db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rhille...@apache.org
Subject svn commit: r1574566 - in /db/derby/code/trunk/java: engine/org/apache/derby/impl/sql/compile/ testing/org/apache/derbyTesting/functionTests/tests/lang/
Date Wed, 05 Mar 2014 16:38:40 GMT
Author: rhillegas
Date: Wed Mar  5 16:38:40 2014
New Revision: 1574566

URL: http://svn.apache.org/r1574566
Log:
DERBY-3155: Add privilege checks for the UPDATE actions of MERGE statements; commit derby-3155-34-ab-updatePrivs.diff.

Modified:
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/MatchingClauseNode.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/UpdateNode.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/GrantRevokeDDLTest.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/MergeStatementTest.java

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/MatchingClauseNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/MatchingClauseNode.java?rev=1574566&r1=1574565&r2=1574566&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/MatchingClauseNode.java
(original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/MatchingClauseNode.java
Wed Mar  5 16:38:40 2014
@@ -314,6 +314,11 @@ public class MatchingClauseNode extends 
         _dml.bindStatement();
 
         //
+        // Don't add USAGE privilege on user-defined types.
+        //
+        boolean wasSkippingTypePrivileges = getCompilerContext().skipTypePrivileges( true
);
+            
+        //
         // Split the update row into its before and after images.
         //
         ResultColumnList    beforeColumns = new ResultColumnList( getContextManager() );
@@ -336,6 +341,8 @@ public class MatchingClauseNode extends 
         }
 
         buildThenColumnsForUpdate( fullFromList, targetTable, fullUpdateRow, beforeColumns,
afterColumns );
+
+        getCompilerContext().skipTypePrivileges( wasSkippingTypePrivileges );
     }
 
     /**
@@ -810,7 +817,7 @@ public class MatchingClauseNode extends 
         }
         selectList.replaceOrForbidDefaults( targetTable.getTableDescriptor(), _insertColumns,
true );
 
-       bindExpressions( selectList, fullFromList );
+        bindExpressions( selectList, fullFromList );
         
         bindInsertValues( fullFromList, targetTable );
 

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/UpdateNode.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/UpdateNode.java?rev=1574566&r1=1574565&r2=1574566&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/UpdateNode.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/UpdateNode.java Wed
Mar  5 16:38:40 2014
@@ -203,7 +203,7 @@ public final class UpdateNode extends DM
 
         // collect lists of objects which will require privilege checks
         ArrayList<String>   explicitlySetColumns = getExplicitlySetColumns();
-        List<ValueNode> allValueNodes = collectAllValueNodes();
+        List<CastNode> allCastNodes = collectAllCastNodes();
         tagPrivilegedNodes();
 
         // tell the compiler to only add privilege checks for nodes which have been tagged
@@ -636,15 +636,16 @@ public final class UpdateNode extends DM
 
 		getCompilerContext().popCurrentPrivType();
 
-        // don't remove the privilege filter. additional binding may be
-        // done during the pre-processing phase
+        getCompilerContext().removePrivilegeFilter( tagFilter );
 
         //
-        // Add USAGE privilege for all UDTs mentioned in the WHERE clause and
+        // Add USAGE privilege for all CASTs to UDTs mentioned in the WHERE clause and
         // on the right side of SET operators.
         //
-        addUDTUsagePriv( allValueNodes );
-
+        for ( CastNode value : allCastNodes )
+        {
+            addUDTUsagePriv( value );
+        }
     } // end of bind()
 
     @Override
@@ -713,28 +714,28 @@ public final class UpdateNode extends DM
     }
 
     /**
-     * Collect all of the ValueNodes in the WHERE clause and on the right side
+     * Collect all of the CastNodes in the WHERE clause and on the right side
      * of SET operators. Later on, we will need to add permissions for all UDTs
      * mentioned by these nodes.
      */
-    private List<ValueNode>    collectAllValueNodes()
+    private List<CastNode>    collectAllCastNodes()
         throws StandardException
     {
-        CollectNodesVisitor<ValueNode> getValues =
-            new CollectNodesVisitor<ValueNode>(ValueNode.class);
+        CollectNodesVisitor<CastNode> getCasts =
+            new CollectNodesVisitor<CastNode>(CastNode.class);
 
         // process the WHERE clause
         ValueNode   whereClause = ((SelectNode) resultSet).whereClause;
-        if ( whereClause != null ) { whereClause.accept( getValues ); }
+        if ( whereClause != null ) { whereClause.accept( getCasts ); }
 
         // process the right sides of the SET operators
         ResultColumnList    rcl = resultSet.getResultColumns();
         for ( int i = 0; i < rcl.size(); i++ )
         {
-            rcl.elementAt( i ).getExpression().accept( getValues );
+            rcl.elementAt( i ).getExpression().accept( getCasts );
         }
 
-        return getValues.getList();
+        return getCasts.getList();
     }
 
     /**

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/GrantRevokeDDLTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/GrantRevokeDDLTest.java?rev=1574566&r1=1574565&r2=1574566&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/GrantRevokeDDLTest.java
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/GrantRevokeDDLTest.java
Wed Mar  5 16:38:40 2014
@@ -10865,12 +10865,6 @@ public final class GrantRevokeDDLTest ex
             "    test_dbo.whereFunction_6429( whereColumn, 'foo' ) >\n" +
             "    ( select test_dbo.whereAggregate_6429( a ) from test_dbo.whereTable_6429
)\n";
 
-        // fails because ruth does not have USAGE permission on SelectHashMap_6429 and WhereHashMap_6429
-        expectExecutionError( ruthConnection, NO_GENERIC_PERMISSION, update );
-
-        // armed with those permissions, ruth can execute the update
-        grant_6429( dboConnection, "usage on type SelectHashMap_6429" );
-        grant_6429( dboConnection, "usage on type WhereHashMap_6429" );
         goodStatement( ruthConnection, update );
 
         //
@@ -11153,12 +11147,6 @@ public final class GrantRevokeDDLTest ex
             "    test_dbo.whereFunction_6429_2( whereColumn, 'foo' ) >\n" +
             "    ( select test_dbo.whereAggregate_6429_2( whereViewCol ) from test_dbo.whereView_6429_2
)\n";
 
-        // fails because ruth does not have USAGE permission on SelectHashMap_6429_2 and
WhereHashMap_6429_2
-        expectExecutionError( ruthConnection, NO_GENERIC_PERMISSION, update );
-
-        // armed with those permissions, ruth can execute the update
-        grant_6429( dboConnection, "usage on type SelectHashMap_6429_2" );
-        grant_6429( dboConnection, "usage on type WhereHashMap_6429_2" );
         goodStatement( ruthConnection, update );
 
         //
@@ -11396,12 +11384,6 @@ public final class GrantRevokeDDLTest ex
             "where test_dbo.whereFunction_6429_3( whereColumn, 'foo' ) >\n" +
             "    ( select test_dbo.whereAggregate_6429_3( x ) from table ( test_dbo.whereTableFunction_6429_3()
) wtf )\n";
 
-        // fails because ruth does not have USAGE permission on SelectHashMap_6429_2 and
WhereHashMap_6429_2
-        expectExecutionError( ruthConnection, NO_GENERIC_PERMISSION, update );
-
-        // armed with those permissions, ruth can execute the update
-        grant_6429( dboConnection, "usage on type SelectHashMap_6429_3" );
-        grant_6429( dboConnection, "usage on type WhereHashMap_6429_3" );
         goodStatement( ruthConnection, update );
 
         //

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/MergeStatementTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/MergeStatementTest.java?rev=1574566&r1=1574565&r2=1574566&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/MergeStatementTest.java
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/MergeStatementTest.java
Wed Mar  5 16:38:40 2014
@@ -6566,6 +6566,346 @@ public class MergeStatementTest extends 
         goodStatement( dboConnection, "drop type OnClauseType_046 restrict" );
     }
     
+    /**
+     * <p>
+     * Verify privileges needed for UPDATE actions.
+     * </p>
+     */
+    public  void    test_047_updatePrivileges()
+        throws Exception
+    {
+        Connection  dboConnection = openUserConnection( TEST_DBO );
+        Connection  ruthConnection = openUserConnection( RUTH );
+
+        //
+        // create schema
+        //
+        goodStatement
+            (
+             dboConnection,
+             "create type SourceOnClauseType_047 external name 'java.util.HashMap' language
java"
+             );
+        goodStatement
+            (
+             dboConnection,
+             "create type SourceMatchingClauseType_047 external name 'java.util.HashMap'
language java"
+             );
+        goodStatement
+            (
+             dboConnection,
+             "create type SourceValueType_047 external name 'java.util.HashMap' language
java"
+             );
+        goodStatement
+            (
+             dboConnection,
+             "create type TargetValueType_047 external name 'java.util.HashMap' language
java"
+             );
+        goodStatement
+            (
+             dboConnection,
+             "create type TargetValueInputType_047 external name 'java.util.HashMap' language
java"
+             );
+        goodStatement
+            (
+             dboConnection,
+             "create type BeforeTriggerType_047 external name 'java.util.HashMap' language
java"
+             );
+        goodStatement
+            (
+             dboConnection,
+             "create type AfterTriggerType_047 external name 'java.util.HashMap' language
java"
+             );
+        goodStatement
+            (
+             dboConnection,
+             "create function sourceOnClauseFunction_047( hashMap SourceOnClauseType_047,
hashKey varchar( 32672 ) ) returns int\n" +
+             "language java parameter style java deterministic no sql\n" +
+             "external name 'org.apache.derbyTesting.functionTests.tests.lang.UDTTest.getIntValue'\n"
+             );
+        goodStatement
+            (
+             dboConnection,
+             "create function sourceMatchingClauseFunction_047( hashMap SourceMatchingClauseType_047,
hashKey varchar( 32672 ) ) returns int\n"  +
+             "language java parameter style java deterministic no sql\n" +
+             "external name 'org.apache.derbyTesting.functionTests.tests.lang.UDTTest.getIntValue'\n"
+             );
+        goodStatement
+            (
+             dboConnection,
+             "create function sourceValueFunction_047( hashMap SourceValueType_047, hashKey
varchar( 32672 ) ) returns int\n" +
+             "language java parameter style java deterministic no sql\n" +
+             "external name 'org.apache.derbyTesting.functionTests.tests.lang.UDTTest.getIntValue'\n"
+             );
+        goodStatement
+            (
+             dboConnection,
+             "create function targetValueInputFunction_047( hashMap TargetValueInputType_047,
hashKey varchar( 32672 ) ) returns int\n" +
+             "language java parameter style java deterministic no sql\n" +
+             "external name 'org.apache.derbyTesting.functionTests.tests.lang.UDTTest.getIntValue'\n"
+             );
+        goodStatement
+            (
+             dboConnection,
+             "create function targetValueFunction_047( hashKey varchar( 32672 ), hashValue
int ) returns TargetValueType_047\n" +
+             "language java parameter style java deterministic no sql\n" +
+             "external name 'org.apache.derbyTesting.functionTests.tests.lang.UDTTest.makeHashMap'\n"
+             );
+        goodStatement
+            (
+             dboConnection,
+             "create function beforeTriggerFunction_047( hashMap BeforeTriggerType_047, hashKey
varchar( 32672 ) ) returns int\n" +
+             "language java parameter style java deterministic no sql\n" +
+             "external name 'org.apache.derbyTesting.functionTests.tests.lang.UDTTest.getIntValue'\n"
+             );
+        goodStatement
+            (
+             dboConnection,
+             "create function afterTriggerFunction_047( hashMap AfterTriggerType_047, hashKey
varchar( 32672 ) ) returns int\n" +
+             "language java parameter style java deterministic no sql\n" +
+             "external name 'org.apache.derbyTesting.functionTests.tests.lang.UDTTest.getIntValue'\n"
+             );
+        goodStatement
+            (
+             dboConnection,
+             "create procedure addHistoryRow_047\n" +
+             "(\n" +
+             "    actionString varchar( 20 ),\n" +
+             "    actionValue int\n" +
+             ")\n" +
+             "language java parameter style java reads sql data\n" +
+             "external name 'org.apache.derbyTesting.functionTests.tests.lang.MergeStatementTest.addHistoryRow'\n"
+             );
+        goodStatement
+            (
+             dboConnection,
+             "create table primaryTable_047\n" +
+             "(\n" +
+             "    key1 int primary key\n" +
+             ")\n"
+             );
+        goodStatement
+            (
+             dboConnection,
+             "create table sourceTable_047\n" +
+             "(\n" +
+             "    sourceUnreferencedColumn int,\n" +
+             "    sourceOnClauseColumn SourceOnClauseType_047,\n" +
+             "    sourceMatchingClauseColumn SourceMatchingClauseType_047,\n" +
+             "    sourceValueColumn SourceValueType_047\n" +
+             ")\n"
+             );
+        goodStatement
+            (
+             dboConnection,
+             "create table targetTable_047\n" +
+             "(\n" +
+             "    privateForeignColumn int references primaryTable_047( key1 ),\n" +
+             "    privatePrimaryColumn int primary key,\n" +
+             "    privateBeforeTriggerSource BeforeTriggerType_047,\n" +
+             "    privateAfterTriggerSource AfterTriggerType_047,\n" +
+             "    targetOnClauseColumn int,\n" +
+             "    targetMatchingClauseColumn int,\n" +
+             "    targetValueInputColumn TargetValueInputType_047,\n" +
+             "    targetValueColumn TargetValueType_047\n" +
+             ")\n"
+             );
+        goodStatement
+            (
+             dboConnection,
+             "create table foreignTable_047\n" +
+             "(\n" +
+             "    key1 int references targetTable_047( privatePrimaryColumn )\n" +
+             ")\n"
+             );
+        goodStatement
+            (
+             dboConnection,
+             "create trigger beforeUpdateTrigger_047\n" +
+             "no cascade before update on targetTable_047\n" +
+             "referencing new as new\n" +
+             "for each row\n" +
+             "call addHistoryRow_047( 'before', beforeTriggerFunction_047( new.privateBeforeTriggerSource,
'foo' ) )\n"
+             );
+        goodStatement
+            (
+             dboConnection,
+             "create trigger afterUpdateTrigger_047\n" +
+             "after update on targetTable_047\n" +
+             "referencing new as new\n" +
+             "for each row\n" +
+             "call addHistoryRow_047( 'after', afterTriggerFunction_047( new.privateAfterTriggerSource,
'foo' ) )\n"
+             );
+
+        //
+        // Privileges
+        //
+        Permission[]    permissions = new Permission[]
+        {
+            new Permission( "update ( targetValueColumn ) on targetTable_047", LACK_COLUMN_PRIV
),
+            new Permission( "execute on function sourceOnClauseFunction_047", NO_GENERIC_PERMISSION
),
+            new Permission( "execute on function sourceMatchingClauseFunction_047", NO_GENERIC_PERMISSION
),
+            new Permission( "execute on function sourceValueFunction_047", NO_GENERIC_PERMISSION
),
+            new Permission( "execute on function targetValueInputFunction_047", NO_GENERIC_PERMISSION
),
+            new Permission( "execute on function targetValueFunction_047", NO_GENERIC_PERMISSION
),
+            new Permission( "select ( sourceOnClauseColumn ) on sourceTable_047", NO_SELECT_OR_UPDATE_PERMISSION
),
+            new Permission( "select ( sourceMatchingClauseColumn ) on sourceTable_047", NO_SELECT_OR_UPDATE_PERMISSION
),
+            new Permission( "select ( sourceValueColumn ) on sourceTable_047", NO_SELECT_OR_UPDATE_PERMISSION
),
+            new Permission( "select ( targetOnClauseColumn ) on targetTable_047", NO_SELECT_OR_UPDATE_PERMISSION
),
+            new Permission( "select ( targetMatchingClauseColumn ) on targetTable_047", NO_SELECT_OR_UPDATE_PERMISSION
),
+            new Permission( "select ( targetValueInputColumn ) on targetTable_047", NO_SELECT_OR_UPDATE_PERMISSION
),
+        };
+        for ( Permission permission : permissions )
+        {
+            grantPermission( dboConnection, permission.text );
+        }
+
+        //
+        // Try adding and dropping privileges.
+        //
+        String  mergeStatement =
+            "merge into test_dbo.targetTable_047\n" +
+            "using test_dbo.sourceTable_047\n" +
+            "on targetOnClauseColumn = test_dbo.sourceOnClauseFunction_047( sourceOnClauseColumn,
'foo' )\n" +
+            "when matched\n" +
+            "  and targetMatchingClauseColumn = test_dbo.sourceMatchingClauseFunction_047(
sourceMatchingClauseColumn, 'foo' )\n" +
+            "     then update set targetValueColumn =\n" +
+            "     test_dbo.targetValueFunction_047\n" +
+            "     (\n" +
+            "        'foo',\n" +
+            "        test_dbo.sourceValueFunction_047( sourceValueColumn, 'foo' ) +\n" +
+            "        test_dbo.targetValueInputFunction_047( targetValueInputColumn, 'foo'
)\n" +
+            "     )\n"
+            ;
+
+        // ruth can execute the MERGE statement
+        expectExecutionWarning( ruthConnection, NO_ROWS_AFFECTED, mergeStatement );
+        
+        //
+        // Verify that revoking each permission in isolation raises
+        // the correct error.
+        //
+        for ( Permission permission : permissions )
+        {
+            vetPermission( permission, dboConnection, ruthConnection, mergeStatement );
+        }
+        
+        //
+        // drop schema
+        //
+        goodStatement( dboConnection, "drop table foreignTable_047" );
+        goodStatement( dboConnection, "drop table targetTable_047" );
+        goodStatement( dboConnection, "drop table sourceTable_047" );
+        goodStatement( dboConnection, "drop table primaryTable_047" );
+        goodStatement( dboConnection, "drop procedure addHistoryRow_047" );
+        goodStatement( dboConnection, "drop function afterTriggerFunction_047" );
+        goodStatement( dboConnection, "drop function beforeTriggerFunction_047" );
+        goodStatement( dboConnection, "drop function targetValueFunction_047" );
+        goodStatement( dboConnection, "drop function targetValueInputFunction_047" );
+        goodStatement( dboConnection, "drop function sourceValueFunction_047" );
+        goodStatement( dboConnection, "drop function sourceMatchingClauseFunction_047" );
+        goodStatement( dboConnection, "drop function sourceOnClauseFunction_047" );
+        goodStatement( dboConnection, "drop type AfterTriggerType_047 restrict" );
+        goodStatement( dboConnection, "drop type BeforeTriggerType_047 restrict" );
+        goodStatement( dboConnection, "drop type TargetValueInputType_047 restrict" );
+        goodStatement( dboConnection, "drop type TargetValueType_047 restrict" );
+        goodStatement( dboConnection, "drop type SourceValueType_047 restrict" );
+        goodStatement( dboConnection, "drop type SourceMatchingClauseType_047 restrict" );
+        goodStatement( dboConnection, "drop type SourceOnClauseType_047 restrict" );
+    }
+    
+    /**
+     * <p>
+     * Verify privileges needed for CASTs involving UPDATE actions.
+     * </p>
+     */
+    public  void    test_048_updateUdtCasts()
+        throws Exception
+    {
+        Connection  dboConnection = openUserConnection( TEST_DBO );
+        Connection  ruthConnection = openUserConnection( RUTH );
+
+        //
+        // create schema
+        //
+        goodStatement
+            (
+             dboConnection,
+             "create type SourceOnClauseType_048 external name 'java.util.HashMap' language
java"
+             );
+        goodStatement
+            (
+             dboConnection,
+             "create type SourceMatchingClauseType_048 external name 'java.util.HashMap'
language java"
+             );
+        goodStatement
+            (
+             dboConnection,
+             "create type TargetValueType_048 external name 'java.util.HashMap' language
java"
+             );
+        goodStatement
+            (
+             dboConnection,
+             "create table sourceTable_048\n" +
+             "(\n" +
+             "    sourceUnreferencedColumn int\n" +
+             ")\n"
+             );
+        goodStatement
+            (
+             dboConnection,
+             "create table targetTable_048\n" +
+             "(\n" +
+             "    targetValueColumn TargetValueType_048\n" +
+             ")\n"
+             );
+
+        //
+        // Privileges
+        //
+        goodStatement
+            (
+             dboConnection,
+             "grant update ( targetValueColumn ) on targetTable_048 to ruth"
+             );
+        goodStatement
+            (
+             dboConnection,
+             "grant select on sourceTable_048 to ruth"
+             );
+
+        // the statement
+        String  updateStatement =
+            "merge into test_dbo.targetTable_048\n" +
+            "using test_dbo.sourceTable_048\n" +
+            "on cast( null as test_dbo.SourceOnClauseType_048 ) is not null\n" +
+            "when matched and cast( null as test_dbo.SourceMatchingClauseType_048 ) is not
null\n" +
+            "     then update set targetValueColumn = cast( null as test_dbo.TargetValueType_048
)\n";
+
+        // fails because ruth doesn't have USAGE priv on SourceMatchingClauseType_048
+        expectExecutionError( ruthConnection, NO_GENERIC_PERMISSION, updateStatement );
+        goodStatement( dboConnection, "grant usage on type SourceMatchingClauseType_048 to
ruth" );
+
+        // fails because ruth doesn't have USAGE priv on TargetValueType_048
+        expectExecutionError( ruthConnection, NO_GENERIC_PERMISSION, updateStatement );
+        goodStatement( dboConnection, "grant usage on type TargetValueType_048 to ruth" );
+
+        // fails because ruth doesn't have USAGE priv on SourceOnClauseType_048
+        expectExecutionError( ruthConnection, NO_GENERIC_PERMISSION, updateStatement );
+        goodStatement( dboConnection, "grant usage on type SourceOnClauseType_048 to ruth"
);
+
+        // now ruth can run the MERGE statement
+        goodStatement( ruthConnection, updateStatement );
+
+        //
+        // drop schema
+        //
+        goodStatement( dboConnection, "drop table targetTable_048" );
+        goodStatement( dboConnection, "drop table sourceTable_048" );
+        goodStatement( dboConnection, "drop type TargetValueType_048 restrict" );
+        goodStatement( dboConnection, "drop type SourceMatchingClauseType_048 restrict" );
+        goodStatement( dboConnection, "drop type SourceOnClauseType_048 restrict" );
+    }
+    
     ///////////////////////////////////////////////////////////////////////////////////
     //
     // ROUTINES



Mime
View raw message