db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rhille...@apache.org
Subject svn commit: r434408 - in /db/derby/code/trunk/java: engine/org/apache/derby/impl/sql/execute/ engine/org/apache/derby/loc/ shared/org/apache/derby/shared/common/reference/ testing/org/apache/derbyTesting/functionTests/master/ testing/org/apache/derbyTe...
Date Thu, 24 Aug 2006 15:58:29 GMT
Author: rhillegas
Date: Thu Aug 24 08:58:27 2006
New Revision: 434408

URL: http://svn.apache.org/viewvc?rev=434408&view=rev
Log:
DERBY-1582: Commit Deepa's d1582_v2.diff patch, raising a warning for vacuous REVOKEs.

Modified:
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/PrivilegeInfo.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/RoutinePrivilegeInfo.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/TablePrivilegeInfo.java
    db/derby/code/trunk/java/engine/org/apache/derby/loc/messages_en.properties
    db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/grantRevokeDDL.out
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/grantRevokeDDL.sql

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/PrivilegeInfo.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/PrivilegeInfo.java?rev=434408&r1=434407&r2=434408&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/PrivilegeInfo.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/PrivilegeInfo.java Thu
Aug 24 08:58:27 2006
@@ -76,4 +76,24 @@
 									  sd.getSchemaName(),
 									  objectDescriptor.getDescriptorName());
 	}
+	
+	/**
+	 * This method adds a warning if a revoke statement has not revoked 
+	 * any privileges from a grantee.
+	 * 
+	 * @param activation
+	 * @param grant true if grant, false if revoke
+	 * @param privileges_revoked true, if at least one privilege has been 
+	 * 							revoked from a grantee, false otherwise
+	 * @param grantee authorization id of the user
+	 */
+	protected void addWarningIfPrivilegeNotRevoked( Activation activation,
+													boolean grant,
+													boolean privileges_revoked,
+													String grantee) 
+	{
+		if(!grant && !privileges_revoked)
+			activation.addWarning(StandardException.newWarning
+					(SQLState.LANG_PRIVILEGE_NOT_REVOKED, grantee));
+	}
 }

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/RoutinePrivilegeInfo.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/RoutinePrivilegeInfo.java?rev=434408&r1=434407&r2=434408&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/RoutinePrivilegeInfo.java
(original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/RoutinePrivilegeInfo.java
Thu Aug 24 08:58:27 2006
@@ -78,13 +78,21 @@
 		dd.startWriting(lcc);
 		for( Iterator itr = grantees.iterator(); itr.hasNext();)
 		{
+			// Keep track to see if any privileges are revoked by a revoke 
+			// statement. If a privilege is not revoked, we need to raise a
+			// warning.
+			boolean privileges_revoked = false;
 			String grantee = (String) itr.next();
-			if (dd.addRemovePermissionsDescriptor( grant, routinePermsDesc, grantee, tc))
+			if (dd.addRemovePermissionsDescriptor( grant, routinePermsDesc, grantee, tc)) 
+			{
+				privileges_revoked = true;	
 				//Derby currently supports only restrict form of revoke execute
 				//privilege and that is why, we are sending invalidation action 
 				//as REVOKE_PRIVILEGE_RESTRICT rather than REVOKE_PRIVILEGE
         		dd.getDependencyManager().invalidateFor(routinePermsDesc, DependencyManager.REVOKE_PRIVILEGE_RESTRICT,
lcc);
-
+			}
+			
+			addWarningIfPrivilegeNotRevoked(activation, grant, privileges_revoked, grantee);
 		}
 	} // end of executeConstantAction
 }

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/TablePrivilegeInfo.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/TablePrivilegeInfo.java?rev=434408&r1=434407&r2=434408&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/TablePrivilegeInfo.java
(original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/TablePrivilegeInfo.java
Thu Aug 24 08:58:27 2006
@@ -128,22 +128,38 @@
 		// Add or remove the privileges to/from the SYS.SYSTABLEPERMS and SYS.SYSCOLPERMS tables
 		for( Iterator itr = grantees.iterator(); itr.hasNext();)
 		{
+			// Keep track to see if any privileges are revoked by a revoke 
+			// statement. If a privilege is not revoked, we need to raise a 
+			// warning. For table privileges, we do not check if privilege for 
+			// a specific action has been revoked or not. Also, we do not check
+			// privileges for specific columns. If at least one privilege has 
+			// been revoked, we do not raise a warning. This has to be refined 
+			// further to check for specific actions/columns and raise warning 
+			// if any privilege has not been revoked.
+			boolean privileges_revoked = false;
+						
 			String grantee = (String) itr.next();
 			if( tablePermsDesc != null)
 			{
 				if (dd.addRemovePermissionsDescriptor( grant, tablePermsDesc, grantee, tc))
 				{
-	        		dd.getDependencyManager().invalidateFor(tablePermsDesc, DependencyManager.REVOKE_PRIVILEGE,
lcc);
+					privileges_revoked = true;
+					dd.getDependencyManager().invalidateFor(tablePermsDesc, DependencyManager.REVOKE_PRIVILEGE,
lcc);
 				}
 			}
 			for( int i = 0; i < columnBitSets.length; i++)
 			{
 				if( colPermsDescs[i] != null)
 				{
-					if (dd.addRemovePermissionsDescriptor( grant, colPermsDescs[i], grantee, tc))					
-		        		dd.getDependencyManager().invalidateFor(colPermsDescs[i], DependencyManager.REVOKE_PRIVILEGE,
lcc);
+					if (dd.addRemovePermissionsDescriptor( grant, colPermsDescs[i], grantee, tc)) 
+					{
+						privileges_revoked = true;
+						dd.getDependencyManager().invalidateFor(colPermsDescs[i], DependencyManager.REVOKE_PRIVILEGE,
lcc);
+					}
 				}
 			}
+			
+			addWarningIfPrivilegeNotRevoked(activation, grant, privileges_revoked, grantee);
 		}
 	} // end of executeConstantAction
 

Modified: db/derby/code/trunk/java/engine/org/apache/derby/loc/messages_en.properties
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/loc/messages_en.properties?rev=434408&r1=434407&r2=434408&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/loc/messages_en.properties (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/loc/messages_en.properties Thu Aug 24
08:58:27 2006
@@ -428,6 +428,7 @@
 01522=The newly defined synonym ''{0}'' resolved to the object ''{1}'' which is currently
undefined.
 01001=An attempt to update or delete an already deleted row was made: No row was updated
or deleted.
 01003=Null values were eliminated from the argument of a column function.
+01006=Privilege not revoked from {0}.
 0100E=XX Attempt to return too many result sets. 
 02000=No row was found for FETCH, UPDATE or DELETE; or the result of a query is an empty
table.
 # Next one is generic XQuery error per SQL/XML[2006]

Modified: db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java?rev=434408&r1=434407&r2=434408&view=diff
==============================================================================
--- db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java
(original)
+++ db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java
Thu Aug 24 08:58:27 2006
@@ -638,7 +638,8 @@
 	String LANG_VALUE_TRUNCATED                                        = "01505";
 	String LANG_SYNONYM_UNDEFINED                                      = "01522";
 	String LANG_NULL_ELIMINATED_IN_SET_FUNCTION						   = "01003";
-
+	String LANG_PRIVILEGE_NOT_REVOKED						   		   = "01006";
+	
 	String LANG_NO_ROW_FOUND									   	   = "02000";
 
 	String LANG_TOO_MANY_DYNAMIC_RESULTS_RETURNED					   = "0100E";
@@ -1598,7 +1599,7 @@
     String UNABLE_TO_OBTAIN_MESSAGE_TEXT_FROM_SERVER  = "01J12";
     String NUMBER_OF_ROWS_TOO_LARGE_FOR_INT = "01J13";
 	String SQL_AUTHORIZATION_WITH_NO_AUTHENTICATION = "01J14";
-
+		
     String CURSOR_OPERATION_CONFLICT = "01001";
 
 

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/grantRevokeDDL.out
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/grantRevokeDDL.out?rev=434408&r1=434407&r2=434408&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/grantRevokeDDL.out
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/grantRevokeDDL.out
Thu Aug 24 08:58:27 2006
@@ -37,11 +37,24 @@
 ij(BARCONNECTION)> revoke delete on satheesh.tsat from foo;
 ERROR: Failed with SQLSTATE 2850C
 ij(BARCONNECTION)> set connection satConnection;
-ij(SATCONNECTION)> -- Revoke permissions not granted already
+ij(SATCONNECTION)> -- Revoke table permissions not granted already. This should raise
warnings.
 revoke trigger on satheesh.tsat from foo;
 0 rows inserted/updated/deleted
+WARNING 01006: Privilege not revoked from FOO.
 ij(SATCONNECTION)> revoke references on satheesh.tsat from foo;
 0 rows inserted/updated/deleted
+WARNING 01006: Privilege not revoked from FOO.
+ij(SATCONNECTION)> -- This should raise warnings for bar
+revoke insert on satheesh.tsat from foo, bar;
+0 rows inserted/updated/deleted
+WARNING 01006: Privilege not revoked from BAR.
+ij(SATCONNECTION)> -- This should raise warnings for both foo and bar
+revoke insert on satheesh.tsat from foo, bar;
+0 rows inserted/updated/deleted
+WARNING 01006: Privilege not revoked from FOO.
+WARNING 01006: Privilege not revoked from BAR.
+ij(SATCONNECTION)> grant insert on satheesh.tsat to foo;
+0 rows inserted/updated/deleted
 ij(SATCONNECTION)> -- Following revokes should revoke permissions
 revoke update on satheesh.tsat from foo;
 0 rows inserted/updated/deleted
@@ -71,6 +84,10 @@
 EXTERNAL NAME 'java.lang.Math.abs'
 LANGUAGE JAVA PARAMETER STYLE JAVA;
 0 rows inserted/updated/deleted
+ij(SATCONNECTION)> -- Revoke routine permission not granted already. This should raise
a warning.
+revoke execute on function F_ABS(int) from bar RESTRICT;
+0 rows inserted/updated/deleted
+WARNING 01006: Privilege not revoked from BAR.
 ij(SATCONNECTION)> grant execute on function F_ABS to foo;
 0 rows inserted/updated/deleted
 ij(SATCONNECTION)> grant execute on function F_ABS(int) to bar;
@@ -395,8 +412,10 @@
 0 rows inserted/updated/deleted
 ij(SWIPERCONNECTION)> revoke select on swiperTab from satheesh;
 0 rows inserted/updated/deleted
+WARNING 01006: Privilege not revoked from SATHEESH.
 ij(SWIPERCONNECTION)> revoke insert on swiperTab from satheesh;
 0 rows inserted/updated/deleted
+WARNING 01006: Privilege not revoked from SATHEESH.
 ij(SWIPERCONNECTION)> set connection satConnection;
 ij(SATCONNECTION)> -- Should still work, as satheesh is DBA
 select * from swiper.swiperTab;
@@ -416,6 +435,7 @@
 0 rows inserted/updated/deleted
 ij(SATCONNECTION)> revoke insert on swiper.swiperTab from satheesh;
 0 rows inserted/updated/deleted
+WARNING 01006: Privilege not revoked from SATHEESH.
 ij(SATCONNECTION)> -- Test system routines. Some don't need explicit grant and others
do
 -- allowing for only DBA use by default
 set connection satConnection;
@@ -553,6 +573,7 @@
 ij(MAMTA4)> set connection mamta1;
 ij(MAMTA1)> revoke all privileges on t11 from PUBLIC;
 0 rows inserted/updated/deleted
+WARNING 01006: Privilege not revoked from PUBLIC.
 ij(MAMTA1)> select * from mamta1.t11;
 C111       
 -----------
@@ -609,6 +630,7 @@
 1 row selected
 ij(MAMTA1)> revoke select on t11 from mamta2, mamta3, mamta4;
 0 rows inserted/updated/deleted
+WARNING 01006: Privilege not revoked from MAMTA4.
 ij(MAMTA1)> revoke update(c111, c112) on t11 from mamta2, mamta3, mamta4;
 0 rows inserted/updated/deleted
 ij(MAMTA1)> drop table t11;

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/grantRevokeDDL.sql
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/grantRevokeDDL.sql?rev=434408&r1=434407&r2=434408&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/grantRevokeDDL.sql
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/grantRevokeDDL.sql
Thu Aug 24 08:58:27 2006
@@ -23,9 +23,14 @@
 
 set connection satConnection;
 
--- Revoke permissions not granted already
+-- Revoke table permissions not granted already. This should raise warnings.
 revoke trigger on satheesh.tsat from foo;
 revoke references on satheesh.tsat from foo;
+-- This should raise warnings for bar
+revoke insert on satheesh.tsat from foo, bar;
+-- This should raise warnings for both foo and bar
+revoke insert on satheesh.tsat from foo, bar;
+grant insert on satheesh.tsat to foo;
 
 -- Following revokes should revoke permissions
 revoke update on satheesh.tsat from foo;
@@ -48,6 +53,9 @@
 RETURNS NULL ON NULL INPUT
 EXTERNAL NAME 'java.lang.Math.abs'
 LANGUAGE JAVA PARAMETER STYLE JAVA;
+
+-- Revoke routine permission not granted already. This should raise a warning.
+revoke execute on function F_ABS(int) from bar RESTRICT;
 
 grant execute on function F_ABS to foo;
 grant execute on function F_ABS(int) to bar;



Mime
View raw message