--- /dev/null
+/*\r
+\r
+ Derby - Class org.apache.derby.iapi.sql.dictionary.StatementRoutinePermission\r
+\r
+ Licensed to the Apache Software Foundation (ASF) under one or more\r
+ contributor license agreements. See the NOTICE file distributed with\r
+ this work for additional information regarding copyright ownership.\r
+ The ASF licenses this file to you under the Apache License, Version 2.0\r
+ (the "License"); you may not use this file except in compliance with\r
+ the License. You may obtain a copy of the License at\r
+\r
+ http://www.apache.org/licenses/LICENSE-2.0\r
+\r
+ Unless required by applicable law or agreed to in writing, software\r
+ distributed under the License is distributed on an "AS IS" BASIS,\r
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ See the License for the specific language governing permissions and\r
+ limitations under the License.\r
+\r
+ */\r
+\r
+package org.apache.derby.iapi.sql.dictionary;\r
+\r
+import org.apache.derby.iapi.error.StandardException;\r
+import org.apache.derby.iapi.sql.conn.Authorizer;\r
+import org.apache.derby.iapi.reference.SQLState;\r
+import org.apache.derby.iapi.sql.dictionary.SchemaDescriptor;\r
+import org.apache.derby.iapi.sql.conn.LanguageConnectionContext;\r
+import org.apache.derby.iapi.store.access.TransactionController;\r
+import org.apache.derby.iapi.services.sanity.SanityManager;\r
+\r
+/**\r
+ * This class describes a schema permission required by a statement.\r
+ */\r
+\r
+public class StatementSchemaPermission extends StatementPermission\r
+{\r
+ /**\r
+ * The schema name \r
+ */\r
+ private String schemaName;\r
+ /**\r
+ * Authorization id\r
+ */\r
+ private String aid; \r
+ /** \r
+ * One of Authorizer.CREATE_SCHEMA_PRIV, MODIFY_SCHEMA_PRIV, \r
+ * DROP_SCHEMA_PRIV, etc.\r
+ */ \r
+ private int privType; \r
+\r
+ public StatementSchemaPermission(String schemaName, String aid, int privType)\r
+ {\r
+ this.schemaName = schemaName;\r
+ this.aid = aid;\r
+ this.privType = privType;\r
+ }\r
+\r
+ /**\r
+ * @see StatementPermission#check\r
+ */\r
+ public void check( LanguageConnectionContext lcc,\r
+ String authid,\r
+ boolean forGrant) throws StandardException\r
+ {\r
+ DataDictionary dd = lcc.getDataDictionary();\r
+ TransactionController tc = lcc.getTransactionExecute();\r
+ \r
+ switch ( privType )\r
+ {\r
+ case Authorizer.MODIFY_SCHEMA_PRIV:\r
+ case Authorizer.DROP_SCHEMA_PRIV:\r
+ SchemaDescriptor sd = dd.getSchemaDescriptor(schemaName, tc, false);\r
+ // If schema hasn't been created already, no need to check\r
+ // for drop schema, an exception will be thrown if the schema \r
+ // does not exists.\r
+ if (sd == null)\r
+ return;\r
+\r
+ if (!authid.equals(sd.getAuthorizationId()))\r
+ throw StandardException.newException(\r
+ SQLState.AUTH_NO_ACCESS_NOT_OWNER, authid, schemaName);\r
+ break;\r
+ \r
+ case Authorizer.CREATE_SCHEMA_PRIV:\r
+ // Non-DBA Users can only create schemas that match their authid\r
+ // Also allow only DBA to set authid to another user\r
+ // Note that for DBA, check interface wouldn't be called at all\r
+ if ( !schemaName.equals(authid) || \r
+ (aid != null && !aid.equals(authid)) )\r
+ throw StandardException.newException(\r
+ SQLState.AUTH_NOT_DATABASE_OWNER, authid, schemaName);\r
+ break;\r
+ \r
+ default:\r
+ if (SanityManager.DEBUG)\r
+ {\r
+ SanityManager.THROWASSERT(\r
+ "Unexpected value (" + privType + ") for privType");\r
+ }\r
+ break;\r
+ }\r
+ }\r
+\r
+ /**\r
+ * Schema level permission is never required as list of privileges required\r
+ * for triggers/constraints/views and hence we don't do any work here, but\r
+ * simply return null\r
+ * \r
+ * @see StatementPermission#check\r
+ */\r
+ public PermissionsDescriptor getPermissionDescriptor(String authid, DataDictionary dd)\r
+ throws StandardException\r
+ {\r
+ return null;\r
+ }\r
+}\r