Package com.mckoi.database
Class GrantManager
- java.lang.Object
-
- com.mckoi.database.GrantManager
-
public class GrantManager extends java.lang.Object
A class that manages the grants on a database for a given database connection and user.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description private static class
GrantManager.GrantQuery
Inner class that represents a grant query on a particular object, param and user name.
-
Field Summary
Fields Modifier and Type Field Description static int
CATALOG
Represents a CATALOG object to grant privs over for this user.private DatabaseConnection
connection
The DatabaseConnection instance.private QueryContext
context
The QueryContext instance.static int
DOMAIN
Represents a DOMAIN object to grant privs over for the user.private boolean
grant_table_changed
Set to true if the grant table is modified in this manager.private Cache
priv_cache
A cache of privileges for the various tables in the database.static TObject
PUBLIC_USERNAME
The name of the 'public' username.static java.lang.String
PUBLIC_USERNAME_STR
The string representing the public user (privs granted to all users).static int
SCHEMA
Represents a SCHEMA object to grant privs over for the user.static int
TABLE
Represents a TABLE object to grant privs over for the user.
-
Constructor Summary
Constructors Constructor Description GrantManager(DatabaseConnection connection)
Constructs the GrantManager.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
addGrant(Privileges privs, int object, java.lang.String param, java.lang.String grantee, boolean grant_option, java.lang.String granter)
Adds a grant on the given database object.void
addGrantToAllTablesInSchema(java.lang.String schema, Privileges privs, java.lang.String grantee, boolean grant_option, java.lang.String granter)
For all tables in the given schema, this adds the given grant for each of the tables.private Privileges
getPrivs(int object, java.lang.String param, java.lang.String username, boolean only_grant_options, java.lang.String granter, boolean include_public_privs)
private void
internalSetPrivs(Privileges new_privs, int object, java.lang.String param, java.lang.String grantee, boolean grant_option, java.lang.String granter)
Internal method that sets the privs for the given object, param, grantee, grant option and granter.private void
invalidateGrantCache()
Flushes any grant information that's being cached.void
removeGrant(Privileges privs, int object, java.lang.String param, java.lang.String grantee, boolean grant_option, java.lang.String granter)
Removes a grant on the given object for the given grantee, grant option and granter.void
revokeAllGrantsOnObject(int object, java.lang.String param)
Completely removes all privs granted on the given object for all users.void
revokeAllGrantsOnObject(int object, java.lang.String param, java.lang.String grantee, boolean grant_option, java.lang.String granter)
Removes all privs granted on the given object for the given grantee with the given grant option.Privileges
userGrantOptions(int object, java.lang.String param, java.lang.String username)
Returns all Privileges for the given object for the given grantee (user) that the user is allowed to give grant options for.Privileges
userGrants(int object, java.lang.String param, java.lang.String username)
Returns all Privileges for the given object for the given grantee (user).
-
-
-
Field Detail
-
TABLE
public static final int TABLE
Represents a TABLE object to grant privs over for the user.- See Also:
- Constant Field Values
-
DOMAIN
public static final int DOMAIN
Represents a DOMAIN object to grant privs over for the user.- See Also:
- Constant Field Values
-
SCHEMA
public static final int SCHEMA
Represents a SCHEMA object to grant privs over for the user.- See Also:
- Constant Field Values
-
CATALOG
public static final int CATALOG
Represents a CATALOG object to grant privs over for this user.- See Also:
- Constant Field Values
-
PUBLIC_USERNAME_STR
public static final java.lang.String PUBLIC_USERNAME_STR
The string representing the public user (privs granted to all users).- See Also:
- Constant Field Values
-
PUBLIC_USERNAME
public static final TObject PUBLIC_USERNAME
The name of the 'public' username. If a grant is made on 'public' then all users are given the grant.
-
connection
private DatabaseConnection connection
The DatabaseConnection instance.
-
context
private QueryContext context
The QueryContext instance.
-
priv_cache
private Cache priv_cache
A cache of privileges for the various tables in the database. This cache is populated as the user 'visits' a table.
-
grant_table_changed
private boolean grant_table_changed
Set to true if the grant table is modified in this manager.
-
-
Constructor Detail
-
GrantManager
GrantManager(DatabaseConnection connection)
Constructs the GrantManager. Should only be constructed from DatabaseConnection.
-
-
Method Detail
-
invalidateGrantCache
private void invalidateGrantCache()
Flushes any grant information that's being cached.
-
getPrivs
private Privileges getPrivs(int object, java.lang.String param, java.lang.String username, boolean only_grant_options, java.lang.String granter, boolean include_public_privs) throws DatabaseException
- Throws:
DatabaseException
-
internalSetPrivs
private void internalSetPrivs(Privileges new_privs, int object, java.lang.String param, java.lang.String grantee, boolean grant_option, java.lang.String granter) throws DatabaseException
Internal method that sets the privs for the given object, param, grantee, grant option and granter. This first revokes any grants that have been setup for the object, and adds a new record with the new grants.- Throws:
DatabaseException
-
addGrant
public void addGrant(Privileges privs, int object, java.lang.String param, java.lang.String grantee, boolean grant_option, java.lang.String granter) throws DatabaseException
Adds a grant on the given database object.- Parameters:
privs
- the privileges to grant.object
- the object to grant (TABLE, DOMAIN, etc)param
- the parameter of the object (eg. the table name)grantee
- the user name to grant the privs to.grant_option
- if true, allows the user to pass grants to other users.granter
- the user granting.- Throws:
DatabaseException
-
addGrantToAllTablesInSchema
public void addGrantToAllTablesInSchema(java.lang.String schema, Privileges privs, java.lang.String grantee, boolean grant_option, java.lang.String granter) throws DatabaseException
For all tables in the given schema, this adds the given grant for each of the tables.- Throws:
DatabaseException
-
removeGrant
public void removeGrant(Privileges privs, int object, java.lang.String param, java.lang.String grantee, boolean grant_option, java.lang.String granter) throws DatabaseException
Removes a grant on the given object for the given grantee, grant option and granter.- Throws:
DatabaseException
-
revokeAllGrantsOnObject
public void revokeAllGrantsOnObject(int object, java.lang.String param, java.lang.String grantee, boolean grant_option, java.lang.String granter) throws DatabaseException
Removes all privs granted on the given object for the given grantee with the given grant option.- Throws:
DatabaseException
-
revokeAllGrantsOnObject
public void revokeAllGrantsOnObject(int object, java.lang.String param) throws DatabaseException
Completely removes all privs granted on the given object for all users. This would typically be used when the object is dropped from the database.- Throws:
DatabaseException
-
userGrants
public Privileges userGrants(int object, java.lang.String param, java.lang.String username) throws DatabaseException
Returns all Privileges for the given object for the given grantee (user). This would be used to determine the access a user has to a table.Note that the Privileges object includes all the grants on the object given to PUBLIC also.
This method will concatenate multiple privs granted on the same object.
PERFORMANCE: This method is called a lot (at least once on every query).
- Throws:
DatabaseException
-
userGrantOptions
public Privileges userGrantOptions(int object, java.lang.String param, java.lang.String username) throws DatabaseException
Returns all Privileges for the given object for the given grantee (user) that the user is allowed to give grant options for. This would be used to determine if a user has privs to give another user grants on an object.Note that the Privileges object includes all the grants on the object given to PUBLIC also.
This method will concatenate multiple grant options given on the same object to the user.
- Throws:
DatabaseException
-
-