db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mi...@apache.org
Subject svn commit: r434577 - in /db/derby/code/trunk/java: engine/org/apache/derby/impl/sql/compile/ testing/org/apache/derbyTesting/functionTests/master/ testing/org/apache/derbyTesting/functionTests/tests/lang/
Date Fri, 25 Aug 2006 00:08:39 GMT
Author: mikem
Date: Thu Aug 24 17:08:39 2006
New Revision: 434577

URL: http://svn.apache.org/viewvc?rev=434577&view=rev
Log:
DERBY-1708, contributed by yip ng

Fixes the problem that the lock table statement is missing the logic to collect the required
privilege at compilation phase; thus, it fails to enforce the required privilege needed by
the statement at execution time. 


Modified:
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/LockTableNode.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/grantRevokeDDL.out
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/grantRevokeDDL.sql

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/LockTableNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/LockTableNode.java?rev=434577&r1=434576&r2=434577&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/LockTableNode.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/LockTableNode.java Thu
Aug 24 17:08:39 2006
@@ -31,6 +31,8 @@
 
 import org.apache.derby.iapi.sql.compile.CompilerContext;
 
+import org.apache.derby.iapi.sql.conn.Authorizer;
+
 import org.apache.derby.iapi.sql.dictionary.ConglomerateDescriptor;
 import org.apache.derby.iapi.sql.dictionary.DataDictionary;
 import org.apache.derby.iapi.sql.dictionary.DataDictionaryContext;
@@ -157,6 +159,14 @@
 		/* Statement is dependent on the TableDescriptor and ConglomerateDescriptor */
 		cc.createDependency(lockTableDescriptor);
 		cc.createDependency(cd);
+
+		if (isPrivilegeCollectionRequired())
+		{
+			// need SELECT privilege to perform lock table statement.
+			cc.pushCurrentPrivType(Authorizer.SELECT_PRIV);
+			cc.addRequiredTablePriv(lockTableDescriptor);
+			cc.popCurrentPrivType();
+		}
 
 		return this;
 	}

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/grantRevokeDDL.out
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/grantRevokeDDL.out?rev=434577&r1=434576&r2=434577&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/grantRevokeDDL.out
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/grantRevokeDDL.out
Thu Aug 24 17:08:39 2006
@@ -2900,4 +2900,40 @@
 0 rows inserted/updated/deleted
 ij(MAMTA1)> drop function f_abs;
 0 rows inserted/updated/deleted
-ij(MAMTA1)> 
+ij(MAMTA1)> -- DERBY-1708
+-- Test LOCK TABLE statement
+connect 'grantRevokeDDL' user 'user1' as user1;
+WARNING 01J14: SQL authorization is being used without first enabling authentication.
+ij(USER1)> create table t100 (i int);
+0 rows inserted/updated/deleted
+ij(USER1)> connect 'grantRevokeDDL' user 'user2' as user2;
+WARNING 01J14: SQL authorization is being used without first enabling authentication.
+ij(USER2)> autocommit off;
+ij(USER2)> -- expect errors
+lock table user1.t100 in exclusive mode;
+ERROR: Failed with SQLSTATE 28506
+ij(USER2)> lock table user1.t100 in share mode;
+ERROR: Failed with SQLSTATE 28506
+ij(USER2)> commit;
+ij(USER2)> set connection user1;
+ij(USER1)> grant select on t100 to user2;
+0 rows inserted/updated/deleted
+ij(USER1)> set connection user2;
+ij(USER2)> -- ok
+lock table user1.t100 in exclusive mode;
+0 rows inserted/updated/deleted
+ij(USER2)> lock table user1.t100 in share mode;
+0 rows inserted/updated/deleted
+ij(USER2)> commit;
+ij(USER2)> set connection user1;
+ij(USER1)> revoke select on t100 from user2;
+0 rows inserted/updated/deleted
+ij(USER1)> set connection user2;
+ij(USER2)> -- expect errors
+lock table user1.t100 in exclusive mode;
+ERROR: Failed with SQLSTATE 28506
+ij(USER2)> lock table user1.t100 in share mode;
+ERROR: Failed with SQLSTATE 28506
+ij(USER2)> commit;
+ij(USER2)> autocommit on;
+ij(USER2)> 

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/grantRevokeDDL.sql
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/grantRevokeDDL.sql?rev=434577&r1=434576&r2=434577&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/grantRevokeDDL.sql
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/grantRevokeDDL.sql
Thu Aug 24 17:08:39 2006
@@ -1830,3 +1830,29 @@
 
 drop table mamta1Table;
 drop function f_abs;
+
+-- DERBY-1708
+-- Test LOCK TABLE statement
+connect 'grantRevokeDDL' user 'user1' as user1;
+create table t100 (i int);
+connect 'grantRevokeDDL' user 'user2' as user2;
+autocommit off;
+-- expect errors
+lock table user1.t100 in exclusive mode;
+lock table user1.t100 in share mode;
+commit;
+set connection user1;
+grant select on t100 to user2;
+set connection user2;
+-- ok
+lock table user1.t100 in exclusive mode;
+lock table user1.t100 in share mode;
+commit;
+set connection user1;
+revoke select on t100 from user2;
+set connection user2;
+-- expect errors
+lock table user1.t100 in exclusive mode;
+lock table user1.t100 in share mode;
+commit;
+autocommit on;
\ No newline at end of file



Mime
View raw message