Class StatementColumnPermission
- java.lang.Object
-
- org.apache.derby.iapi.sql.dictionary.StatementPermission
-
- org.apache.derby.iapi.sql.dictionary.StatementTablePermission
-
- org.apache.derby.iapi.sql.dictionary.StatementColumnPermission
-
public class StatementColumnPermission extends StatementTablePermission
This class describes a column permission used (required) by a statement.
-
-
Field Summary
Fields Modifier and Type Field Description private FormatableBitSet
columns
-
Fields inherited from class org.apache.derby.iapi.sql.dictionary.StatementTablePermission
privType, tableUUID
-
-
Constructor Summary
Constructors Constructor Description StatementColumnPermission(UUID tableUUID, int privType, FormatableBitSet columns)
Constructor for StatementColumnPermission.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description private FormatableBitSet
addPermittedColumns(DataDictionary dd, boolean forGrant, java.lang.String authorizationId, FormatableBitSet permittedColumns)
Add one user's set of permitted columns to a list of permitted columns.boolean
allColumnsCoveredByUserOrPUBLIC(java.lang.String authid, DataDictionary dd)
Returns false if the current role is necessary to cover the necessary permission(s).void
check(LanguageConnectionContext lcc, boolean forGrant, Activation activation)
boolean
equals(java.lang.Object obj)
Method to check if another instance of column access descriptor matches this.FormatableBitSet
getColumns()
Return list of columns that need accessPermissionsDescriptor
getPermissionDescriptor(java.lang.String authid, DataDictionary dd)
Get the PermissionsDescriptor for the passed authorization id for this object.PermissionsDescriptor
getPUBLIClevelColPermsDescriptor(java.lang.String authid, DataDictionary dd)
This method gets called in execution phase after it is established that all the required privileges exist for the given sql.java.lang.String
toString()
private FormatableBitSet
tryRole(LanguageConnectionContext lcc, DataDictionary dd, boolean forGrant, java.lang.String r)
Try to use the supplied role r to see what column privileges are we entitled to.-
Methods inherited from class org.apache.derby.iapi.sql.dictionary.StatementTablePermission
getPrivName, getPrivType, getTableDescriptor, getTableUUID, hashCode, hasPermissionOnTable, oneAuthHasPermissionOnTable
-
Methods inherited from class org.apache.derby.iapi.sql.dictionary.StatementPermission
genericCheck, getObjectType, getPrivilegedObject, isCorrectPermission
-
-
-
-
Field Detail
-
columns
private FormatableBitSet columns
-
-
Constructor Detail
-
StatementColumnPermission
public StatementColumnPermission(UUID tableUUID, int privType, FormatableBitSet columns)
Constructor for StatementColumnPermission. Creates an instance of column permission requested for the given access.- Parameters:
tableUUID
- UUID of the tableprivType
- Access privilege requestedcolumns
- List of columns
-
-
Method Detail
-
getColumns
public FormatableBitSet getColumns()
Return list of columns that need access- Returns:
- FormatableBitSet of columns
-
equals
public boolean equals(java.lang.Object obj)
Method to check if another instance of column access descriptor matches this. Used to ensure only one access descriptor for a table/columns of given privilege is created.- Overrides:
equals
in classStatementTablePermission
- Parameters:
obj
- Another instance of StatementPermission- Returns:
- true if match
-
check
public void check(LanguageConnectionContext lcc, boolean forGrant, Activation activation) throws StandardException
- Overrides:
check
in classStatementTablePermission
- Parameters:
lcc
- LanguageConnectionContextactivation
- activation for statement needing check- Throws:
StandardException
- if the permission has not been granted- See Also:
StatementPermission.check(org.apache.derby.iapi.sql.conn.LanguageConnectionContext, boolean, org.apache.derby.iapi.sql.Activation)
-
addPermittedColumns
private FormatableBitSet addPermittedColumns(DataDictionary dd, boolean forGrant, java.lang.String authorizationId, FormatableBitSet permittedColumns) throws StandardException
Add one user's set of permitted columns to a list of permitted columns.- Throws:
StandardException
-
getPermissionDescriptor
public PermissionsDescriptor getPermissionDescriptor(java.lang.String authid, DataDictionary dd) throws StandardException
Description copied from class:StatementPermission
Get the PermissionsDescriptor for the passed authorization id for this object. This method gets called during the execution phase of create view/constraint/trigger. The return value of this method is saved in dependency system to keep track of views/constraints/triggers dependencies on required permissions. This happens in execution phase after it has been established that passed authorization id has all the permissions it needs to create that view/constraint/trigger. Which means that we can only get to writing into dependency system once all the required privileges are confirmed.- Overrides:
getPermissionDescriptor
in classStatementTablePermission
- Parameters:
authid
- AuthorizationIddd
- DataDictionary- Returns:
- PermissionsDescriptor The PermissionsDescriptor for the passed authorization id on this object
- Throws:
StandardException
- See Also:
StatementPermission.getPermissionDescriptor(java.lang.String, org.apache.derby.iapi.sql.dictionary.DataDictionary)
-
getPUBLIClevelColPermsDescriptor
public PermissionsDescriptor getPUBLIClevelColPermsDescriptor(java.lang.String authid, DataDictionary dd) throws StandardException
This method gets called in execution phase after it is established that all the required privileges exist for the given sql. This method gets called by create view/trigger/constraint to record their dependency on various privileges. Special code is required to track column level privileges. It is possible that some column level privileges are available to the passed authorizer id but the rest required column level privileges are available at PUBLIC level. In this method, we check if all the required column level privileges are found for the passed authorizer. If yes, then simply return null, indicating that no dependency is required at PUBLIC level, because all the required privileges were found at the user level. But if some column level privileges are not available at user level, then they have to exist at the PUBLIC level when this method gets called.- Throws:
StandardException
-
allColumnsCoveredByUserOrPUBLIC
public boolean allColumnsCoveredByUserOrPUBLIC(java.lang.String authid, DataDictionary dd) throws StandardException
Returns false if the current role is necessary to cover the necessary permission(s).- Parameters:
authid
- authentication id of the current userdd
- data dictionary- Returns:
- false if the current role is required
- Throws:
StandardException
-
tryRole
private FormatableBitSet tryRole(LanguageConnectionContext lcc, DataDictionary dd, boolean forGrant, java.lang.String r) throws StandardException
Try to use the supplied role r to see what column privileges are we entitled to.- Parameters:
lcc
- language connection contextdd
- data dictionaryforGrant
- true of a GRANTable permission is soughtr
- the role to inspect to see if it can supply the required privileges return the set of columns on which we have privileges through this role- Throws:
StandardException
-
toString
public java.lang.String toString()
- Overrides:
toString
in classStatementTablePermission
-
-