--- /dev/null
+/*\r
+\r
+ Derby - Class org.apache.derby.iapi.sql.dictionary.StatementTablePermission\r
+\r
+ Licensed to the Apache Software Foundation (ASF) under one or more\r
+ contributor license agreements. See the NOTICE file distributed with\r
+ this work for additional information regarding copyright ownership.\r
+ The ASF licenses this file to you under the Apache License, Version 2.0\r
+ (the "License"); you may not use this file except in compliance with\r
+ the License. You may obtain a copy of the License at\r
+\r
+ http://www.apache.org/licenses/LICENSE-2.0\r
+\r
+ Unless required by applicable law or agreed to in writing, software\r
+ distributed under the License is distributed on an "AS IS" BASIS,\r
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ See the License for the specific language governing permissions and\r
+ limitations under the License.\r
+\r
+ */\r
+\r
+package org.apache.derby.iapi.sql.dictionary;\r
+\r
+import org.apache.derby.iapi.error.StandardException;\r
+import org.apache.derby.catalog.UUID;\r
+import org.apache.derby.iapi.sql.conn.Authorizer;\r
+import org.apache.derby.iapi.sql.conn.LanguageConnectionContext;\r
+import org.apache.derby.iapi.reference.SQLState;\r
+\r
+/**\r
+ * This class describes a table permission required by a statement.\r
+ */\r
+\r
+public class StatementTablePermission extends StatementPermission\r
+{\r
+ UUID tableUUID;\r
+ int privType; // One of Authorizer.SELECT_PRIV, UPDATE_PRIV, etc.\r
+\r
+ /**\r
+ * Constructor for StatementTablePermission. Creates an instance of\r
+ * table permission requested for the given access.\r
+ * \r
+ * @param tableUUID UUID of the table\r
+ * @param privType Access privilege requested\r
+ *\r
+ */\r
+ public StatementTablePermission(UUID tableUUID, int privType)\r
+ {\r
+ this.tableUUID = tableUUID;\r
+ this.privType = privType;\r
+ }\r
+\r
+ /**\r
+ * Return privilege access requested for this access descriptor\r
+ *\r
+ * @return Privilege access\r
+ */\r
+ public int getPrivType()\r
+ {\r
+ return privType;\r
+ }\r
+\r
+ /**\r
+ * Return table UUID for this access descriptor\r
+ *\r
+ * @return Table UUID\r
+ */\r
+ public UUID getTableUUID()\r
+ {\r
+ return tableUUID;\r
+ }\r
+\r
+ /**\r
+ * Routine to check if another instance of access descriptor matches this.\r
+ * Used to ensure only one access descriptor for a table of given privilege is created.\r
+ * Otherwise, every column reference from a table may create a descriptor for that table.\r
+ *\r
+ * @param obj Another instance of StatementPermission\r
+ *\r
+ * @return true if match\r
+ */\r
+ public boolean equals( Object obj)\r
+ {\r
+ if( obj == null)\r
+ return false;\r
+ if( getClass().equals( obj.getClass()))\r
+ {\r
+ StatementTablePermission other = (StatementTablePermission) obj;\r
+ return privType == other.privType && tableUUID.equals( other.tableUUID);\r
+ }\r
+ return false;\r
+ } // end of equals\r
+\r
+ /**\r
+ * Return hash code for this instance\r
+ *\r
+ * @return Hashcode\r
+ *\r
+ */\r
+ public int hashCode()\r
+ {\r
+ return privType + tableUUID.hashCode();\r
+ }\r
+ \r
+ /**\r
+ * @see StatementPermission#check\r
+ */\r
+ public void check( LanguageConnectionContext lcc,\r
+ String authorizationId,\r
+ boolean forGrant)\r
+ throws StandardException\r
+ {\r
+ DataDictionary dd = lcc.getDataDictionary();\r
+ \r
+ if( ! hasPermissionOnTable( dd, authorizationId, forGrant))\r
+ {\r
+ TableDescriptor td = getTableDescriptor( dd);\r
+ throw StandardException.newException( forGrant ? SQLState.AUTH_NO_TABLE_PERMISSION_FOR_GRANT\r
+ : SQLState.AUTH_NO_TABLE_PERMISSION,\r
+ authorizationId,\r
+ getPrivName(),\r
+ td.getSchemaName(),\r
+ td.getName());\r
+ }\r
+ } // end of check\r
+\r
+ protected TableDescriptor getTableDescriptor(DataDictionary dd) throws StandardException\r
+ {\r
+ TableDescriptor td = dd.getTableDescriptor( tableUUID);\r
+ if( td == null)\r
+ throw StandardException.newException(SQLState.AUTH_INTERNAL_BAD_UUID, "table");\r
+ return td;\r
+ } // end of getTableDescriptor\r
+\r
+ /*\r
+ * Check if authorizationId has permission on the table\r
+ */\r
+ protected boolean hasPermissionOnTable(DataDictionary dd, String authorizationId, boolean forGrant)\r
+ throws StandardException\r
+ {\r
+ return oneAuthHasPermissionOnTable( dd, Authorizer.PUBLIC_AUTHORIZATION_ID, forGrant)\r
+ || oneAuthHasPermissionOnTable( dd, authorizationId, forGrant);\r
+ }\r
+\r
+ protected boolean oneAuthHasPermissionOnTable(DataDictionary dd, String authorizationId, boolean forGrant)\r
+ throws StandardException\r
+ {\r
+ TablePermsDescriptor perms = dd.getTablePermissions( tableUUID, authorizationId);\r
+ if( perms == null)\r
+ return false;\r
+ \r
+ String priv = null;\r
+ \r
+ switch( privType)\r
+ {\r
+ case Authorizer.SELECT_PRIV:\r
+ priv = perms.getSelectPriv();\r
+ break;\r
+ case Authorizer.UPDATE_PRIV:\r
+ priv = perms.getUpdatePriv();\r
+ break;\r
+ case Authorizer.REFERENCES_PRIV:\r
+ priv = perms.getReferencesPriv();\r
+ break;\r
+ case Authorizer.INSERT_PRIV:\r
+ priv = perms.getInsertPriv();\r
+ break;\r
+ case Authorizer.DELETE_PRIV:\r
+ priv = perms.getDeletePriv();\r
+ break;\r
+ case Authorizer.TRIGGER_PRIV:\r
+ priv = perms.getTriggerPriv();\r
+ break;\r
+ }\r
+\r
+ return "Y".equals(priv) || (!forGrant) && "y".equals( priv);\r
+ } // end of hasPermissionOnTable\r
+\r
+ /**\r
+ * @see StatementPermission#getPermissionDescriptor\r
+ */\r
+ public PermissionsDescriptor getPermissionDescriptor(String authid, DataDictionary dd)\r
+ throws StandardException\r
+ {\r
+ //if the required type of privilege exists for the given authorizer,\r
+ //then pass the permission descriptor for it.\r
+ if (oneAuthHasPermissionOnTable( dd, authid, false))\r
+ return dd.getTablePermissions(tableUUID, authid);\r
+ else return null;\r
+ }\r
+\r
+ /**\r
+ * Return privilege needed for this access as string\r
+ *\r
+ * @return privilege string\r
+ */\r
+ public String getPrivName( )\r
+ {\r
+ switch( privType)\r
+ {\r
+ case Authorizer.SELECT_PRIV:\r
+ return "select";\r
+ case Authorizer.UPDATE_PRIV:\r
+ return "update";\r
+ case Authorizer.REFERENCES_PRIV:\r
+ return "references";\r
+ case Authorizer.INSERT_PRIV:\r
+ return "insert";\r
+ case Authorizer.DELETE_PRIV:\r
+ return "delete";\r
+ case Authorizer.TRIGGER_PRIV:\r
+ return "trigger";\r
+ }\r
+ return "?";\r
+ } // end of getPrivName\r
+}\r