org.apache.derby.impl.sql.catalog
Class RoleClosureIteratorImpl

java.lang.Object
  extended by org.apache.derby.impl.sql.catalog.RoleClosureIteratorImpl
All Implemented Interfaces:
RoleClosureIterator

public class RoleClosureIteratorImpl
extends java.lang.Object
implements RoleClosureIterator

Allows iterator over the role grant closure defined by the relation GRANT role-a TO role-b, or its inverse.

The graph is represented as a HashMap where the key is the node and the value is a List grant descriptors representing outgoing arcs. The set constructed depends on whether inverse was specified in the constructor.

See Also:
RoleClosureIterator

Field Summary
private  java.util.Iterator currNodeIter
          Last node returned by next; a logical pointer into the arcs list of a node we are currently processing.
private  DataDictionaryImpl dd
          DataDictionaryImpl used to get closure graph
private  java.util.HashMap graph
          Holds the grant graph.
private  boolean initial
          true before next is called the first time
private  boolean inverse
          true if closure is inverse of GRANT role-a TO role-b.
private  java.util.List lifo
          Holds discovered, but not yet handed out, roles in the closure.
private  java.lang.String root
          The role for which we compute the closure.
private  java.util.HashMap seenSoFar
          Holds roles seen so far when computing the closure.
private  TransactionController tc
          TransactionController used to get closure graph
 
Constructor Summary
RoleClosureIteratorImpl(java.lang.String root, boolean inverse, DataDictionaryImpl dd, TransactionController tc)
          Constructor (package private).
 
Method Summary
 java.lang.String next()
          Returns the next (as yet unreturned) role in the transitive closure of the grant or grant-1 relation.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

inverse

private final boolean inverse
true if closure is inverse of GRANT role-a TO role-b.


seenSoFar

private java.util.HashMap seenSoFar
Holds roles seen so far when computing the closure.


graph

private java.util.HashMap graph
Holds the grant graph.


lifo

private java.util.List lifo
Holds discovered, but not yet handed out, roles in the closure.


currNodeIter

private java.util.Iterator currNodeIter
Last node returned by next; a logical pointer into the arcs list of a node we are currently processing.


dd

private DataDictionaryImpl dd
DataDictionaryImpl used to get closure graph


tc

private TransactionController tc
TransactionController used to get closure graph


root

private java.lang.String root
The role for which we compute the closure.


initial

private boolean initial
true before next is called the first time

Constructor Detail

RoleClosureIteratorImpl

RoleClosureIteratorImpl(java.lang.String root,
                        boolean inverse,
                        DataDictionaryImpl dd,
                        TransactionController tc)
Constructor (package private). Use createRoleClosureIterator to obtain an instance.

Parameters:
root - The role name for which to compute the closure
inverse - If true, graph represents the grant-1 relation.
dd - data dictionary
tc - transaction controller
See Also:
DataDictionary.createRoleClosureIterator(org.apache.derby.iapi.store.access.TransactionController, java.lang.String, boolean)
Method Detail

next

public java.lang.String next()
                      throws StandardException
Description copied from interface: RoleClosureIterator
Returns the next (as yet unreturned) role in the transitive closure of the grant or grant-1 relation. The grant relation forms a DAG (directed acyclic graph).
 Example:
      Assume a set of created roles forming nodes:
            {a1, a2, a3, b, c, d, e, f, h, j}

      Assume a set of GRANT statements forming arcs:

      GRANT a1 TO b;   GRANT b TO e;  GRANT e TO h;
      GRANT a1 TO c;                  GRANT e TO f;
      GRANT a2 TO c;   GRANT c TO f;  GRANT f TO h;
      GRANT a3 TO d;   GRANT d TO f;  GRANT a1 to j;


          a1            a2         a3
         / | \           |          |
        /  b  +--------> c          d
       j   |              \        /
           e---+           \      /
            \   \           \    /
             \   \---------+ \  /
              \             \_ f
               \             /
                \           /
                 \         /
                  \       /
                   \     /
                    \   /
                      h
 
An iterator on the inverse relation starting at h for the above grant graph will return:
       closure(h, grant-inv) = {h, e, b, a1, f, c, a2, d, a3}
 

An iterator on normal (not inverse) relation starting at a1 for the above grant graph will return:

       closure(a1, grant)    = {a1, b, j, e, h, f, c}
 

Specified by:
next in interface RoleClosureIterator
Returns:
a role name identifying a yet unseen node, or null if the closure is exhausted. The order in which the nodes are returned is not defined, except that the root is always returned first (h and a1 in the above examples).
Throws:
StandardException

Built on Thu 2012-03-29 21:53:33+0000, from revision ???

Apache Derby V10.6 Internals - Copyright © 2004,2007 The Apache Software Foundation. All Rights Reserved.