--- /dev/null
+/*\r
+\r
+ Derby - Class org.apache.derby.impl.sql.execute.RoutinePrivilegeInfo\r
+\r
+ Licensed to the Apache Software Foundation (ASF) under one or more\r
+ contributor license agreements. See the NOTICE file distributed with\r
+ this work for additional information regarding copyright ownership.\r
+ The ASF licenses this file to you under the Apache License, Version 2.0\r
+ (the "License"); you may not use this file except in compliance with\r
+ the License. You may obtain a copy of the License at\r
+\r
+ http://www.apache.org/licenses/LICENSE-2.0\r
+\r
+ Unless required by applicable law or agreed to in writing, software\r
+ distributed under the License is distributed on an "AS IS" BASIS,\r
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ See the License for the specific language governing permissions and\r
+ limitations under the License.\r
+\r
+ */\r
+\r
+package org.apache.derby.impl.sql.execute;\r
+\r
+import org.apache.derby.iapi.sql.Activation;\r
+import org.apache.derby.iapi.services.sanity.SanityManager;\r
+import org.apache.derby.iapi.sql.conn.LanguageConnectionContext;\r
+import org.apache.derby.iapi.store.access.TransactionController;\r
+import org.apache.derby.iapi.sql.depend.DependencyManager;\r
+import org.apache.derby.iapi.sql.dictionary.RoutinePermsDescriptor;\r
+import org.apache.derby.iapi.sql.dictionary.AliasDescriptor;\r
+import org.apache.derby.iapi.sql.dictionary.StatementRoutinePermission;\r
+import org.apache.derby.iapi.sql.dictionary.DataDictionary;\r
+import org.apache.derby.iapi.sql.dictionary.DataDescriptorGenerator;\r
+import org.apache.derby.iapi.error.StandardException;\r
+\r
+import java.util.Iterator;\r
+import java.util.List;\r
+\r
+public class RoutinePrivilegeInfo extends PrivilegeInfo\r
+{\r
+ private AliasDescriptor aliasDescriptor;\r
+\r
+ public RoutinePrivilegeInfo( AliasDescriptor aliasDescriptor)\r
+ {\r
+ this.aliasDescriptor = aliasDescriptor;\r
+ }\r
+ \r
+ /**\r
+ * This is the guts of the Execution-time logic for GRANT/REVOKE of a routine execute privilege\r
+ *\r
+ * @param activation\r
+ * @param grant true if grant, false if revoke\r
+ * @param grantees a list of authorization ids (strings)\r
+ *\r
+ * @exception StandardException Thrown on failure\r
+ */\r
+ public void executeGrantRevoke( Activation activation,\r
+ boolean grant,\r
+ List grantees)\r
+ throws StandardException\r
+ {\r
+ // Check that the current user has permission to grant the privileges.\r
+ LanguageConnectionContext lcc = activation.getLanguageConnectionContext();\r
+ DataDictionary dd = lcc.getDataDictionary();\r
+ String currentUser = lcc.getAuthorizationId();\r
+ TransactionController tc = lcc.getTransactionExecute();\r
+\r
+ // Check that the current user has permission to grant the privileges.\r
+ checkOwnership( currentUser,\r
+ aliasDescriptor,\r
+ dd.getSchemaDescriptor( aliasDescriptor.getSchemaUUID(), tc),\r
+ dd);\r
+ \r
+ DataDescriptorGenerator ddg = dd.getDataDescriptorGenerator();\r
+\r
+ RoutinePermsDescriptor routinePermsDesc = ddg.newRoutinePermsDescriptor( aliasDescriptor, currentUser);\r
+\r
+ dd.startWriting(lcc);\r
+ for( Iterator itr = grantees.iterator(); itr.hasNext();)\r
+ {\r
+ // Keep track to see if any privileges are revoked by a revoke \r
+ // statement. If a privilege is not revoked, we need to raise a\r
+ // warning.\r
+ boolean privileges_revoked = false;\r
+ String grantee = (String) itr.next();\r
+ if (dd.addRemovePermissionsDescriptor( grant, routinePermsDesc, grantee, tc)) \r
+ {\r
+ privileges_revoked = true; \r
+ //Derby currently supports only restrict form of revoke execute\r
+ //privilege and that is why, we are sending invalidation action \r
+ //as REVOKE_PRIVILEGE_RESTRICT rather than REVOKE_PRIVILEGE\r
+ dd.getDependencyManager().invalidateFor\r
+ (routinePermsDesc,\r
+ DependencyManager.REVOKE_PRIVILEGE_RESTRICT, lcc);\r
+\r
+ // When revoking a privilege from a Routine we need to\r
+ // invalidate all GPSs refering to it. But GPSs aren't\r
+ // Dependents of RoutinePermsDescr, but of the\r
+ // AliasDescriptor itself, so we must send\r
+ // INTERNAL_RECOMPILE_REQUEST to the AliasDescriptor's\r
+ // Dependents.\r
+ dd.getDependencyManager().invalidateFor\r
+ (aliasDescriptor,\r
+ DependencyManager.INTERNAL_RECOMPILE_REQUEST, lcc);\r
+ }\r
+ \r
+ addWarningIfPrivilegeNotRevoked(activation, grant, privileges_revoked, grantee);\r
+ }\r
+ } // end of executeConstantAction\r
+}\r