Class RoleClosureIteratorImpl
- java.lang.Object
-
- org.apache.derby.impl.sql.catalog.RoleClosureIteratorImpl
-
- All Implemented Interfaces:
RoleClosureIterator
public class RoleClosureIteratorImpl extends java.lang.Object implements RoleClosureIterator
Allows iterator over the role grant closure defined by the relationGRANT
role-aTO
role-b, or its inverse.The graph is represented as a
HashMap
where the key is the node and the value is a List grant descriptors representing outgoing arcs. The set constructed depends on whetherinverse
was specified in the constructor.- See Also:
RoleClosureIterator
-
-
Field Summary
Fields Modifier and Type Field Description private java.util.Iterator<RoleGrantDescriptor>
currNodeIter
Last node returned by next; a logical pointer into the arcs list of a node we are currently processing.private DataDictionaryImpl
dd
DataDictionaryImpl used to get closure graphprivate java.util.HashMap<java.lang.String,java.util.List<RoleGrantDescriptor>>
graph
Holds the grant graph.private boolean
initial
true before next is called the first timeprivate boolean
inverse
true if closure is inverse of GRANT role-a TO role-b.private java.util.List<RoleGrantDescriptor>
lifo
Holds discovered, but not yet handed out, roles in the closure.private java.lang.String
root
The role for which we compute the closure.private java.util.HashMap<java.lang.String,java.lang.Object>
seenSoFar
Holds roles seen so far when computing the closure.private TransactionController
tc
TransactionController used to get closure graph
-
Constructor Summary
Constructors Constructor Description RoleClosureIteratorImpl(java.lang.String root, boolean inverse, DataDictionaryImpl dd, TransactionController tc)
Constructor (package private).
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description java.lang.String
next()
Returns the next (as yet unreturned) role in the transitive closure of the grant or grant-1 relation.
-
-
-
Field Detail
-
inverse
private final boolean inverse
true if closure is inverse of GRANT role-a TO role-b.
-
seenSoFar
private java.util.HashMap<java.lang.String,java.lang.Object> seenSoFar
Holds roles seen so far when computing the closure.- Key: role name. Depending on value of
inverse
, the key represents and is compared againstroleName()
orgrantee()
of role descriptors visited. - Value: none
- Key: role name. Depending on value of
-
graph
private java.util.HashMap<java.lang.String,java.util.List<RoleGrantDescriptor>> graph
Holds the grant graph.- key: role name
- value: list of
RoleGrantDescriptor
, making up outgoing arcs in graph
-
lifo
private java.util.List<RoleGrantDescriptor> lifo
Holds discovered, but not yet handed out, roles in the closure.
-
currNodeIter
private java.util.Iterator<RoleGrantDescriptor> currNodeIter
Last node returned by next; a logical pointer into the arcs list of a node we are currently processing.
-
dd
private DataDictionaryImpl dd
DataDictionaryImpl used to get closure graph
-
tc
private TransactionController tc
TransactionController used to get closure graph
-
root
private java.lang.String root
The role for which we compute the closure.
-
initial
private boolean initial
true before next is called the first time
-
-
Constructor Detail
-
RoleClosureIteratorImpl
RoleClosureIteratorImpl(java.lang.String root, boolean inverse, DataDictionaryImpl dd, TransactionController tc)
Constructor (package private). UsecreateRoleClosureIterator
to obtain an instance.- Parameters:
root
- The role name for which to compute the closureinverse
- Iftrue
,graph
represents the grant-1 relation.dd
- data dictionarytc
- transaction controller- See Also:
DataDictionary.createRoleClosureIterator(org.apache.derby.iapi.store.access.TransactionController, java.lang.String, boolean)
-
-
Method Detail
-
next
public java.lang.String next() throws StandardException
Description copied from interface:RoleClosureIterator
Returns the next (as yet unreturned) role in the transitive closure of the grant or grant-1 relation. The grant relation forms a DAG (directed acyclic graph).Example: Assume a set of created roles forming nodes: {a1, a2, a3, b, c, d, e, f, h, j} Assume a set of GRANT statements forming arcs: GRANT a1 TO b; GRANT b TO e; GRANT e TO h; GRANT a1 TO c; GRANT e TO f; GRANT a2 TO c; GRANT c TO f; GRANT f TO h; GRANT a3 TO d; GRANT d TO f; GRANT a1 to j; a1 a2 a3 / | \ | | / b +--------> c d j | \ / e---+ \ / \ \ \ / \ \---------+ \ / \ \_ f \ / \ / \ / \ / \ / \ / h
An iterator on the inverse relation starting at h for the above grant graph will return:closure(h, grant-inv) = {h, e, b, a1, f, c, a2, d, a3}
An iterator on normal (not inverse) relation starting at a1 for the above grant graph will return:
closure(a1, grant) = {a1, b, j, e, h, f, c}
- Specified by:
next
in interfaceRoleClosureIterator
- Returns:
- a role name identifying a yet unseen node, or null if the closure is exhausted. The order in which the nodes are returned is not defined, except that the root is always returned first (h and a1 in the above examples).
- Throws:
StandardException
-
-