	 * base table to bind them to.  This is useful for SELECT statements,

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/SelectNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/SelectNode.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/SelectNode.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/SelectNode.java Sun Jul  9 09:17:53 2006
@@ -1968,6 +1968,17 @@
 		return false;
 	}
 
+	/** 
+	 * @see QueryTreeNode#disablePrivilegeCollection
+	 */
+	public void disablePrivilegeCollection()
+	{
+		super.disablePrivilegeCollection();
+		int fromListSize = fromList.size();
+		for( int i = 0; i < fromListSize; i++)
+			((FromTable) fromList.elementAt(i)).disablePrivilegeCollection();
+	}
+
 	/**
 	 * Return whether or not this ResultSetNode contains a subquery with a
 	 * reference to the specified target table.

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/StaticMethodCallNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/StaticMethodCallNode.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/StaticMethodCallNode.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/StaticMethodCallNode.java Sun Jul  9 09:17:53 2006
@@ -235,7 +235,8 @@
 
 
 		alreadyBound = true;
-		getCompilerContext().addRequiredRoutinePriv(ad);
+		if (isPrivilegeCollectionRequired())
+			getCompilerContext().addRequiredRoutinePriv(ad);
 
 		// If this is a function call with a variable length
 		// return type, then we need to push a CAST node.

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateConstraintConstantAction.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateConstraintConstantAction.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateConstraintConstantAction.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateConstraintConstantAction.java Sun Jul  9 09:17:53 2006
@@ -33,20 +33,15 @@
 
 import org.apache.derby.iapi.sql.dictionary.DDUtils;
 import org.apache.derby.iapi.sql.dictionary.ColumnDescriptor;
-import org.apache.derby.iapi.sql.dictionary.ColumnDescriptorList;
 import org.apache.derby.iapi.sql.dictionary.ConglomerateDescriptor;
 import org.apache.derby.iapi.sql.dictionary.ConstraintDescriptor;
-import org.apache.derby.iapi.sql.dictionary.ConstraintDescriptorList;
 import org.apache.derby.iapi.sql.dictionary.DataDescriptorGenerator;
 import org.apache.derby.iapi.sql.dictionary.DataDictionary;
-import org.apache.derby.iapi.sql.dictionary.DataDictionaryContext;
 import org.apache.derby.iapi.sql.dictionary.ForeignKeyConstraintDescriptor;
 import org.apache.derby.iapi.sql.dictionary.ReferencedKeyConstraintDescriptor;
 import org.apache.derby.iapi.sql.dictionary.SchemaDescriptor;
 import org.apache.derby.iapi.sql.dictionary.TableDescriptor;
 
-import org.apache.derby.iapi.types.DataValueFactory;
-
 import org.apache.derby.iapi.reference.SQLState;
 
 import org.apache.derby.iapi.sql.depend.DependencyManager;
@@ -54,12 +49,9 @@
 import org.apache.derby.iapi.sql.depend.ProviderInfo;
 
 import org.apache.derby.iapi.sql.execute.ConstantAction;
-import org.apache.derby.iapi.sql.execute.ExecIndexRow;
 
 import org.apache.derby.iapi.sql.Activation;
 
-import org.apache.derby.iapi.store.access.ConglomerateController;
-import org.apache.derby.iapi.store.access.ScanController;
 import org.apache.derby.iapi.store.access.TransactionController;
 import org.apache.derby.iapi.services.loader.ClassFactory;
 
@@ -360,6 +352,8 @@
 				
 				/* Create stored dependency on the referenced constraint */
 				dm.addDependency(conDesc, referencedConstraint, lcc.getContextManager());
+				//store constraint's dependency on REFERENCES privileges in the dependeny system
+				storeConstraintDependenciesOnPrivileges(activation, conDesc, referencedConstraint.getTableId());				
 				break;
 
 			default:
@@ -426,7 +420,7 @@
 				DependencyManager.CREATE_CONSTRAINT, lcc);
 		}
 	}
-
+	
 	/**
 	 * Is the constant action for a foreign key
 	 *

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateTriggerConstantAction.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateTriggerConstantAction.java?rev=420306&r1=420305&r2=420306&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateTriggerConstantAction.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateTriggerConstantAction.java Sun Jul  9 09:17:53 2006
@@ -27,7 +27,6 @@
 import org.apache.derby.iapi.sql.execute.ConstantAction;
 
 import org.apache.derby.iapi.sql.dictionary.DataDescriptorGenerator;
-import org.apache.derby.iapi.sql.dictionary.DataDictionaryContext;
 import org.apache.derby.iapi.sql.dictionary.DataDictionary;
 import org.apache.derby.iapi.sql.dictionary.SchemaDescriptor;
 import org.apache.derby.iapi.sql.dictionary.SPSDescriptor;
@@ -308,6 +307,8 @@
 		dm.addDependency(triggerd, actionspsd, lcc.getContextManager());
 		dm.addDependency(triggerd, triggerTable, lcc.getContextManager());
 		dm.addDependency(actionspsd, triggerTable, lcc.getContextManager());
+		//store trigger's dependency on various privileges in the dependeny system
+		storeViewTriggerDependenciesOnPrivileges(activation, triggerd);		
 	}
 
 



Mime
View raw message