db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rhille...@apache.org
Subject svn commit: r436859 - in /db/derby/code/branches/10.2/java: engine/org/apache/derby/impl/sql/compile/ testing/org/apache/derbyTesting/functionTests/master/ testing/org/apache/derbyTesting/functionTests/tests/lang/
Date Fri, 25 Aug 2006 17:14:03 GMT
Author: rhillegas
Date: Fri Aug 25 10:14:01 2006
New Revision: 436859

URL: http://svn.apache.org/viewvc?rev=436859&view=rev
Log:
DERBY-1725 and DERBY-1538: Merge 432929 from trunk to 10.2 branch.

Modified:
    db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/compile/GrantNode.java
    db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/compile/PrivilegeNode.java
    db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/compile/RevokeNode.java
    db/derby/code/branches/10.2/java/testing/org/apache/derbyTesting/functionTests/master/grantRevokeDDL.out
    db/derby/code/branches/10.2/java/testing/org/apache/derbyTesting/functionTests/tests/lang/grantRevokeDDL.sql

Modified: db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/compile/GrantNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/compile/GrantNode.java?rev=436859&r1=436858&r2=436859&view=diff
==============================================================================
--- db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/compile/GrantNode.java
(original)
+++ db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/compile/GrantNode.java
Fri Aug 25 10:14:01 2006
@@ -94,7 +94,7 @@
 	 */
 	public QueryTreeNode bind() throws StandardException
 	{
-		privileges = (PrivilegeNode) privileges.bind( new HashMap());
+		privileges = (PrivilegeNode) privileges.bind( new HashMap(), grantees);
 		return this;
 	} // end of bind
 

Modified: db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/compile/PrivilegeNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/compile/PrivilegeNode.java?rev=436859&r1=436858&r2=436859&view=diff
==============================================================================
--- db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/compile/PrivilegeNode.java
(original)
+++ db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/compile/PrivilegeNode.java
Fri Aug 25 10:14:01 2006
@@ -35,6 +35,7 @@
 import org.apache.derby.catalog.TypeDescriptor;
 
 import java.util.HashMap;
+import java.util.List;
 
 /**
  * This node represents a set of privileges that are granted or revoked on one object.
@@ -96,16 +97,17 @@
      * @param dependencies The list of privilege objects that this statement has already
seen.
      *               If the object of this privilege is not in the list then this statement
is registered
      *               as dependent on the object.
+     * @param grantees The list of grantees
      *
      * @return the bound node
      *
      * @exception StandardException	Standard error policy.
      */
-	public QueryTreeNode bind( HashMap dependencies ) throws StandardException
+	public QueryTreeNode bind( HashMap dependencies, List grantees ) throws StandardException
 	{
         Provider dependencyProvider = null;
         SchemaDescriptor sd = null;
-        
+		
         switch( objectType)
         {
         case TABLE_PRIVILEGES:
@@ -123,11 +125,15 @@
             if (isSessionSchema(sd.getSchemaName()))
                 throw StandardException.newException(SQLState.LANG_OPERATION_NOT_ALLOWED_ON_SESSION_SCHEMA_TABLES);
 
-            // GrantRevoke TODO: Disable grant on VTIs and Synonyms
             if (td.getTableType() != TableDescriptor.BASE_TABLE_TYPE &&
             		td.getTableType() != TableDescriptor.VIEW_TYPE)
                 throw StandardException.newException(SQLState.AUTH_GRANT_REVOKE_NOT_ALLOWED,
tableName.getFullTableName());
 
+			// Can not grant/revoke permissions from self
+			if (grantees.contains(sd.getAuthorizationId()))
+				throw StandardException.newException(SQLState.AUTH_GRANT_REVOKE_NOT_ALLOWED,
+						 td.getQualifiedName());
+
             specificPrivileges.bind( td);
             dependencyProvider = td;
             break;
@@ -146,6 +152,11 @@
                 rd.isFunction ? AliasInfo.ALIAS_NAME_SPACE_FUNCTION_AS_CHAR : AliasInfo.ALIAS_NAME_SPACE_PROCEDURE_AS_CHAR
                 );
 
+			// Can not grant/revoke permissions from self
+			if (grantees.contains(sd.getAuthorizationId()))
+				throw StandardException.newException(SQLState.AUTH_GRANT_REVOKE_NOT_ALLOWED,
+						 rd.name.getFullTableName());
+
             if( rd.paramTypeList == null)
             {
                 // No signature was specified. Make sure that there is exactly one routine
with that name.
@@ -198,6 +209,7 @@
             dependencyProvider = proc;
             break;
         }
+
         if( dependencyProvider != null)
         {
             if( dependencies.get( dependencyProvider) == null)

Modified: db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/compile/RevokeNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/compile/RevokeNode.java?rev=436859&r1=436858&r2=436859&view=diff
==============================================================================
--- db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/compile/RevokeNode.java
(original)
+++ db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/compile/RevokeNode.java
Fri Aug 25 10:14:01 2006
@@ -94,7 +94,7 @@
      */
 	public QueryTreeNode bind() throws StandardException
 	{
-        privileges = (PrivilegeNode) privileges.bind( new HashMap());
+        privileges = (PrivilegeNode) privileges.bind( new HashMap(), grantees);
         return this;
     } // end of bind
 

Modified: db/derby/code/branches/10.2/java/testing/org/apache/derbyTesting/functionTests/master/grantRevokeDDL.out
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.2/java/testing/org/apache/derbyTesting/functionTests/master/grantRevokeDDL.out?rev=436859&r1=436858&r2=436859&view=diff
==============================================================================
--- db/derby/code/branches/10.2/java/testing/org/apache/derbyTesting/functionTests/master/grantRevokeDDL.out
(original)
+++ db/derby/code/branches/10.2/java/testing/org/apache/derbyTesting/functionTests/master/grantRevokeDDL.out
Fri Aug 25 10:14:01 2006
@@ -2834,4 +2834,48 @@
 0.011   
 0.023   
 3 rows selected
+ij(MAMTA1)> -- DERBY-1538: Disable ability to GRANT or REVOKE from self
+CREATE FUNCTION F_ABS(P1 INT)
+RETURNS INT NO SQL
+RETURNS NULL ON NULL INPUT
+EXTERNAL NAME 'java.lang.Math.abs'
+LANGUAGE JAVA PARAMETER STYLE JAVA;
+0 rows inserted/updated/deleted
+ij(MAMTA1)> create table mamta1Table ( i int, j int);
+0 rows inserted/updated/deleted
+ij(MAMTA1)> -- Try granting or revoking to mamta1. Should all fail
+grant select on mamta1Table to mamta1;
+ERROR: Failed with SQLSTATE 2850F
+ij(MAMTA1)> revoke select on mamta1Table from mamta1;
+ERROR: Failed with SQLSTATE 2850F
+ij(MAMTA1)> grant execute on function f_abs to mamta1;
+ERROR: Failed with SQLSTATE 2850F
+ij(MAMTA1)> revoke execute on function f_abs from mamta1 restrict;
+ERROR: Failed with SQLSTATE 2850F
+ij(MAMTA1)> -- Connect as database owner. Even she can not grant to owner or revoke from
owner
+set connection satConnection;
+ij(SATCONNECTION)> set schema mamta1;
+0 rows inserted/updated/deleted
+ij(SATCONNECTION)> grant select on mamta1Table to mamta1;
+ERROR: Failed with SQLSTATE 2850F
+ij(SATCONNECTION)> revoke select on mamta1Table from mamta1;
+ERROR: Failed with SQLSTATE 2850F
+ij(SATCONNECTION)> grant execute on function f_abs to mamta1;
+ERROR: Failed with SQLSTATE 2850F
+ij(SATCONNECTION)> revoke execute on function f_abs from mamta1 restrict;
+ERROR: Failed with SQLSTATE 2850F
+ij(SATCONNECTION)> -- But Grant/Revoke to another user should pass
+grant select on mamta1Table to randy;
+0 rows inserted/updated/deleted
+ij(SATCONNECTION)> revoke select on mamta1Table from randy;
+0 rows inserted/updated/deleted
+ij(SATCONNECTION)> grant execute on function f_abs to randy;
+0 rows inserted/updated/deleted
+ij(SATCONNECTION)> revoke execute on function f_abs from randy restrict;
+0 rows inserted/updated/deleted
+ij(SATCONNECTION)> set connection mamta1;
+ij(MAMTA1)> drop table mamta1Table;
+0 rows inserted/updated/deleted
+ij(MAMTA1)> drop function f_abs;
+0 rows inserted/updated/deleted
 ij(MAMTA1)> 

Modified: db/derby/code/branches/10.2/java/testing/org/apache/derbyTesting/functionTests/tests/lang/grantRevokeDDL.sql
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.2/java/testing/org/apache/derbyTesting/functionTests/tests/lang/grantRevokeDDL.sql?rev=436859&r1=436858&r2=436859&view=diff
==============================================================================
--- db/derby/code/branches/10.2/java/testing/org/apache/derbyTesting/functionTests/tests/lang/grantRevokeDDL.sql
(original)
+++ db/derby/code/branches/10.2/java/testing/org/apache/derbyTesting/functionTests/tests/lang/grantRevokeDDL.sql
Fri Aug 25 10:14:01 2006
@@ -1782,3 +1782,43 @@
 
 select cast (DEGREES(d) as DECIMAL(6,3)) AS DEGREES FROM SYSFUN_MATH_TEST;
 select cast (RADIANS(d) as DECIMAL(6,3)) AS RADIANS FROM SYSFUN_MATH_TEST;
+
+-- DERBY-1538: Disable ability to GRANT or REVOKE from self
+
+CREATE FUNCTION F_ABS(P1 INT)
+RETURNS INT NO SQL
+RETURNS NULL ON NULL INPUT
+EXTERNAL NAME 'java.lang.Math.abs'
+LANGUAGE JAVA PARAMETER STYLE JAVA;
+
+create table mamta1Table ( i int, j int);
+
+-- Try granting or revoking to mamta1. Should all fail
+
+grant select on mamta1Table to mamta1;
+revoke select on mamta1Table from mamta1;
+
+grant execute on function f_abs to mamta1;
+revoke execute on function f_abs from mamta1 restrict;
+
+-- Connect as database owner. Even she can not grant to owner or revoke from owner
+set connection satConnection;
+set schema mamta1;
+
+grant select on mamta1Table to mamta1;
+revoke select on mamta1Table from mamta1;
+
+grant execute on function f_abs to mamta1;
+revoke execute on function f_abs from mamta1 restrict;
+
+-- But Grant/Revoke to another user should pass
+grant select on mamta1Table to randy;
+revoke select on mamta1Table from randy;
+
+grant execute on function f_abs to randy;
+revoke execute on function f_abs from randy restrict;
+
+set connection mamta1;
+
+drop table mamta1Table;
+drop function f_abs;



Mime
View raw message