Return-Path: 
 <derby-commits-return-4629-apmail-db-derby-commits-archive=db.apache.org@db.apache.org>
Delivered-To: apmail-db-derby-commits-archive@www.apache.org
Received: (qmail 35632 invoked from network); 24 Aug 2006 15:58:54 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur.apache.org with SMTP; 24 Aug 2006 15:58:54 -0000
Received: (qmail 70911 invoked by uid 500); 24 Aug 2006 15:58:54 -0000
Delivered-To: apmail-db-derby-commits-archive@db.apache.org
Received: (qmail 70857 invoked by uid 500); 24 Aug 2006 15:58:54 -0000
Mailing-List: contact derby-commits-help@db.apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:derby-commits-help@db.apache.org>
list-unsubscribe: <mailto:derby-commits-unsubscribe@db.apache.org>
List-Post: <mailto:derby-commits@db.apache.org>
Reply-To: "Derby Development" <derby-dev@db.apache.org>
List-Id: <derby-commits.db.apache.org>
Delivered-To: mailing list derby-commits@db.apache.org
Received: (qmail 70846 invoked by uid 99); 24 Aug 2006 15:58:54 -0000
Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 24 Aug 2006 08:58:54 -0700
X-ASF-Spam-Status: No, hits=-9.4 required=10.0
	tests=ALL_TRUSTED,NO_REAL_NAME
X-Spam-Check-By: apache.org
Received-SPF: pass (asf.osuosl.org: local policy)
Received: from [140.211.166.113] (HELO eris.apache.org) (140.211.166.113)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 24 Aug 2006 08:58:53 -0700
Received: by eris.apache.org (Postfix, from userid 65534)
	id CD2BC1A981F; Thu, 24 Aug 2006 08:58:32 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r434408 - in /db/derby/code/trunk/java:
 engine/org/apache/derby/impl/sql/execute/ engine/org/apache/derby/loc/
 shared/org/apache/derby/shared/common/reference/
 testing/org/apache/derbyTesting/functionTests/master/
 testing/org/apache/derbyTe...
Date: Thu, 24 Aug 2006 15:58:29 -0000
To: derby-commits@db.apache.org
From: rhillegas@apache.org
X-Mailer: svnmailer-1.0.8
Message-Id: <20060824155832.CD2BC1A981F@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org
X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N

Author: rhillegas
Date: Thu Aug 24 08:58:27 2006
New Revision: 434408

URL: http://svn.apache.org/viewvc?rev=434408&view=rev
Log:
DERBY-1582: Commit Deepa's d1582_v2.diff patch, raising a warning for vacuous REVOKEs.

Modified:
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/PrivilegeInfo.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/RoutinePrivilegeInfo.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/TablePrivilegeInfo.java
    db/derby/code/trunk/java/engine/org/apache/derby/loc/messages_en.properties
    db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/grantRevokeDDL.out
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/grantRevokeDDL.sql

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/PrivilegeInfo.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/PrivilegeInfo.java?rev=434408&r1=434407&r2=434408&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/PrivilegeInfo.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/PrivilegeInfo.java Thu Aug 24 08:58:27 2006
@@ -76,4 +76,24 @@
 									  sd.getSchemaName(),
 									  objectDescriptor.getDescriptorName());
 	}
+	
+	/**
+	 * This method adds a warning if a revoke statement has not revoked 
+	 * any privileges from a grantee.
+	 * 
+	 * @param activation
+	 * @param grant true if grant, false if revoke
+	 * @param privileges_revoked true, if at least one privilege has been 
+	 * 							revoked from a grantee, false otherwise
+	 * @param grantee authorization id of the user
+	 */
+	protected void addWarningIfPrivilegeNotRevoked( Activation activation,
+													boolean grant,
+													boolean privileges_revoked,
+													String grantee) 
+	{
+		if(!grant && !privileges_revoked)
+			activation.addWarning(StandardException.newWarning
+					(SQLState.LANG_PRIVILEGE_NOT_REVOKED, grantee));
+	}
 }

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/RoutinePrivilegeInfo.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/RoutinePrivilegeInfo.java?rev=434408&r1=434407&r2=434408&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/RoutinePrivilegeInfo.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/RoutinePrivilegeInfo.java Thu Aug 24 08:58:27 2006
@@ -78,13 +78,21 @@
 		dd.startWriting(lcc);
 		for( Iterator itr = grantees.iterator(); itr.hasNext();)
 		{
+			// Keep track to see if any privileges are revoked by a revoke 
+			// statement. If a privilege is not revoked, we need to raise a
+			// warning.
+			boolean privileges_revoked = false;
 			String grantee = (String) itr.next();
-			if (dd.addRemovePermissionsDescriptor( grant, routinePermsDesc, grantee, tc))
+			if (dd.addRemovePermissionsDescriptor( grant, routinePermsDesc, grantee, tc)) 
+			{
+				privileges_revoked = true;	
 				//Derby currently supports only restrict form of revoke execute
 				//privilege and that is why, we are sending invalidation action 
 				//as REVOKE_PRIVILEGE_RESTRICT rather than REVOKE_PRIVILEGE
         		dd.getDependencyManager().invalidateFor(routinePermsDesc, DependencyManager.REVOKE_PRIVILEGE_RESTRICT, lcc);
-
+			}
+			
+			addWarningIfPrivilegeNotRevoked(activation, grant, privileges_revoked, grantee);
 		}
 	} // end of executeConstantAction
 }

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/TablePrivilegeInfo.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/TablePrivilegeInfo.java?rev=434408&r1=434407&r2=434408&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/TablePrivilegeInfo.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/TablePrivilegeInfo.java Thu Aug 24 08:58:27 2006
@@ -128,22 +128,38 @@
 		// Add or remove the privileges to/from the SYS.SYSTABLEPERMS and SYS.SYSCOLPERMS tables
 		for( Iterator itr = grantees.iterator(); itr.hasNext();)
 		{
+			// Keep track to see if any privileges are revoked by a revoke 
+			// statement. If a privilege is not revoked, we need to raise a 
+			// warning. For table privileges, we do not check if privilege for 
+			// a specific action has been revoked or not. Also, we do not check
+			// privileges for specific columns. If at least one privilege has 
+			// been revoked, we do not raise a warning. This has to be refined 
+			// further to check for specific actions/columns and raise warning 
+			// if any privilege has not been revoked.
+			boolean privileges_revoked = false;
+						
 			String grantee = (String) itr.next();
 			if( tablePermsDesc != null)
 			{
 				if (dd.addRemovePermissionsDescriptor( grant, tablePermsDesc, grantee, tc))
 				{
-	        		dd.getDependencyManager().invalidateFor(tablePermsDesc, DependencyManager.REVOKE_PRIVILEGE, lcc);
+					privileges_revoked = true;
+					dd.getDependencyManager().invalidateFor(tablePermsDesc, DependencyManager.REVOKE_PRIVILEGE, lcc);
 				}
 			}
 			for( int i = 0; i < columnBitSets.length; i++)
 			{
 				if( colPermsDescs[i] != null)
 				{
-					if (dd.addRemovePermissionsDescriptor( grant, colPermsDescs[i], grantee, tc))					
-		        		dd.getDependencyManager().invalidateFor(colPermsDescs[i], DependencyManager.REVOKE_PRIVILEGE, lcc);
+					if (dd.addRemovePermissionsDescriptor( grant, colPermsDescs[i], grantee, tc)) 
+					{
+						privileges_revoked = true;
+						dd.getDependencyManager().invalidateFor(colPermsDescs[i], DependencyManager.REVOKE_PRIVILEGE, lcc);
+					}
 				}
 			}
+			
+			addWarningIfPrivilegeNotRevoked(activation, grant, privileges_revoked, grantee);
 		}
 	} // end of executeConstantAction
 

Modified: db/derby/code/trunk/java/engine/org/apache/derby/loc/messages_en.properties
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/loc/messages_en.properties?rev=434408&r1=434407&r2=434408&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/loc/messages_en.properties (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/loc/messages_en.properties Thu Aug 24 08:58:27 2006
@@ -428,6 +428,7 @@
 01522=The newly defined synonym ''{0}'' resolved to the object ''{1}'' which is currently undefined.
 01001=An attempt to update or delete an already deleted row was made: No row was updated or deleted.
 01003=Null values were eliminated from the argument of a column function.
+01006=Privilege not revoked from {0}.
 0100E=XX Attempt to return too many result sets. 
 02000=No row was found for FETCH, UPDATE or DELETE; or the result of a query is an empty table.
 # Next one is generic XQuery error per SQL/XML[2006]

Modified: db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java?rev=434408&r1=434407&r2=434408&view=diff
==============================================================================
--- db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java (original)
+++ db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java Thu Aug 24 08:58:27 2006
@@ -638,7 +638,8 @@
 	String LANG_VALUE_TRUNCATED                                        = "01505";
 	String LANG_SYNONYM_UNDEFINED                                      = "01522";
 	String LANG_NULL_ELIMINATED_IN_SET_FUNCTION						   = "01003";
-
+	String LANG_PRIVILEGE_NOT_REVOKED						   		   = "01006";
+	
 	String LANG_NO_ROW_FOUND									   	   = "02000";
 
 	String LANG_TOO_MANY_DYNAMIC_RESULTS_RETURNED					   = "0100E";
@@ -1598,7 +1599,7 @@
     String UNABLE_TO_OBTAIN_MESSAGE_TEXT_FROM_SERVER  = "01J12";
     String NUMBER_OF_ROWS_TOO_LARGE_FOR_INT = "01J13";
 	String SQL_AUTHORIZATION_WITH_NO_AUTHENTICATION = "01J14";
-
+		
     String CURSOR_OPERATION_CONFLICT = "01001";
 
 

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/grantRevokeDDL.out
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/grantRevokeDDL.out?rev=434408&r1=434407&r2=434408&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/grantRevokeDDL.out (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/grantRevokeDDL.out Thu Aug 24 08:58:27 2006
@@ -37,11 +37,24 @@
 ij(BARCONNECTION)> revoke delete on satheesh.tsat from foo;
 ERROR: Failed with SQLSTATE 2850C
 ij(BARCONNECTION)> set connection satConnection;
-ij(SATCONNECTION)> -- Revoke permissions not granted already
+ij(SATCONNECTION)> -- Revoke table permissions not granted already. This should raise warnings.
 revoke trigger on satheesh.tsat from foo;
 0 rows inserted/updated/deleted
+WARNING 01006: Privilege not revoked from FOO.
 ij(SATCONNECTION)> revoke references on satheesh.tsat from foo;
 0 rows inserted/updated/deleted
+WARNING 01006: Privilege not revoked from FOO.
+ij(SATCONNECTION)> -- This should raise warnings for bar
+revoke insert on satheesh.tsat from foo, bar;
+0 rows inserted/updated/deleted
+WARNING 01006: Privilege not revoked from BAR.
+ij(SATCONNECTION)> -- This should raise warnings for both foo and bar
+revoke insert on satheesh.tsat from foo, bar;
+0 rows inserted/updated/deleted
+WARNING 01006: Privilege not revoked from FOO.
+WARNING 01006: Privilege not revoked from BAR.
+ij(SATCONNECTION)> grant insert on satheesh.tsat to foo;
+0 rows inserted/updated/deleted
 ij(SATCONNECTION)> -- Following revokes should revoke permissions
 revoke update on satheesh.tsat from foo;
 0 rows inserted/updated/deleted
@@ -71,6 +84,10 @@
 EXTERNAL NAME 'java.lang.Math.abs'
 LANGUAGE JAVA PARAMETER STYLE JAVA;
 0 rows inserted/updated/deleted
+ij(SATCONNECTION)> -- Revoke routine permission not granted already. This should raise a warning.
+revoke execute on function F_ABS(int) from bar RESTRICT;
+0 rows inserted/updated/deleted
+WARNING 01006: Privilege not revoked from BAR.
 ij(SATCONNECTION)> grant execute on function F_ABS to foo;
 0 rows inserted/updated/deleted
 ij(SATCONNECTION)> grant execute on function F_ABS(int) to bar;
@@ -395,8 +412,10 @@
 0 rows inserted/updated/deleted
 ij(SWIPERCONNECTION)> revoke select on swiperTab from satheesh;
 0 rows inserted/updated/deleted
+WARNING 01006: Privilege not revoked from SATHEESH.
 ij(SWIPERCONNECTION)> revoke insert on swiperTab from satheesh;
 0 rows inserted/updated/deleted
+WARNING 01006: Privilege not revoked from SATHEESH.
 ij(SWIPERCONNECTION)> set connection satConnection;
 ij(SATCONNECTION)> -- Should still work, as satheesh is DBA
 select * from swiper.swiperTab;
@@ -416,6 +435,7 @@
 0 rows inserted/updated/deleted
 ij(SATCONNECTION)> revoke insert on swiper.swiperTab from satheesh;
 0 rows inserted/updated/deleted
+WARNING 01006: Privilege not revoked from SATHEESH.
 ij(SATCONNECTION)> -- Test system routines. Some don't need explicit grant and others do
 -- allowing for only DBA use by default
 set connection satConnection;
@@ -553,6 +573,7 @@
 ij(MAMTA4)> set connection mamta1;
 ij(MAMTA1)> revoke all privileges on t11 from PUBLIC;
 0 rows inserted/updated/deleted
+WARNING 01006: Privilege not revoked from PUBLIC.
 ij(MAMTA1)> select * from mamta1.t11;
 C111       
 -----------
@@ -609,6 +630,7 @@
 1 row selected
 ij(MAMTA1)> revoke select on t11 from mamta2, mamta3, mamta4;
 0 rows inserted/updated/deleted
+WARNING 01006: Privilege not revoked from MAMTA4.
 ij(MAMTA1)> revoke update(c111, c112) on t11 from mamta2, mamta3, mamta4;
 0 rows inserted/updated/deleted
 ij(MAMTA1)> drop table t11;

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/grantRevokeDDL.sql
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/grantRevokeDDL.sql?rev=434408&r1=434407&r2=434408&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/grantRevokeDDL.sql (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/grantRevokeDDL.sql Thu Aug 24 08:58:27 2006
@@ -23,9 +23,14 @@
 
 set connection satConnection;
 
--- Revoke permissions not granted already
+-- Revoke table permissions not granted already. This should raise warnings.
 revoke trigger on satheesh.tsat from foo;
 revoke references on satheesh.tsat from foo;
+-- This should raise warnings for bar
+revoke insert on satheesh.tsat from foo, bar;
+-- This should raise warnings for both foo and bar
+revoke insert on satheesh.tsat from foo, bar;
+grant insert on satheesh.tsat to foo;
 
 -- Following revokes should revoke permissions
 revoke update on satheesh.tsat from foo;
@@ -48,6 +53,9 @@
 RETURNS NULL ON NULL INPUT
 EXTERNAL NAME 'java.lang.Math.abs'
 LANGUAGE JAVA PARAMETER STYLE JAVA;
+
+-- Revoke routine permission not granted already. This should raise a warning.
+revoke execute on function F_ABS(int) from bar RESTRICT;
 
 grant execute on function F_ABS to foo;
 grant execute on function F_ABS(int) to bar;