db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d..@apache.org
Subject svn commit: r594158 [1/3] - in /db/derby/code/trunk: java/engine/org/apache/derby/iapi/sql/compile/ java/engine/org/apache/derby/iapi/sql/conn/ java/engine/org/apache/derby/iapi/sql/dictionary/ java/engine/org/apache/derby/impl/sql/catalog/ java/engine...
Date Mon, 12 Nov 2007 14:24:28 GMT
Author: dag
Date: Mon Nov 12 06:24:25 2007
New Revision: 594158

URL: http://svn.apache.org/viewvc?rev=594158&view=rev
Log:
DERBY-3137 SQL roles: add catalog support

Patch DERBY-3137-2. Adds basic catalog support for SQL roles.

Added:
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/RoleDescriptor.java   (with props)
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementRolePermission.java   (with props)
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSROLESRowFactory.java   (with props)
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CreateRoleNode.java   (with props)
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/DropRoleNode.java   (with props)
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/GrantRoleNode.java   (with props)
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/RevokeRoleNode.java   (with props)
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/SetRoleNode.java   (with props)
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateRoleConstantAction.java   (with props)
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/DropRoleConstantAction.java   (with props)
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/GrantRoleConstantAction.java   (with props)
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/RevokeRoleConstantAction.java   (with props)
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/SetRoleConstantAction.java   (with props)
Modified:
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/compile/CompilerContext.java
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/conn/Authorizer.java
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/conn/LanguageConnectionContext.java
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDescriptorGenerator.java
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDictionary.java
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementSchemaPermission.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSCOLPERMSRowFactory.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSROUTINEPERMSRowFactory.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSTABLEPERMSRowFactory.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/C_NodeNames.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ColumnDefinitionNode.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CompilerContextImpl.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/NodeFactoryImpl.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/SpecialFunctionNode.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/conn/GenericLanguageConnectionContext.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/GenericConstantActionFactory.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/SetSchemaConstantAction.java
    db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml
    db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java
    db/derby/code/trunk/java/storeless/org/apache/derby/impl/storeless/EmptyDictionary.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/altertable.out
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/compressTable.out
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/ij7.out
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/views.out
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/DMDBugsTest.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/CollationTest.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/GrantRevokeDDLTest.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/PrimaryKeyTest.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/RolesTest.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SystemCatalogTest.java
    db/derby/code/trunk/java/tools/org/apache/derby/impl/tools/ij/ij.jj
    db/derby/code/trunk/tools/jar/DBMSnodes.properties

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/compile/CompilerContext.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/compile/CompilerContext.java?rev=594158&r1=594157&r2=594158&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/compile/CompilerContext.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/compile/CompilerContext.java Mon Nov 12 06:24:25 2007
@@ -551,6 +551,13 @@
 	public void addRequiredRoutinePriv( AliasDescriptor routine);
 
 	/**
+	 * Add a required role privilege to the list of privileges.
+	 *
+	 * @see CompilerContext#addRequiredRolePriv
+	 */
+	public void addRequiredRolePriv(String roleName, int privType);
+
+	/**
 	 * @return The list of required privileges.
 	 */
 	public List getRequiredPermissionsList();

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/conn/Authorizer.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/conn/Authorizer.java?rev=594158&r1=594157&r2=594158&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/conn/Authorizer.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/conn/Authorizer.java Mon Nov 12 06:24:25 2007
@@ -63,7 +63,11 @@
 	public static final int CREATE_SCHEMA_PRIV = 16;
 	public static final int MODIFY_SCHEMA_PRIV = 17;
 	public static final int DROP_SCHEMA_PRIV = 18;
-	
+
+    /* Check who can create and drop roles */
+	public static final int CREATE_ROLE_PRIV = 19;
+	public static final int DROP_ROLE_PRIV = 20;
+
 	/**
 	 * The system authorization ID is defined by the SQL2003 spec as the grantor
 	 * of privileges to object owners.

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/conn/LanguageConnectionContext.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/conn/LanguageConnectionContext.java?rev=594158&r1=594157&r2=594158&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/conn/LanguageConnectionContext.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/conn/LanguageConnectionContext.java Mon Nov 12 06:24:25 2007
@@ -27,6 +27,7 @@
 import org.apache.derby.iapi.sql.compile.CompilerContext;
 import org.apache.derby.iapi.sql.dictionary.DataDictionary;
 import org.apache.derby.iapi.sql.dictionary.TableDescriptor;
+import org.apache.derby.iapi.sql.dictionary.RoleDescriptor;
 import org.apache.derby.iapi.sql.dictionary.SchemaDescriptor;
 import org.apache.derby.iapi.sql.compile.OptimizerFactory;
 import org.apache.derby.iapi.types.DataValueFactory;
@@ -421,7 +422,23 @@
 	 * @return String	the authorization id
 	 */
 	public String getAuthorizationId();
-  
+
+	/**
+	 *	Get the current role authorization identifier
+	 *
+	 * @return String	the role id
+	 */
+	public String getCurrentRoleId();
+
+
+    /**
+	 * Set the current role
+	 *
+	 * @param rd	the descriptor of the role to be set to current
+	 */
+    public void setCurrentRole(RoleDescriptor rd);
+
+
 	/**
 	 *	Get the current default schema for the connection.
 	 *

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDescriptorGenerator.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDescriptorGenerator.java?rev=594158&r1=594157&r2=594158&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDescriptorGenerator.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDescriptorGenerator.java Mon Nov 12 06:24:25 2007
@@ -500,4 +500,32 @@
                                            grantor,
                                            ad.getUUID());
     }
+
+
+    /**
+     * Create a new role descriptor
+     *
+     * @param roleName the name of the role for which a new descriptor
+     *                 is created
+     * @param grantee authorization identifier of grantee
+     * @param grantor authorization identifier of grantor
+	 * @param withadminoption if true, WITH ADMIN OPTION is set for
+	 *        this descriptor
+     * @param isDef if true, this descriptor represents a role
+     *              definition, otherwise it represents a grant.
+     */
+    public RoleDescriptor newRoleDescriptor(String roleName,
+											String grantee,
+											String grantor,
+                                            boolean withadminoption,
+											boolean isDef)
+        throws StandardException
+    {
+        return new RoleDescriptor(dataDictionary,
+                                  roleName,
+                                  grantee,
+                                  grantor,
+								  withadminoption,
+                                  isDef);
+    }
 }

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDictionary.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDictionary.java?rev=594158&r1=594157&r2=594158&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDictionary.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDictionary.java Mon Nov 12 06:24:25 2007
@@ -163,6 +163,7 @@
 	public static final int SYSTABLEPERMS_CATALOG_NUM = 16;
 	public static final int SYSCOLPERMS_CATALOG_NUM = 17;
 	public static final int SYSROUTINEPERMS_CATALOG_NUM = 18;
+    public static final int SYSROLES_CATALOG_NUM = 19;
 
 	/* static finals for constraints 
 	 * (Here because they are needed by parser, compilation and execution.)
@@ -382,6 +383,66 @@
     public boolean isSystemSchemaName( String name)
         throws StandardException;
     
+
+	/**
+	 * Drop the descriptor for a role
+	 *
+	 * @param roleName	The name of the role to drop
+     * @param grantee   The grantee of the descriptor
+     * @param grantor   The grantor of the descriptor
+	 * @param tc        Transaction Controller
+	 *
+	 * @exception StandardException		Thrown on failure
+	 */
+	public void	dropRoleDescriptor(String roleName,
+                                   String grantee,
+                                   String grantor,
+								   TransactionController tc)
+			throws StandardException;
+
+
+	/**
+	 * Drop all role descriptors corresponding to a grant of (any)
+	 * role to a named authentication identifier
+	 *
+     * @param grantee   The grantee of the descriptor
+	 * @param tc        Transaction Controller
+	 *
+	 * @exception StandardException		Thrown on failure
+	 */
+	public void	dropRoleGrantsByGrantee(String grantee,
+										TransactionController tc)
+			throws StandardException;
+
+
+	/**
+	 * Drop all role descriptors corresponding to a grant of the
+	 * named role to any authentication identifier
+	 *
+     * @param roleName  The role name granted
+	 * @param tc        Transaction Controller
+	 *
+	 * @exception StandardException		Thrown on failure
+	 */
+	public void	dropRoleGrantsByName(String roleName,
+									 TransactionController tc)
+			throws StandardException;
+
+
+	/**
+	 * Drop all permission descriptors corresponding to a grant to
+	 * the named authentication identifier
+	 *
+     * @param authid    The authentication identifier
+	 * @param tc        Transaction Controller
+	 *
+	 * @exception StandardException		Thrown on failure
+	 */
+	public void	dropAllPermsByGrantee(String authid,
+									  TransactionController tc)
+			throws StandardException;
+
+
 	/**
 	 * Drop the descriptor for a schema, given the schema's name
 	 *
@@ -1769,6 +1830,32 @@
 	 */
 	public String getBuiltinVTIClass(TableDescriptor td, boolean asTableFunction)
 		throws StandardException;
+
+
+	/**
+	 * Get a role descriptor for a role definition.
+	 *
+	 * @param roleName The name of the role whose definition we seek
+	 *
+	 * @throws StandardException error
+	 */
+	public RoleDescriptor getRoleDefinitionDescriptor(String roleName)
+			throws StandardException;
+
+	/**
+	 * Get a role descriptor for a role grant
+	 *
+	 * @param roleName The name of the role whose definition we seek
+	 * @param grantee  The grantee
+	 * @param grantor  The grantor
+	 *
+	 * @throws StandardException error
+	 */
+	public RoleDescriptor getRoleGrantDescriptor(String roleName,
+												 String grantee,
+												 String grantor)
+		throws StandardException;
+
 
 	/**
 	 * Adds a descriptor to a system catalog identified by the catalogNumber. 

Added: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/RoleDescriptor.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/RoleDescriptor.java?rev=594158&view=auto
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/RoleDescriptor.java (added)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/RoleDescriptor.java Mon Nov 12 06:24:25 2007
@@ -0,0 +1,125 @@
+/*
+
+   Derby - Class org.apache.derby.iapi.sql.dictionary.RoleDescriptor
+
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to you under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+ */
+
+package org.apache.derby.iapi.sql.dictionary;
+
+import org.apache.derby.iapi.error.StandardException;
+import org.apache.derby.iapi.services.sanity.SanityManager;
+import org.apache.derby.iapi.sql.conn.LanguageConnectionContext;
+import org.apache.derby.iapi.store.access.TransactionController;
+
+/**
+ * This class is used by rows in the SYS.SYSROLES system table.
+ */
+public class RoleDescriptor extends TupleDescriptor
+{
+    private final String roleName;
+    private final String grantee;
+    private final String grantor;
+    private boolean withAdminOption;
+    private final boolean isDef; // if true, represents a role
+                                 // definition, else a grant
+
+    /**
+     * Constructor
+     *
+     * @param dd data dictionary
+     * @param roleName
+     * @param grantee
+     * @param grantor
+     * @param withAdminOption
+     * @param isDef
+     *
+     */
+    RoleDescriptor(DataDictionary dd,
+                   String roleName,
+                   String grantee,
+                   String grantor,
+                   boolean withAdminOption,
+                   boolean isDef) {
+        super(dd);
+        this.roleName = roleName;
+        this.grantee = grantee;
+        this.grantor = grantor;
+        this.withAdminOption = withAdminOption;
+        this.isDef = isDef;
+    }
+
+    public String getGrantee() {
+        return grantee;
+    }
+
+    public String getGrantor() {
+        return grantor;
+    }
+
+    public boolean isDef() {
+        return isDef;
+    }
+
+    public String getRoleName() {
+        return roleName;
+    }
+
+    public boolean isWithAdminOption() {
+        return withAdminOption;
+    }
+
+    public void setWithAdminOption(boolean b) {
+        withAdminOption = b;
+    }
+
+    public String toString() {
+        if (SanityManager.DEBUG) {
+            return "roleName: " + roleName + "\n" +
+                "grantor: " + grantor + "\n" +
+                "grantee: " + grantee + "\n" +
+                "withadminoption: " + withAdminOption + "\n" +
+                "isDef: " + isDef + "\n";
+        } else {
+            return "";
+        }
+    }
+
+    public String getDescriptorType()
+    {
+        return "Role";
+    }
+
+    public String getDescriptorName()
+    {
+        return roleName + " " + grantor + " " + grantee;
+    }
+
+
+    /**
+     * Drop this role.descriptor
+     *
+     * @throws StandardException Could not be dropped.
+     */
+    public void drop(LanguageConnectionContext lcc) throws StandardException
+    {
+        DataDictionary dd = getDataDictionary();
+        TransactionController tc = lcc.getTransactionExecute();
+
+        dd.dropRoleDescriptor(roleName, grantee, grantor, tc);
+    }
+}

Propchange: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/RoleDescriptor.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementRolePermission.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementRolePermission.java?rev=594158&view=auto
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementRolePermission.java (added)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementRolePermission.java Mon Nov 12 06:24:25 2007
@@ -0,0 +1,95 @@
+/*
+
+   Derby - Class org.apache.derby.iapi.sql.dictionary.StatementRolePermission
+
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to you under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+ */
+
+package org.apache.derby.iapi.sql.dictionary;
+
+import org.apache.derby.iapi.error.StandardException;
+import org.apache.derby.iapi.sql.conn.Authorizer;
+import org.apache.derby.iapi.reference.SQLState;
+import org.apache.derby.iapi.sql.conn.LanguageConnectionContext;
+import org.apache.derby.iapi.store.access.TransactionController;
+import org.apache.derby.iapi.services.sanity.SanityManager;
+
+/**
+ * This class describes a role permission required by a statement.
+ */
+
+public class StatementRolePermission extends StatementPermission
+{
+    private String roleName;
+    private int privType;
+
+    /**
+     * Constructor
+     *
+     * @param roleName The role name involved in the operation
+     * @param privType One of Authorizer.CREATE_ROLE_PRIV, DROP_ROLE_PRIV.
+     */
+    public StatementRolePermission(String roleName, int privType)
+    {
+        this.roleName = roleName;
+        this.privType = privType;
+    }
+
+    /**
+     * @see StatementPermission#check
+     */
+    public void check(LanguageConnectionContext lcc,
+                      String authid,
+                      boolean forGrant) throws StandardException
+    {
+        DataDictionary dd = lcc.getDataDictionary();
+        TransactionController tc = lcc.getTransactionExecute();
+
+        // For now, only allowed for database owner, and this check
+        // is never called for dbo, so always throw.
+        switch (privType) {
+        case Authorizer.CREATE_ROLE_PRIV:
+            throw StandardException.newException
+                (SQLState.AUTH_ROLE_DBO_ONLY, "CREATE ROLE");
+            // break;
+        case Authorizer.DROP_ROLE_PRIV:
+            throw StandardException.newException
+                (SQLState.AUTH_ROLE_DBO_ONLY, "DROP ROLE");
+            // break;
+        default:
+            if (SanityManager.DEBUG) {
+                SanityManager.THROWASSERT
+                    ("Unexpected value (" + privType + ") for privType");
+            }
+            break;
+        }
+    }
+
+    /**
+     * Role level permission is never required as list of privileges required
+     * for triggers/constraints/views and hence we don't do any work here, but
+     * simply return null
+     *
+     * @see StatementPermission#check
+     */
+    public PermissionsDescriptor getPermissionDescriptor(String authid,
+                                                         DataDictionary dd)
+        throws StandardException
+    {
+        return null;
+    }
+}

Propchange: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementRolePermission.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementSchemaPermission.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementSchemaPermission.java?rev=594158&r1=594157&r2=594158&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementSchemaPermission.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/StatementSchemaPermission.java Mon Nov 12 06:24:25 2007
@@ -1,6 +1,6 @@
 /*
 
-   Derby - Class org.apache.derby.iapi.sql.dictionary.StatementRoutinePermission
+   Derby - Class org.apache.derby.iapi.sql.dictionary.StatementSchemaPermission
 
    Licensed to the Apache Software Foundation (ASF) under one or more
    contributor license agreements.  See the NOTICE file distributed with

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java?rev=594158&r1=594157&r2=594158&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java Mon Nov 12 06:24:25 2007
@@ -53,6 +53,7 @@
 import org.apache.derby.iapi.sql.dictionary.RoutinePermsDescriptor;
 import org.apache.derby.iapi.sql.dictionary.PermissionsDescriptor;
 import org.apache.derby.iapi.sql.dictionary.ReferencedKeyConstraintDescriptor;
+import org.apache.derby.iapi.sql.dictionary.RoleDescriptor;
 import org.apache.derby.iapi.sql.dictionary.SPSDescriptor;
 import org.apache.derby.iapi.sql.dictionary.SchemaDescriptor;
 import org.apache.derby.iapi.sql.dictionary.CheckConstraintDescriptor;
@@ -283,7 +284,8 @@
 									"SYSDUMMY1",
                                     "SYSTABLEPERMS",
                                     "SYSCOLPERMS",
-                                    "SYSROUTINEPERMS"
+                                    "SYSROUTINEPERMS",
+									"SYSROLES"
 									};
 
 	private	static final int		NUM_NONCORE = nonCoreNames.length;
@@ -1710,6 +1712,45 @@
 		}
 	}
 
+
+	/**
+	 * Drop the descriptor for a role
+	 *
+	 * @param roleName	The name of the role to drop
+	 * @param grantee	The grantee of the descriptor
+	 * @param grantor	The grantor of the descriptor
+	 * @param tc		TransactionController for the transaction
+	 *
+	 * @exception StandardException Thrown on error
+	 */
+	public void dropRoleDescriptor(String roleName,
+								   String grantee,
+								   String grantor,
+								   TransactionController tc)
+		throws StandardException
+	{
+		DataValueDescriptor roleNameOrderable;
+		DataValueDescriptor granteeOrderable;
+		DataValueDescriptor grantorOrderable;
+
+		TabInfoImpl ti = getNonCoreTI(SYSROLES_CATALOG_NUM);
+
+		roleNameOrderable = new SQLVarchar(roleName);
+		granteeOrderable = new SQLVarchar(grantee);
+		grantorOrderable = new SQLVarchar(grantor);
+
+		ExecIndexRow keyRow = null;
+
+		/* Set up the start/stop position for the scan */
+		keyRow = exFactory.getIndexableRow(3);
+		keyRow.setColumn(1, roleNameOrderable);
+		keyRow.setColumn(2, granteeOrderable);
+		keyRow.setColumn(3, grantorOrderable);
+
+		ti.deleteRow(tc, keyRow, SYSROLESRowFactory.SYSROLES_INDEX1_ID );
+	}
+
+
 	/**
 	 * Drop the descriptor for a schema, given the schema's name
 	 *
@@ -1950,8 +1991,7 @@
 		TableDescriptor			  td;
 		TabInfoImpl					  ti = coreInfo[SYSTABLES_CORE_NUM];
 
-		/* Use tableNameOrderable and schemaIdOrderable in both start 
-		 * and stop position for scan. 
+		/* Use tableIDOrderable in both start and stop position for scan.
 		 */
 		tableIDOrderable = new SQLChar(tableUUID);
 
@@ -2637,6 +2677,259 @@
 		}
 	}
 
+
+	/**
+	 * Drop all role descriptors corresponding to a grant of (any)
+	 * role to a named authentication identifier
+	 *
+	 * @param grantee The grantee of the descriptor
+	 * @param tc      Transaction Controller
+	 *
+	 * @exception StandardException Thrown on failure
+	 */
+	public void dropRoleGrantsByGrantee(String grantee,
+										TransactionController tc)
+			throws StandardException
+	{
+		TabInfoImpl ti = getNonCoreTI(SYSROLES_CATALOG_NUM);
+		SYSROLESRowFactory rf = (SYSROLESRowFactory)ti.getCatalogRowFactory();
+
+		dropRoleGrants(ti,
+					   rf,
+					   rf.SYSROLES_GRANTEE_IN_INDEX1,
+					   grantee,
+					   tc);
+	}
+
+
+	/**
+	 * Drop all role descriptors corresponding to a grant of the
+	 * named role to any authentication identifier
+	 *
+	 * @param roleName The role name granted
+	 * @param tc       Transaction Controller
+	 *
+	 * @exception StandardException Thrown on failure
+	 */
+	public void dropRoleGrantsByName(String roleName,
+									 TransactionController tc)
+		throws StandardException
+	{
+		TabInfoImpl ti = getNonCoreTI(SYSROLES_CATALOG_NUM);
+		SYSROLESRowFactory rf = (SYSROLESRowFactory)ti.getCatalogRowFactory();
+
+		dropRoleGrants(ti,
+					   rf,
+					   rf.SYSROLES_ROLEID_IN_INDEX1,
+					   roleName,
+					   tc);
+	}
+
+	/*
+	 * There is no index on roleid/grantee column only on SYSROLES, so
+	 * we use the index which contains roleid/grantee and scan that,
+	 * setting up a scan qualifier to match the roleid/grantee, then
+	 * delete the catalog entry.
+	 *
+	 * If this proves too slow, we should add an index on
+	 * roleid/grantee only.
+	 */
+	private void dropRoleGrants(TabInfoImpl ti,
+								SYSROLESRowFactory rf,
+								int columnInIndex1,
+								String authId,
+								TransactionController tc)
+		throws StandardException
+	{
+		ConglomerateController heapCC = tc.openConglomerate(
+			ti.getHeapConglomerate(), false, 0,
+			TransactionController.MODE_RECORD,
+			TransactionController.ISOLATION_REPEATABLE_READ);
+
+		DataValueDescriptor authIdOrderable = new SQLVarchar(authId);
+		ScanQualifier[][] scanQualifier = exFactory.getScanQualifier(1);
+
+		scanQualifier[0][0].setQualifier(
+			columnInIndex1 - 1,	/* to zero-based */
+			authIdOrderable,
+			Orderable.ORDER_OP_EQUALS,
+			false,
+			false,
+			false);
+
+		ScanController sc = tc.openScan(
+			ti.getIndexConglomerate(rf.SYSROLES_INDEX1_ID),
+			false,   // don't hold open across commit
+			0,       // for update
+			TransactionController.MODE_RECORD,
+			TransactionController.ISOLATION_REPEATABLE_READ,
+			(FormatableBitSet) null,      // all fields as objects
+			(DataValueDescriptor[]) null, // start position -
+			0,                            // startSearchOperation - none
+			scanQualifier,                //
+			(DataValueDescriptor[]) null, // stop position -through last row
+			0);                           // stopSearchOperation - none
+
+		try {
+			ExecRow outRow = rf.makeEmptyRow();
+			ExecIndexRow indexRow = getIndexRowFromHeapRow(
+				ti.getIndexRowGenerator(rf.SYSROLES_INDEX1_ID),
+				heapCC.newRowLocationTemplate(),
+				outRow);
+
+			while (sc.fetchNext(indexRow.getRowArray())) {
+				ti.deleteRow(tc, indexRow,
+							 rf.SYSROLES_INDEX1_ID);
+			}
+		} finally {
+			if (sc != null) {
+				sc.close();
+			}
+
+			if (heapCC != null) {
+				heapCC.close();
+			}
+		}
+	}
+
+
+	/**
+	 * Drop all permission descriptors corresponding to a grant to
+	 * the named authentication identifier
+	 *
+	 * @param authId  The authentication identifier
+	 * @param tc      Transaction Controller
+	 *
+	 * @exception StandardException Thrown on failure
+	 */
+	public void dropAllPermsByGrantee(String authId,
+									  TransactionController tc)
+		throws StandardException
+	{
+		dropPermsByGrantee(
+			authId,
+			tc,
+			SYSTABLEPERMS_CATALOG_NUM,
+			SYSTABLEPERMSRowFactory.GRANTEE_TABLE_GRANTOR_INDEX_NUM,
+			SYSTABLEPERMSRowFactory.
+				GRANTEE_COL_NUM_IN_GRANTEE_TABLE_GRANTOR_INDEX);
+
+		dropPermsByGrantee(
+			authId,
+			tc,
+			SYSCOLPERMS_CATALOG_NUM,
+			SYSCOLPERMSRowFactory.GRANTEE_TABLE_TYPE_GRANTOR_INDEX_NUM,
+			SYSCOLPERMSRowFactory.
+				GRANTEE_COL_NUM_IN_GRANTEE_TABLE_TYPE_GRANTOR_INDEX);
+
+		dropPermsByGrantee(
+			authId,
+			tc,
+			SYSROUTINEPERMS_CATALOG_NUM,
+			SYSROUTINEPERMSRowFactory.GRANTEE_ALIAS_GRANTOR_INDEX_NUM,
+			SYSROUTINEPERMSRowFactory.
+				GRANTEE_COL_NUM_IN_GRANTEE_ALIAS_GRANTOR_INDEX);
+	}
+
+
+	/*
+	 * Presently only used when dropping roles - user dropping is not
+	 * under Derby control (well, built-in users are), any permissions
+	 * granted to users remain in place even if the user is no more.
+	 *
+	 * There is no index on grantee column only on on any of the
+	 * permissions tables, so we use the index which contain grantee
+	 * and scan that, setting up a scan qualifier to match the
+	 * grantee, then fetch the case row to set up the permission
+	 * descriptor, then remove any cached entry, then finally delete
+	 * the catalog entry.
+	 *
+	 * If this proves too slow, we should add an index on grantee
+	 * only.
+	 */
+	private void dropPermsByGrantee(String authId,
+									TransactionController tc,
+									int catalog,
+									int indexNo,
+									int granteeColnoInIndex)
+		throws StandardException
+	{
+		TabInfoImpl ti = getNonCoreTI(catalog);
+		PermissionsCatalogRowFactory rf =
+			(PermissionsCatalogRowFactory)ti.getCatalogRowFactory();
+
+		ConglomerateController heapCC = tc.openConglomerate(
+			ti.getHeapConglomerate(), false, 0,
+			TransactionController.MODE_RECORD,
+			TransactionController.ISOLATION_REPEATABLE_READ);
+
+		DataValueDescriptor authIdOrderable = new SQLVarchar(authId);
+		ScanQualifier[][] scanQualifier = exFactory.getScanQualifier(1);
+
+		scanQualifier[0][0].setQualifier(
+			granteeColnoInIndex - 1,	/* to zero-based */
+			authIdOrderable,
+			Orderable.ORDER_OP_EQUALS,
+			false,
+			false,
+			false);
+
+		ScanController sc = tc.openScan(
+			ti.getIndexConglomerate(indexNo),
+			false,                        // don't hold open across commit
+			0,                            // for update
+			TransactionController.MODE_RECORD,
+			TransactionController.ISOLATION_REPEATABLE_READ,
+			(FormatableBitSet) null,      // all fields as objects
+			(DataValueDescriptor[]) null, // start position -
+			0,                            // startSearchOperation - none
+			scanQualifier,                //
+			(DataValueDescriptor[]) null, // stop position -through last row
+			0);                           // stopSearchOperation - none
+
+		try {
+			ExecRow outRow = rf.makeEmptyRow();
+			ExecIndexRow indexRow = getIndexRowFromHeapRow(
+				ti.getIndexRowGenerator(indexNo),
+				heapCC.newRowLocationTemplate(),
+				outRow);
+
+			while (sc.fetchNext(indexRow.getRowArray())) {
+				RowLocation baseRowLocation = (RowLocation)indexRow.getColumn(
+					indexRow.nColumns());
+
+				boolean base_row_exists =
+					heapCC.fetch(
+						baseRowLocation, outRow.getRowArray(),
+						(FormatableBitSet)null);
+
+				if (SanityManager.DEBUG) {
+					// it can not be possible for heap row to
+					// disappear while holding scan cursor on index at
+					// ISOLATION_REPEATABLE_READ.
+					SanityManager.ASSERT(base_row_exists,
+										 "base row doesn't exist");
+				}
+
+				PermissionsDescriptor perm = (PermissionsDescriptor)rf.
+					buildDescriptor(outRow,
+									(TupleDescriptor) null,
+									this);
+				removePermEntryInCache(perm);
+				ti.deleteRow(tc, indexRow, indexNo);
+			}
+		} finally {
+			if (sc != null) {
+				sc.close();
+			}
+
+			if (heapCC != null) {
+				heapCC.close();
+			}
+		}
+	}
+
+
 	/**
 	 * Delete the appropriate rows from syscolumns when
 	 * dropping 1 or more columns.
@@ -7952,6 +8245,12 @@
 				retval = new TabInfoImpl(new SYSROUTINEPERMSRowFactory(
 												 luuidFactory, exFactory, dvf));					 
 				break;
+
+			  case SYSROLES_CATALOG_NUM:
+				retval = new TabInfoImpl(new SYSROLESRowFactory(
+											 luuidFactory, exFactory, dvf));
+
+				break;
 			}
 
 			initSystemIndexVariables(retval);
@@ -11187,5 +11486,135 @@
 		}
 		
 		return null;
+	}
+
+
+	/**
+	 * Get the descriptor for the named role.
+	 *
+	 * @param roleName	The role name
+	 *
+	 * @return The descriptor for the role. Can be null if not found.
+	 *
+	 * @exception StandardException  Thrown on error
+	 */
+	public RoleDescriptor getRoleDefinitionDescriptor(String roleName)
+		throws StandardException
+	{
+		RoleDescriptor rd = locateRoleDefinitionRow(roleName);
+
+		return rd;
+	}
+
+
+	/**
+	 * Get a role descriptor for a role grant
+	 *
+	 * @param roleName The name of the role whose definition we seek
+	 * @param grantee  The grantee
+	 * @param grantor  The grantor
+	 *
+	 * @throws StandardException error
+	 */
+	public RoleDescriptor getRoleGrantDescriptor(String roleName,
+												 String grantee,
+												 String grantor)
+		throws StandardException
+	{
+		RoleDescriptor rd = locateRoleGrantRow(roleName, grantee, grantor);
+
+		return rd;
+	}
+
+
+	/**
+	 * Get the target role definition by searching for a matching row
+	 * in SYSROLES by rolename where isDef==true.  Read only scan.
+	 * Uses index on (rolename, isDef) columns.
+	 *
+	 * @param roleName The name of the role we're interested in.
+	 *
+	 * @return The descriptor (row) for the role
+	 *
+	 * @exception StandardException Thrown on error
+	 */
+	private RoleDescriptor locateRoleDefinitionRow(String roleName)
+			throws StandardException
+	{
+		DataValueDescriptor roleNameOrderable;
+		DataValueDescriptor isDefOrderable;
+
+		TabInfoImpl ti = getNonCoreTI(SYSROLES_CATALOG_NUM);
+
+		/* Use aliasNameOrderable , isDefOrderable in both start
+		 * and stop position for scan.
+		 */
+		roleNameOrderable = new SQLVarchar(roleName);
+		isDefOrderable = new SQLVarchar("Y");
+
+		/* Set up the start/stop position for the scan */
+		ExecIndexRow keyRow = exFactory.getIndexableRow(2);
+		keyRow.setColumn(1, roleNameOrderable);
+		keyRow.setColumn(2, isDefOrderable);
+
+		return (RoleDescriptor)
+					getDescriptorViaIndex(
+						SYSROLESRowFactory.SYSROLES_INDEX2_ID,
+						keyRow,
+						(ScanQualifier [][]) null,
+						ti,
+						(TupleDescriptor) null,
+						(List) null,
+						false);
+	}
+
+
+	/**
+	 * Get the target role by searching for a matching row
+	 * in SYSROLES by rolename, grantee and grantor.  Read only scan.
+     * Uses index on roleid, grantee and grantor columns.
+	 *
+	 * @param roleName	    The name of the role we're interested in.
+	 * @param grantee       The grantee
+	 * @param grantor       The grantor
+	 *
+	 * @return	            The descriptor (row) for the role grant
+	 *
+	 * @exception StandardException  Thrown on error
+	 */
+	private RoleDescriptor locateRoleGrantRow(String roleName,
+											  String grantee,
+											  String grantor)
+		throws StandardException
+	{
+		DataValueDescriptor roleNameOrderable;
+		DataValueDescriptor granteeOrderable;
+		DataValueDescriptor grantorOrderable;
+
+
+		TabInfoImpl ti = getNonCoreTI(SYSROLES_CATALOG_NUM);
+
+		/* Use aliasNameOrderable, granteeOrderable and
+		 * grantorOrderable in both start and stop position for scan.
+		 */
+		roleNameOrderable = new SQLVarchar(roleName);
+		granteeOrderable = new SQLVarchar(grantee);
+		grantorOrderable = new SQLVarchar(grantor);
+
+		/* Set up the start/stop position for the scan */
+		ExecIndexRow keyRow = exFactory.getIndexableRow(3);
+		keyRow.setColumn(1, roleNameOrderable);
+		keyRow.setColumn(2, granteeOrderable);
+		keyRow.setColumn(3, grantorOrderable);
+
+		return (RoleDescriptor)
+			getDescriptorViaIndex(
+								  SYSROLESRowFactory.SYSROLES_INDEX1_ID,
+								  keyRow,
+								  (ScanQualifier [][]) null,
+								  ti,
+								  (TupleDescriptor) null,
+								  (List) null,
+								  false);
 	}
 }

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSCOLPERMSRowFactory.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSCOLPERMSRowFactory.java?rev=594158&r1=594157&r2=594158&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSCOLPERMSRowFactory.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSCOLPERMSRowFactory.java Mon Nov 12 06:24:25 2007
@@ -79,6 +79,9 @@
 		{ TABLEID_COL_NUM }
 	};
 
+    public static final int
+        GRANTEE_COL_NUM_IN_GRANTEE_TABLE_TYPE_GRANTOR_INDEX = 1;
+
     private static final boolean[] indexUniqueness = { true, true, false};
 
     private	static final String[] uuids =

Added: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSROLESRowFactory.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSROLESRowFactory.java?rev=594158&view=auto
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSROLESRowFactory.java (added)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSROLESRowFactory.java Mon Nov 12 06:24:25 2007
@@ -0,0 +1,231 @@
+/*
+
+   Derby - Class org.apache.derby.impl.sql.catalog.SYSROLESRowFactory
+
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to you under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+*/
+
+package org.apache.derby.impl.sql.catalog;
+
+import org.apache.derby.iapi.types.SQLChar;
+import org.apache.derby.iapi.types.SQLVarchar;
+import org.apache.derby.iapi.types.DataValueDescriptor;
+import org.apache.derby.iapi.sql.dictionary.SystemColumn;
+import org.apache.derby.iapi.types.DataValueFactory;
+import org.apache.derby.iapi.sql.dictionary.CatalogRowFactory;
+import org.apache.derby.iapi.sql.dictionary.DataDescriptorGenerator;
+import org.apache.derby.iapi.sql.dictionary.DataDictionary;
+import org.apache.derby.iapi.sql.dictionary.RoleDescriptor;
+import org.apache.derby.iapi.sql.dictionary.TupleDescriptor;
+import org.apache.derby.iapi.sql.execute.ExecutionFactory;
+import org.apache.derby.iapi.sql.execute.ExecRow;
+import org.apache.derby.iapi.error.StandardException;
+import org.apache.derby.iapi.services.uuid.UUIDFactory;
+import org.apache.derby.iapi.services.sanity.SanityManager;
+
+/**
+ * Factory for creating a SYSROLES row.
+ */
+
+public class SYSROLESRowFactory extends CatalogRowFactory
+{
+    private static final String TABLENAME_STRING = "SYSROLES";
+
+    private static final int SYSROLES_COLUMN_COUNT = 5;
+    /* Column #s for sysinfo (1 based) */
+    private static final int SYSROLES_ROLEID = 1;
+    private static final int SYSROLES_GRANTEE = 2;
+    private static final int SYSROLES_GRANTOR = 3;
+    private static final int SYSROLES_WITHADMINOPTION = 4;
+    private static final int SYSROLES_ISDEF = 5;
+
+    static final int SYSROLES_INDEX1_ID = 0;
+    static final int SYSROLES_INDEX2_ID = 1;
+
+
+    private static final int[][] indexColumnPositions =
+    {
+        {SYSROLES_ROLEID, SYSROLES_GRANTEE, SYSROLES_GRANTOR},
+        {SYSROLES_ROLEID, SYSROLES_ISDEF}
+    };
+
+    static final int SYSROLES_ROLEID_IN_INDEX1 = 1;
+    static final int SYSROLES_GRANTEE_IN_INDEX1 = 2;
+
+    private static  final   boolean[]   uniqueness = {true,false};
+
+    private static final String[] uuids = {
+        "e03f4017-0115-382c-08df-ffffe275b270", // catalog UUID
+        "c851401a-0115-382c-08df-ffffe275b270", // heap UUID
+        "c065801d-0115-382c-08df-ffffe275b270", // SYSROLES_INDEX1
+        "787c0020-0115-382c-08df-ffffe275b270"  // SYSROLES_INDEX2
+    };
+
+    /**
+     * Constructor
+     *
+     * @param uuidf UUIDFactory
+     * @param ef    ExecutionFactory
+     * @param dvf   DataValueFactory
+     */
+    SYSROLESRowFactory(UUIDFactory uuidf,
+                       ExecutionFactory ef,
+                       DataValueFactory dvf)
+    {
+        super(uuidf,ef,dvf);
+        initInfo(SYSROLES_COLUMN_COUNT, TABLENAME_STRING,
+                 indexColumnPositions, uniqueness, uuids );
+    }
+
+    /**
+     * Make a SYSROLES row
+     *
+     * @param td a role descriptor
+     * @param parent unused
+     *
+     * @return  Row suitable for inserting into SYSROLES.
+     *
+     * @exception   StandardException thrown on failure
+     */
+
+    public ExecRow makeRow(TupleDescriptor td, TupleDescriptor parent)
+        throws StandardException
+    {
+        ExecRow                 row;
+        String                  roleid = null;
+        String                  grantee = null;
+        String                  grantor = null;
+        boolean                 wao = false;
+        boolean                 isdef = false;
+
+        if (td != null)
+        {
+            RoleDescriptor roleDescriptor = (RoleDescriptor)td;
+
+            roleid = roleDescriptor.getRoleName();
+            grantee = roleDescriptor.getGrantee();
+            grantor = roleDescriptor.getGrantor();
+            wao = roleDescriptor.isWithAdminOption();
+            isdef = roleDescriptor.isDef();
+        }
+
+        /* Build the row to insert */
+        row = getExecutionFactory().getValueRow(SYSROLES_COLUMN_COUNT);
+
+        /* 1st column is ROLEID */
+        row.setColumn(1, new SQLVarchar(roleid));
+
+        /* 2nd column is GRANTEE */
+        row.setColumn(2, new SQLVarchar(grantee));
+
+        /* 3rd column is GRANTOR */
+        row.setColumn(3, new SQLVarchar(grantor));
+
+        /* 4th column is WITHADMINOPTION */
+        row.setColumn(4, new SQLChar(wao ? "Y" : "N"));
+
+        /* 4th column is ISDEF */
+        row.setColumn(5, new SQLChar(isdef ? "Y" : "N"));
+
+        return row;
+    }
+
+
+    ///////////////////////////////////////////////////////////////////////////
+    //
+    //  ABSTRACT METHODS TO BE IMPLEMENTED BY CHILDREN OF CatalogRowFactory
+    //
+    ///////////////////////////////////////////////////////////////////////////
+
+    /**
+     * Make an  Tuple Descriptor out of a SYSROLES row
+     *
+     * @param row                   a SYSROLES row
+     * @param parentTupleDescriptor unused
+     * @param dd                    dataDictionary
+     *
+     * @return  a  descriptor equivalent to a SYSROLES row
+     *
+     * @exception   StandardException thrown on failure
+     */
+    public TupleDescriptor buildDescriptor
+        (ExecRow                 row,
+         TupleDescriptor         parentTupleDescriptor,
+         DataDictionary          dd )
+        throws StandardException {
+
+        DataValueDescriptor         col;
+        RoleDescriptor              descriptor;
+        String                      roleid;
+        String                      grantee;
+        String                      grantor;
+        String                      wao;
+        String                      isdef;
+        DataDescriptorGenerator     ddg = dd.getDataDescriptorGenerator();
+
+        if (SanityManager.DEBUG)
+        {
+            SanityManager.ASSERT(row.nColumns() == SYSROLES_COLUMN_COUNT,
+                                 "Wrong number of columns for a SYSROLES row");
+        }
+
+        // first column is roleid (varchar(128))
+        col = row.getColumn(1);
+        roleid = col.getString();
+
+        // second column is grantee (varchar(128))
+        col = row.getColumn(2);
+        grantee = col.getString();
+
+        // third column is grantor (varchar(128))
+        col = row.getColumn(3);
+        grantor = col.getString();
+
+        // fourth column is withadminoption (char(1))
+        col = row.getColumn(4);
+        wao = col.getString();
+
+        // fifth column is isdef (char(1))
+        col = row.getColumn(5);
+        isdef = col.getString();
+
+        descriptor = ddg.newRoleDescriptor(roleid,
+                                           grantee,
+                                           grantor,
+                                           wao.equals("Y") ? true: false,
+                                           isdef.equals("Y") ? true: false);
+
+        return descriptor;
+    }
+
+    /**
+     * Builds a list of columns suitable for creating this Catalog.
+     *
+     *
+     * @return array of SystemColumn suitable for making this catalog.
+     */
+    public SystemColumn[]   buildColumnList()
+    {
+        return new SystemColumn[] {
+            SystemColumnImpl.getIdentifierColumn("ROLEID", false),
+            SystemColumnImpl.getIdentifierColumn("GRANTEE", false),
+            SystemColumnImpl.getIdentifierColumn("GRANTOR", false),
+            SystemColumnImpl.getIndicatorColumn("WITHADMINOPTION"),
+            SystemColumnImpl.getIndicatorColumn("ISDEF"),
+        };
+    }
+}

Propchange: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSROLESRowFactory.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSROUTINEPERMSRowFactory.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSROUTINEPERMSRowFactory.java?rev=594158&r1=594157&r2=594158&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSROUTINEPERMSRowFactory.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSROUTINEPERMSRowFactory.java Mon Nov 12 06:24:25 2007
@@ -70,6 +70,8 @@
 		{ ALIASID_COL_NUM }
 	};
 
+    public static final int GRANTEE_COL_NUM_IN_GRANTEE_ALIAS_GRANTOR_INDEX = 1;
+
     private static final boolean[] indexUniqueness = { true, true, false };
 
     private	static final String[] uuids =

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSTABLEPERMSRowFactory.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSTABLEPERMSRowFactory.java?rev=594158&r1=594157&r2=594158&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSTABLEPERMSRowFactory.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSTABLEPERMSRowFactory.java Mon Nov 12 06:24:25 2007
@@ -73,6 +73,8 @@
 		{ TABLEID_COL_NUM }
 	};
 
+    public static final int GRANTEE_COL_NUM_IN_GRANTEE_TABLE_GRANTOR_INDEX = 1;
+
     private static final boolean[] indexUniqueness = { true, true, false};
     
     private	static final String[] uuids =

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/C_NodeNames.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/C_NodeNames.java?rev=594158&r1=594157&r2=594158&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/C_NodeNames.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/C_NodeNames.java Mon Nov 12 06:24:25 2007
@@ -84,6 +84,9 @@
 
 	static final String CREATE_ALIAS_NODE_NAME = "org.apache.derby.impl.sql.compile.CreateAliasNode";
 
+	static final String CREATE_ROLE_NODE_NAME =
+		"org.apache.derby.impl.sql.compile.CreateRoleNode";
+
 	static final String CREATE_INDEX_NODE_NAME = "org.apache.derby.impl.sql.compile.CreateIndexNode";
 
 	static final String CREATE_SCHEMA_NODE_NAME = "org.apache.derby.impl.sql.compile.CreateSchemaNode";
@@ -118,6 +121,9 @@
 
 	static final String DROP_INDEX_NODE_NAME = "org.apache.derby.impl.sql.compile.DropIndexNode";
 
+	static final String DROP_ROLE_NODE_NAME =
+		"org.apache.derby.impl.sql.compile.DropRoleNode";
+
 	static final String DROP_SCHEMA_NODE_NAME = "org.apache.derby.impl.sql.compile.DropSchemaNode";
 
 	static final String DROP_TABLE_NODE_NAME = "org.apache.derby.impl.sql.compile.DropTableNode";
@@ -143,6 +149,9 @@
 	static final String GET_CURRENT_CONNECTION_NODE_NAME = "org.apache.derby.impl.sql.compile.GetCurrentConnectionNode";
 
 	static final String GRANT_NODE_NAME = "org.apache.derby.impl.sql.compile.GrantNode";
+
+    static final String GRANT_ROLE_NODE_NAME =
+		"org.apache.derby.impl.sql.compile.GrantRoleNode";
     
 	static final String GROUP_BY_COLUMN_NAME = "org.apache.derby.impl.sql.compile.GroupByColumn";
 
@@ -215,7 +224,10 @@
 	static final String RESULT_COLUMN_LIST_NAME = "org.apache.derby.impl.sql.compile.ResultColumnList";
 
 	static final String REVOKE_NODE_NAME = "org.apache.derby.impl.sql.compile.RevokeNode";
-    
+
+	static final String REVOKE_ROLE_NODE_NAME =
+		"org.apache.derby.impl.sql.compile.RevokeRoleNode";
+
 	static final String ROW_RESULT_SET_NODE_NAME = "org.apache.derby.impl.sql.compile.RowResultSetNode";
 
 	static final String SQL_BOOLEAN_CONSTANT_NODE_NAME = "org.apache.derby.impl.sql.compile.SQLBooleanConstantNode";
@@ -225,6 +237,9 @@
 	static final String SCROLL_INSENSITIVE_RESULT_SET_NODE_NAME = "org.apache.derby.impl.sql.compile.ScrollInsensitiveResultSetNode";
 
 	static final String SELECT_NODE_NAME = "org.apache.derby.impl.sql.compile.SelectNode";
+
+	static final String SET_ROLE_NODE_NAME =
+		"org.apache.derby.impl.sql.compile.SetRoleNode";
 
 	static final String SET_SCHEMA_NODE_NAME = "org.apache.derby.impl.sql.compile.SetSchemaNode";
 

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ColumnDefinitionNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ColumnDefinitionNode.java?rev=594158&r1=594157&r2=594158&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ColumnDefinitionNode.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ColumnDefinitionNode.java Mon Nov 12 06:24:25 2007
@@ -697,6 +697,7 @@
 				{
 				case C_NodeTypes.USER_NODE:
 				case C_NodeTypes.CURRENT_USER_NODE:
+				case C_NodeTypes.CURRENT_ROLE_NODE:
 				case C_NodeTypes.SESSION_USER_NODE:
 				case C_NodeTypes.SYSTEM_USER_NODE:
 				// DB2 enforces min length of 8.

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CompilerContextImpl.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CompilerContextImpl.java?rev=594158&r1=594157&r2=594158&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CompilerContextImpl.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CompilerContextImpl.java Mon Nov 12 06:24:25 2007
@@ -41,6 +41,7 @@
 import org.apache.derby.iapi.sql.dictionary.StatementSchemaPermission;
 import org.apache.derby.iapi.sql.dictionary.StatementColumnPermission;
 import org.apache.derby.iapi.sql.dictionary.StatementRoutinePermission;
+import org.apache.derby.iapi.sql.dictionary.StatementRolePermission;
 
 import org.apache.derby.iapi.types.DataTypeDescriptor;
 
@@ -693,6 +694,7 @@
 		requiredTablePrivileges = null;
 		requiredSchemaPrivileges = null;
 		requiredRoutinePrivileges = null;
+		requiredRolePrivileges = null;
 		LanguageConnectionContext lcc = (LanguageConnectionContext)
 		getContextManager().getContext(LanguageConnectionContext.CONTEXT_ID);
 		if( lcc.usesSqlAuthorization())
@@ -701,6 +703,7 @@
 			requiredTablePrivileges = new HashMap();
 			requiredSchemaPrivileges = new HashMap();
 			requiredRoutinePrivileges = new HashMap();
+			requiredRolePrivileges = new HashMap();
 		}
 	} // end of initRequiredPriv
 
@@ -818,6 +821,24 @@
 		requiredSchemaPrivileges.put(key, key);
 	}
 
+
+	/**
+	 * Add a required role privilege to the list privileges.
+	 *
+	 * @see CompilerContext#addRequiredRolePriv
+	 */
+	public void addRequiredRolePriv(String roleName, int privType)
+	{
+		if( requiredRolePrivileges == null)
+			return;
+
+		StatementRolePermission key = new
+			StatementRolePermission(roleName, privType);
+
+		requiredRolePrivileges.put(key, key);
+	}
+
+
 	/**
 	 * @return The list of required privileges.
 	 */
@@ -832,6 +853,8 @@
 			size += requiredSchemaPrivileges.size();
 		if( requiredColumnPrivileges != null)
 			size += requiredColumnPrivileges.size();
+		if( requiredRolePrivileges != null)
+			size += requiredRolePrivileges.size();
 		
 		ArrayList list = new ArrayList( size);
 		if( requiredRoutinePrivileges != null)
@@ -864,6 +887,14 @@
 				list.add( itr.next());
 			}
 		}
+		if( requiredRolePrivileges != null)
+		{
+			for( Iterator itr = requiredRolePrivileges.values().iterator();
+				 itr.hasNext();)
+			{
+				list.add( itr.next());
+			}
+		}
 		return list;
 	} // end of getRequiredPermissionsList
 
@@ -914,4 +945,5 @@
 	private HashMap requiredTablePrivileges;
 	private HashMap requiredSchemaPrivileges;
 	private HashMap requiredRoutinePrivileges;
+	private HashMap requiredRolePrivileges;
 } // end of class CompilerContextImpl

Added: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CreateRoleNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CreateRoleNode.java?rev=594158&view=auto
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CreateRoleNode.java (added)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CreateRoleNode.java Mon Nov 12 06:24:25 2007
@@ -0,0 +1,99 @@
+/*
+
+   Derby - Class org.apache.derby.impl.sql.compile.CreateRoleNode
+
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to you under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+ */
+
+package org.apache.derby.impl.sql.compile;
+
+import org.apache.derby.iapi.error.StandardException;
+import org.apache.derby.iapi.services.sanity.SanityManager;
+import org.apache.derby.iapi.sql.compile.CompilerContext;
+import org.apache.derby.iapi.sql.conn.Authorizer;
+import org.apache.derby.iapi.sql.execute.ConstantAction;
+
+/**
+ * A CreateRoleNode is the root of a QueryTree that
+ * represents a CREATE ROLE statement.
+ *
+ */
+
+public class CreateRoleNode extends DDLStatementNode
+{
+    private String name;
+
+    /**
+     * Initializer for a CreateRoleNode
+     *
+     * @param roleName  The name of the new role
+     *
+     * @exception StandardException         Thrown on error
+     */
+    public void init(Object     roleName) throws StandardException
+    {
+        initAndCheck(null);
+        this.name = (String)roleName;
+    }
+
+    /**
+     * Convert this object to a String.  See comments in QueryTreeNode.java
+     * for how this should be done for tree printing.
+     *
+     * @return  This object as a String
+     */
+
+    public String toString()
+    {
+        if (SanityManager.DEBUG) {
+            return super.toString() +
+                "roleName: " + "\n" + name + "\n";
+        } else {
+            return "";
+        }
+    }
+
+    /**
+     * Bind this createRoleNode. Main work is to create a StatementPermission
+     * object to require CREATE_ROLE_PRIV at execution time.
+     */
+    public void bindStatement() throws StandardException
+    {
+        CompilerContext cc = getCompilerContext();
+        if (isPrivilegeCollectionRequired()) {
+            cc.addRequiredRolePriv(name, Authorizer.CREATE_ROLE_PRIV);
+        }
+    }
+
+    public String statementToString()
+    {
+        return "CREATE ROLE";
+    }
+
+    // We inherit the generate() method from DDLStatementNode.
+
+    /**
+     * Create the Constant information that will drive the guts of Execution.
+     *
+     * @exception StandardException         Thrown on failure
+     */
+    public ConstantAction   makeConstantAction()
+    {
+        return  getGenericConstantActionFactory().
+                getCreateRoleConstantAction(name);
+    }
+}

Propchange: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CreateRoleNode.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/DropRoleNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/DropRoleNode.java?rev=594158&view=auto
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/DropRoleNode.java (added)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/DropRoleNode.java Mon Nov 12 06:24:25 2007
@@ -0,0 +1,97 @@
+/*
+
+   Derby - Class org.apache.derby.impl.sql.compile.DropRoleNode
+
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to you under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+ */
+
+package org.apache.derby.impl.sql.compile;
+
+import org.apache.derby.iapi.sql.compile.CompilerContext;
+import org.apache.derby.iapi.sql.conn.Authorizer;
+import org.apache.derby.iapi.sql.execute.ConstantAction;
+
+import org.apache.derby.iapi.error.StandardException;
+
+import org.apache.derby.iapi.services.sanity.SanityManager;
+
+/**
+ * A DropRoleNode is the root of a QueryTree that represents
+ * a DROP ROLE statement.
+ *
+ */
+
+public class DropRoleNode extends DDLStatementNode
+{
+    private String roleName;
+
+    /**
+     * Initializer for a DropRoleNode
+     *
+     * @param roleName      The name of the object being dropped
+     *
+     */
+    public void init(Object roleName)
+        throws StandardException
+    {
+        initAndCheck(null);
+        this.roleName = (String)roleName;
+    }
+
+    public void bindStatement() throws StandardException
+    {
+        CompilerContext cc = getCompilerContext();
+        if (isPrivilegeCollectionRequired()) {
+            cc.addRequiredRolePriv(roleName, Authorizer.DROP_ROLE_PRIV);
+        }
+    }
+
+    /**
+     * Convert this object to a String.  See comments in QueryTreeNode.java
+     * for how this should be done for tree printing.
+     *
+     * @return  This object as a String
+     */
+
+    public String toString()
+    {
+        if (SanityManager.DEBUG) {
+            return super.toString() +
+                "roleName: " +  roleName + "\n";
+        } else {
+            return "";
+        }
+    }
+
+    public String statementToString()
+    {
+        return "DROP ROLE";
+    }
+
+    // inherit generate() method from DDLStatementNode
+
+    /**
+     * Create the Constant information that will drive the guts of Execution.
+     *
+     * @exception StandardException         Thrown on failure
+     */
+    public ConstantAction   makeConstantAction() throws StandardException
+    {
+        return  getGenericConstantActionFactory().
+            getDropRoleConstantAction(roleName);
+    }
+}

Propchange: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/DropRoleNode.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/GrantRoleNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/GrantRoleNode.java?rev=594158&view=auto
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/GrantRoleNode.java (added)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/GrantRoleNode.java Mon Nov 12 06:24:25 2007
@@ -0,0 +1,108 @@
+/*
+
+   Derby - Class org.apache.derby.impl.sql.compile.GrantRoleNode
+
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to you under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+ */
+
+package org.apache.derby.impl.sql.compile;
+
+import org.apache.derby.iapi.sql.execute.ConstantAction;
+import org.apache.derby.iapi.services.sanity.SanityManager;
+import org.apache.derby.iapi.error.StandardException;
+
+import java.util.Iterator;
+import java.util.List;
+import org.apache.derby.iapi.sql.compile.CompilerContext;
+import org.apache.derby.iapi.sql.conn.Authorizer;
+
+/**
+ * This class represents a GRANT role statement.
+ */
+public class GrantRoleNode extends DDLStatementNode
+{
+    private List roles;
+    private List grantees;
+
+    /**
+     * Initialize a GrantRoleNode.
+     *
+     * @param roles list of strings containing role name to be granted
+     * @param grantees list of strings containing grantee names
+     */
+    public void init(Object roles,
+					 Object grantees)
+        throws StandardException
+    {
+        initAndCheck(null);
+        this.roles = (List) roles;
+        this.grantees = (List) grantees;
+    }
+
+
+    /**
+     * Create the Constant information that will drive the guts of Execution.
+     *
+     * @exception StandardException Standard error policy.
+     */
+    public ConstantAction makeConstantAction() throws StandardException
+    {
+        return getGenericConstantActionFactory().
+            getGrantRoleConstantAction( roles, grantees);
+    }
+
+
+    /**
+     * Convert this object to a String.  See comments in QueryTreeNode.java
+     * for how this should be done for tree printing.
+     *
+     * @return  This object as a String
+     */
+
+    public String toString()
+    {
+        if (SanityManager.DEBUG) {
+                StringBuffer sb1 = new StringBuffer();
+                for( Iterator it = roles.iterator(); it.hasNext();) {
+					if( sb1.length() > 0) {
+						sb1.append( ", ");
+					}
+					sb1.append( it.next().toString());
+				}
+
+                StringBuffer sb2 = new StringBuffer();
+                for( Iterator it = grantees.iterator(); it.hasNext();) {
+					if( sb2.length() > 0) {
+						sb2.append( ", ");
+					}
+					sb2.append( it.next().toString());
+				}
+                return (super.toString() +
+                        sb1.toString() +
+                        " TO: " +
+                        sb2.toString() +
+                        "\n");
+		} else {
+			return "";
+		}
+    } // end of toString
+
+    public String statementToString()
+    {
+        return "GRANT role";
+    }
+}

Propchange: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/GrantRoleNode.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/NodeFactoryImpl.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/NodeFactoryImpl.java?rev=594158&r1=594157&r2=594158&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/NodeFactoryImpl.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/NodeFactoryImpl.java Mon Nov 12 06:24:25 2007
@@ -361,6 +361,9 @@
 		  case C_NodeTypes.RESULT_COLUMN:
 		  	return C_NodeNames.RESULT_COLUMN_NAME;
 
+		  case C_NodeTypes.SET_ROLE_NODE:
+		  	return C_NodeNames.SET_ROLE_NODE_NAME;
+
 		  case C_NodeTypes.SET_SCHEMA_NODE:
 		  	return C_NodeNames.SET_SCHEMA_NODE_NAME;
 
@@ -382,6 +385,9 @@
 		  case C_NodeTypes.DROP_SCHEMA_NODE:
 		  	return C_NodeNames.DROP_SCHEMA_NODE_NAME;
 
+		  case C_NodeTypes.DROP_ROLE_NODE:
+		  	return C_NodeNames.DROP_ROLE_NODE_NAME;
+
 		  case C_NodeTypes.DROP_TABLE_NODE:
 		  	return C_NodeNames.DROP_TABLE_NODE_NAME;
 
@@ -438,6 +444,7 @@
 		  case C_NodeTypes.CURRENT_ISOLATION_NODE:
 		  case C_NodeTypes.IDENTITY_VAL_NODE:
 		  case C_NodeTypes.CURRENT_SCHEMA_NODE:
+          case C_NodeTypes.CURRENT_ROLE_NODE:
 		  	return C_NodeNames.SPECIAL_FUNCTION_NODE_NAME;
 
 		  case C_NodeTypes.IS_NODE:
@@ -498,6 +505,9 @@
 		  case C_NodeTypes.NEW_INVOCATION_NODE:
 		  	return C_NodeNames.NEW_INVOCATION_NODE_NAME;
 
+		  case C_NodeTypes.CREATE_ROLE_NODE:
+		  	return C_NodeNames.CREATE_ROLE_NODE_NAME;
+
 		  case C_NodeTypes.CREATE_SCHEMA_NODE:
 		  	return C_NodeNames.CREATE_SCHEMA_NODE_NAME;
 
@@ -591,6 +601,12 @@
             return C_NodeNames.GRANT_NODE_NAME;
           case C_NodeTypes.REVOKE_NODE:
             return C_NodeNames.REVOKE_NODE_NAME;
+
+          case C_NodeTypes.GRANT_ROLE_NODE:
+            return C_NodeNames.GRANT_ROLE_NODE_NAME;
+
+          case C_NodeTypes.REVOKE_ROLE_NODE:
+			return C_NodeNames.REVOKE_ROLE_NODE_NAME;
 
           case C_NodeTypes.PRIVILEGE_NODE:
             return C_NodeNames.PRIVILEGE_NAME;

Added: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/RevokeRoleNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/RevokeRoleNode.java?rev=594158&view=auto
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/RevokeRoleNode.java (added)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/RevokeRoleNode.java Mon Nov 12 06:24:25 2007
@@ -0,0 +1,106 @@
+/*
+
+   Derby - Class org.apache.derby.impl.sql.compile.RevokeRoleNode
+
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to you under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+	  http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+ */
+
+package org.apache.derby.impl.sql.compile;
+
+import org.apache.derby.iapi.sql.execute.ConstantAction;
+import org.apache.derby.iapi.services.sanity.SanityManager;
+import org.apache.derby.iapi.error.StandardException;
+
+import java.util.Iterator;
+import java.util.List;
+import org.apache.derby.iapi.sql.compile.CompilerContext;
+import org.apache.derby.iapi.sql.conn.Authorizer;
+
+/**
+ * This class represents a REVOKE role statement.
+ */
+public class RevokeRoleNode extends DDLStatementNode
+{
+	private List roles;
+	private List grantees;
+
+	/**
+	 * Initialize a RevokeRoleNode.
+	 *
+	 * @param roles list of strings containing role name to be revoked
+	 * @param grantees list of strings containing grantee names
+	 */
+	public void init(Object roles, Object grantees) throws StandardException
+	{
+		initAndCheck(null);
+		this.roles = (List) roles;
+		this.grantees = (List) grantees;
+	}
+
+
+	/**
+	 * Create the Constant information that will drive the guts of Execution.
+	 *
+	 * @exception StandardException Standard error policy.
+	 */
+	public ConstantAction makeConstantAction() throws StandardException
+	{
+		return getGenericConstantActionFactory().
+			getRevokeRoleConstantAction( roles, grantees);
+	}
+
+	/**
+	 * Convert this object to a String.  See comments in QueryTreeNode.java
+	 * for how this should be done for tree printing.
+	 *
+	 * @return	This object as a String
+	 */
+
+	public String toString()
+	{
+		if (SanityManager.DEBUG) {
+			StringBuffer sb1 = new StringBuffer();
+			for( Iterator it = roles.iterator(); it.hasNext();) {
+				if( sb1.length() > 0) {
+					sb1.append( ", ");
+				}
+				sb1.append( it.next().toString());
+			}
+
+			StringBuffer sb2 = new StringBuffer();
+			for( Iterator it = grantees.iterator(); it.hasNext();) {
+				if( sb2.length() > 0) {
+					sb2.append( ", ");
+				}
+				sb2.append( it.next().toString());
+			}
+			return (super.toString() +
+					sb1.toString() +
+					" FROM: " +
+					sb2.toString() +
+					"\n");
+		} else {
+			return "";
+		}
+	} // end of toString
+
+
+	public String statementToString()
+	{
+		return "REVOKE role";
+	}
+}

Propchange: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/RevokeRoleNode.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/SetRoleNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/SetRoleNode.java?rev=594158&view=auto
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/SetRoleNode.java (added)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/SetRoleNode.java Mon Nov 12 06:24:25 2007
@@ -0,0 +1,179 @@
+/*
+
+   Derby - Class org.apache.derby.impl.sql.compile.SetRoleNode
+
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to you under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+ */
+
+package     org.apache.derby.impl.sql.compile;
+
+import org.apache.derby.iapi.reference.ClassName;
+import org.apache.derby.iapi.services.classfile.VMOpcode;
+import org.apache.derby.iapi.services.compiler.MethodBuilder;
+import org.apache.derby.iapi.services.sanity.SanityManager;
+import org.apache.derby.iapi.error.StandardException;
+import org.apache.derby.iapi.sql.execute.ConstantAction;
+import org.apache.derby.iapi.sql.StatementType;
+import java.util.Vector;
+
+
+/**
+ * A SetRoleNode is the root of a QueryTree that represents a SET ROLE
+ * statement.
+ */
+
+public class SetRoleNode extends MiscellaneousStatementNode
+{
+    private String      name;
+    private int         type;
+
+    /**
+     * Initializer for a SetRoleNode
+     *
+     * @param roleName  The name of the new role, null if NONE specified
+     * @param type      Type of role name could be USER or dynamic parameter
+     *
+     */
+    public void init(Object roleName, Object type)
+    {
+        this.name = (String) roleName;
+        if (type != null) {
+            this.type = ((Integer)type).intValue();
+        }
+    }
+
+    /**
+     * Convert this object to a String.  See comments in QueryTreeNode.java
+     * for how this should be done for tree printing.
+     *
+     * @return  This object as a String
+     */
+
+    public String toString()
+    {
+        if (SanityManager.DEBUG) {
+            return super.toString() +
+                (type == StatementType.SET_ROLE_DYNAMIC ?
+                 "roleName: ?\n" :
+                 "rolename: " + name + "\n");
+        } else {
+            return "";
+        }
+    }
+
+    public String statementToString()
+    {
+        return "SET ROLE";
+    }
+
+    /**
+     * Create the Constant information that will drive the guts of
+     * Execution.
+     *
+     * @exception StandardException         Thrown on failure
+     */
+    public ConstantAction   makeConstantAction() throws StandardException
+    {
+        return getGenericConstantActionFactory().
+			getSetRoleConstantAction(name, type);
+    }
+    /**
+     * Override: Generate code, need to push parameters
+     *
+     * @param acb   The ActivationClassBuilder for the class being built
+     * @param mb the method  for the execute() method to be built
+     *
+     * @exception StandardException         Thrown on error
+     */
+
+    public void generate(ActivationClassBuilder acb,
+                         MethodBuilder mb)
+            throws StandardException
+    {
+        //generate the parameters for the DYNAMIC SET ROLE
+        if (type == StatementType.SET_ROLE_DYNAMIC) {
+            generateParameterValueSet(acb);
+        }
+        // The generated java is the expression:
+        // return ResultSetFactory.getMiscResultSet(this )
+
+        acb.pushGetResultSetFactoryExpression(mb);
+
+        acb.pushThisAsActivation(mb); // first arg
+
+        mb.callMethod(VMOpcode.INVOKEINTERFACE, (String)null,
+					  "getMiscResultSet", ClassName.ResultSet, 1);
+    }
+    /**
+     * Generate the code to create the ParameterValueSet, if necessary,
+     * when constructing the activation.  Also generate the code to call
+     * a method that will throw an exception if we try to execute without
+     * all the parameters being set.
+     *
+     * @param acb   The ActivationClassBuilder for the class we're building
+     *
+     * @exception StandardException         Thrown on error
+     */
+
+    private void generateParameterValueSet(ActivationClassBuilder acb)
+        throws StandardException
+    {
+        Vector parameterList = getCompilerContext().getParameterList();
+        // parameter list size should be 1
+        if (SanityManager.DEBUG) {
+            SanityManager.ASSERT(parameterList != null &&
+								 parameterList.size() == 1);
+        }
+        ParameterNode.generateParameterValueSet (acb, 1, parameterList);
+    }
+
+    /**
+     * Override: Returns the type of activation this class
+     * generates.
+     *
+     * @return  NEED_PARAM_ACTIVATION or
+     *          NEED_NOTHING_ACTIVATION depending on params
+     *
+     */
+    int activationKind()
+    {
+        Vector parameterList = getCompilerContext().getParameterList();
+        /*
+        ** We need parameters only for those that have parameters.
+        */
+        if (type == StatementType.SET_ROLE_DYNAMIC) {
+            return StatementNode.NEED_PARAM_ACTIVATION;
+        } else {
+            return StatementNode.NEED_NOTHING_ACTIVATION;
+        }
+    }
+
+
+	/**
+	 * Override to allow committing of reading SYSROLES,
+	 * cf. SetRoleConstantAction's call to userCommit to retain idle
+	 * state. If atomic, that commit will fail.
+	 *
+	 * @return false
+	 */
+	public boolean isAtomic()
+	{
+		return false;
+	}
+
+
+}

Propchange: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/SetRoleNode.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/SpecialFunctionNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/SpecialFunctionNode.java?rev=594158&r1=594157&r2=594158&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/SpecialFunctionNode.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/SpecialFunctionNode.java Mon Nov 12 06:24:25 2007
@@ -59,6 +59,7 @@
 	 <UL>
 	 <LI> USER
 	 <LI> CURRENT_USER
+	 <LI> CURRENT_ROLE
 	 <LI> SESSION_USER
 	 <LI> SYSTEM_USER
 	 <LI> CURRENT SCHEMA
@@ -153,6 +154,22 @@
 			//ie there collation type will be UCS_BASIC. The collation 
 			//derivation will be implicit. 
 			dtd.setCollationDerivation(StringDataValue.COLLATION_DERIVATION_IMPLICIT);
+			dtd.setCollationType(StringDataValue.COLLATION_TYPE_UCS_BASIC);
+			break;
+
+		case C_NodeTypes.CURRENT_ROLE_NODE:
+			sqlName = "CURRENT_ROLE";
+			methodName = "getCurrentRoleId";
+			methodType = "java.lang.String";
+			dtd = DataTypeDescriptor.getBuiltInDataTypeDescriptor(
+				Types.VARCHAR, false, 128);
+			//SQL spec Section 6.4 Syntax Rule 4 says that the collation type
+			//of these functions will be the collation of character set
+			//SQL_IDENTIFIER. In Derby's case, that will mean, the collation of
+			//these functions will be UCS_BASIC. The collation derivation will
+			//be implicit.
+			dtd.setCollationDerivation(
+				StringDataValue.COLLATION_DERIVATION_IMPLICIT);
 			dtd.setCollationType(StringDataValue.COLLATION_TYPE_UCS_BASIC);
 			break;
 

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/conn/GenericLanguageConnectionContext.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/conn/GenericLanguageConnectionContext.java?rev=594158&r1=594157&r2=594158&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/conn/GenericLanguageConnectionContext.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/conn/GenericLanguageConnectionContext.java Mon Nov 12 06:24:25 2007
@@ -50,6 +50,7 @@
 import org.apache.derby.iapi.sql.dictionary.ConglomerateDescriptor;
 import org.apache.derby.iapi.sql.dictionary.ConglomerateDescriptorList;
 import org.apache.derby.iapi.sql.dictionary.DataDictionary;
+import org.apache.derby.iapi.sql.dictionary.RoleDescriptor;
 import org.apache.derby.iapi.sql.dictionary.SchemaDescriptor;
 import org.apache.derby.iapi.sql.dictionary.TableDescriptor;
 import org.apache.derby.iapi.types.DataValueFactory;
@@ -184,7 +185,7 @@
     protected Authorizer authorizer;
 	protected String userName = null; //The name the user connects with.
 	                                  //May still be quoted.
-	
+	protected RoleDescriptor currentRole;
 	protected SchemaDescriptor	sd;
 
 	// RESOLVE - How do we want to set the default.
@@ -1758,7 +1759,7 @@
 	}
 
 	/**
-	 *	Get the Authorization Id
+	 *	Get the Authorization Id (user)
 	 *
 	 * @return String	the authorization id
 	 */
@@ -1766,6 +1767,28 @@
 	{ 
 		return authorizer.getAuthorizationId();
 	}
+
+
+	/**
+	 * Get the current role authorization identifier
+	 *
+	 * @return String	the role id
+	 */
+	public String getCurrentRoleId() {
+		return currentRole != null ?
+			currentRole.getRoleName() : null;
+	}
+
+
+	/**
+	 * Set the current role
+	 *
+	 * @param rd	the descriptor of the role to be set to current
+	 */
+	public void setCurrentRole(RoleDescriptor rd) {
+		this.currentRole = rd;
+	}
+
 
 	/**
 	 *	Get the default schema

Added: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateRoleConstantAction.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateRoleConstantAction.java?rev=594158&view=auto
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateRoleConstantAction.java (added)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateRoleConstantAction.java Mon Nov 12 06:24:25 2007
@@ -0,0 +1,123 @@
+/*
+
+   Derby - Class org.apache.derby.impl.sql.execute.CreateRoleConstantAction
+
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to you under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+ */
+
+package org.apache.derby.impl.sql.execute;
+
+import org.apache.derby.iapi.sql.execute.ConstantAction;
+
+import org.apache.derby.iapi.error.StandardException;
+import org.apache.derby.iapi.sql.Activation;
+import org.apache.derby.iapi.sql.conn.Authorizer;
+import org.apache.derby.iapi.sql.conn.LanguageConnectionContext;
+import org.apache.derby.iapi.sql.dictionary.DataDescriptorGenerator;
+import org.apache.derby.iapi.sql.dictionary.RoleDescriptor;
+import org.apache.derby.iapi.sql.dictionary.DataDictionary;
+import org.apache.derby.iapi.store.access.TransactionController;
+import org.apache.derby.shared.common.reference.SQLState;
+
+
+/**
+ *  This class performs actions that are ALWAYS performed for a
+ *  CREATE ROLE statement at execution time.
+ *  These SQL objects are stored in the SYS.SYSROLES table.
+ *
+ */
+class CreateRoleConstantAction extends DDLConstantAction {
+
+    private String roleName;
+
+    // CONSTRUCTORS
+    /**
+     *  Make the ConstantAction for a CREATE ROLE statement.
+     *  When executed, will create a role by the given name.
+     *
+     *  @param roleName     The name of the role being created
+     */
+    public CreateRoleConstantAction(String roleName)
+    {
+        this.roleName = roleName;
+    }
+
+    // INTERFACE METHODS
+
+    /**
+     *  This is the guts of the Execution-time logic for CREATE ROLE.
+     *
+     *  @see ConstantAction#executeConstantAction
+     *
+     * @exception StandardException     Thrown on failure
+     */
+    public void executeConstantAction(Activation activation)
+        throws StandardException
+    {
+
+        LanguageConnectionContext lcc =
+            activation.getLanguageConnectionContext();
+        DataDictionary dd = lcc.getDataDictionary();
+        TransactionController tc = lcc.getTransactionExecute();
+        DataDescriptorGenerator ddg = dd.getDataDescriptorGenerator();
+
+        // currentAuthId is currently always the database owner since
+        // role definition is a database owner power. This may change
+        // in the future since this SQL is more liberal.
+        //
+        final String currentAuthId = lcc.getAuthorizationId();
+
+        //
+        // Check if this role already exists. If it does, throw.
+        //
+        RoleDescriptor rd = dd.getRoleDefinitionDescriptor(roleName);
+
+        if (rd != null) {
+            throw StandardException.
+                newException(SQLState.LANG_OBJECT_ALREADY_EXISTS,
+                             "Role" , roleName);
+        }
+
+        // FIXME: Check if the proposed role id exists as a user id in
+        // a privilege grant or as a built-in user ("best effort"; we
+        // can't guarantee against collision if users are externally
+        // defined or added later).
+
+        rd = ddg.newRoleDescriptor(roleName,
+                                   currentAuthId,// grantee
+                                   Authorizer.SYSTEM_AUTHORIZATION_ID,// grantor
+                                   true,         // with admin option
+                                   true);        // is definition
+
+        dd.startWriting(lcc);
+        dd.addDescriptor(rd,
+                         null,  // parent
+                         DataDictionary.SYSROLES_CATALOG_NUM,
+                         false, // duplicatesAllowed
+                         tc);
+    }
+
+
+    // OBJECT SHADOWS
+
+    public String toString()
+    {
+        // Do not put this under SanityManager.DEBUG - it is needed for
+        // error reporting.
+        return "CREATE ROLE " + roleName;
+    }
+}

Propchange: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateRoleConstantAction.java
------------------------------------------------------------------------------
    svn:eol-style = native



Mime
View raw message