org.apache.derby.iapi.sql.dictionary
Class StatementColumnPermission

java.lang.Object
  extended by org.apache.derby.iapi.sql.dictionary.StatementPermission
      extended by org.apache.derby.iapi.sql.dictionary.StatementTablePermission
          extended by org.apache.derby.iapi.sql.dictionary.StatementColumnPermission

public class StatementColumnPermission
extends StatementTablePermission

This class describes a column permission used (required) by a statement.


Field Summary
private  FormatableBitSet columns
           
 
Fields inherited from class org.apache.derby.iapi.sql.dictionary.StatementTablePermission
privType, tableUUID
 
Constructor Summary
StatementColumnPermission(UUID tableUUID, int privType, FormatableBitSet columns)
          Constructor for StatementColumnPermission.
 
Method Summary
private  FormatableBitSet addPermittedColumns(DataDictionary dd, boolean forGrant, java.lang.String authorizationId, FormatableBitSet permittedColumns)
          Add one user's set of permitted columns to a list of permitted columns.
 boolean allColumnsCoveredByUserOrPUBLIC(java.lang.String authid, DataDictionary dd)
          Returns false if the current role is necessary to cover the necessary permission(s).
 void check(LanguageConnectionContext lcc, java.lang.String authorizationId, boolean forGrant, Activation activation)
           
 boolean equals(java.lang.Object obj)
          Method to check if another instance of column access descriptor matches this.
 FormatableBitSet getColumns()
          Return list of columns that need access
 PermissionsDescriptor getPermissionDescriptor(java.lang.String authid, DataDictionary dd)
          Get the PermissionsDescriptor for the passed authorization id for this object.
 PermissionsDescriptor getPUBLIClevelColPermsDescriptor(java.lang.String authid, DataDictionary dd)
          This method gets called in execution phase after it is established that all the required privileges exist for the given sql.
 java.lang.String toString()
           
private  FormatableBitSet tryRole(LanguageConnectionContext lcc, DataDictionary dd, boolean forGrant, java.lang.String r)
          Try to use the supplied role r to see what column privileges are we entitled to.
 
Methods inherited from class org.apache.derby.iapi.sql.dictionary.StatementTablePermission
getPrivName, getPrivType, getTableDescriptor, getTableUUID, hashCode, hasPermissionOnTable, oneAuthHasPermissionOnTable
 
Methods inherited from class org.apache.derby.iapi.sql.dictionary.StatementPermission
genericCheck, getObjectType, getPrivilegedObject, isCorrectPermission
 
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait
 

Field Detail

columns

private FormatableBitSet columns
Constructor Detail

StatementColumnPermission

public StatementColumnPermission(UUID tableUUID,
                                 int privType,
                                 FormatableBitSet columns)
Constructor for StatementColumnPermission. Creates an instance of column permission requested for the given access.

Parameters:
tableUUID - UUID of the table
privType - Access privilege requested
columns - List of columns
Method Detail

getColumns

public FormatableBitSet getColumns()
Return list of columns that need access

Returns:
FormatableBitSet of columns

equals

public boolean equals(java.lang.Object obj)
Method to check if another instance of column access descriptor matches this. Used to ensure only one access descriptor for a table/columns of given privilege is created.

Overrides:
equals in class StatementTablePermission
Parameters:
obj - Another instance of StatementPermission
Returns:
true if match

check

public void check(LanguageConnectionContext lcc,
                  java.lang.String authorizationId,
                  boolean forGrant,
                  Activation activation)
           throws StandardException
Overrides:
check in class StatementTablePermission
Parameters:
lcc - LanguageConnectionContext
authorizationId - AuthorizationId
activation - activation for statement needing check
Throws:
StandardException - if the permission has not been granted
See Also:
StatementPermission.check(org.apache.derby.iapi.sql.conn.LanguageConnectionContext, java.lang.String, boolean, org.apache.derby.iapi.sql.Activation)

addPermittedColumns

private FormatableBitSet addPermittedColumns(DataDictionary dd,
                                             boolean forGrant,
                                             java.lang.String authorizationId,
                                             FormatableBitSet permittedColumns)
                                      throws StandardException
Add one user's set of permitted columns to a list of permitted columns.

Throws:
StandardException

getPermissionDescriptor

public PermissionsDescriptor getPermissionDescriptor(java.lang.String authid,
                                                     DataDictionary dd)
                                              throws StandardException
Description copied from class: StatementPermission
Get the PermissionsDescriptor for the passed authorization id for this object. This method gets called during the execution phase of create view/constraint/trigger. The return value of this method is saved in dependency system to keep track of views/constraints/triggers dependencies on required permissions. This happens in execution phase after it has been established that passed authorization id has all the permissions it needs to create that view/constraint/trigger. Which means that we can only get to writing into dependency system once all the required privileges are confirmed.

Overrides:
getPermissionDescriptor in class StatementTablePermission
Parameters:
authid - AuthorizationId
dd - DataDictionary
Returns:
PermissionsDescriptor The PermissionsDescriptor for the passed authorization id on this object
Throws:
StandardException
See Also:
StatementPermission.getPermissionDescriptor(java.lang.String, org.apache.derby.iapi.sql.dictionary.DataDictionary)

getPUBLIClevelColPermsDescriptor

public PermissionsDescriptor getPUBLIClevelColPermsDescriptor(java.lang.String authid,
                                                              DataDictionary dd)
                                                       throws StandardException
This method gets called in execution phase after it is established that all the required privileges exist for the given sql. This method gets called by create view/trigger/constraint to record their dependency on various privileges. Special code is required to track column level privileges. It is possible that some column level privileges are available to the passed authorizer id but the rest required column level privileges are available at PUBLIC level. In this method, we check if all the required column level privileges are found for the passed authorizer. If yes, then simply return null, indicating that no dependency is required at PUBLIC level, because all the required privileges were found at the user level. But if some column level privileges are not available at user level, then they have to exist at the PUBLIC level when this method gets called.

Throws:
StandardException

allColumnsCoveredByUserOrPUBLIC

public boolean allColumnsCoveredByUserOrPUBLIC(java.lang.String authid,
                                               DataDictionary dd)
                                        throws StandardException
Returns false if the current role is necessary to cover the necessary permission(s).

Parameters:
authid - authentication id of the current user
dd - data dictionary
Returns:
false if the current role is required
Throws:
StandardException

tryRole

private FormatableBitSet tryRole(LanguageConnectionContext lcc,
                                 DataDictionary dd,
                                 boolean forGrant,
                                 java.lang.String r)
                          throws StandardException
Try to use the supplied role r to see what column privileges are we entitled to.

Parameters:
lcc - language connection context
dd - data dictionary
forGrant - true of a GRANTable permission is sought
r - the role to inspect to see if it can supply the required privileges return the set of columns on which we have privileges through this role
Throws:
StandardException

toString

public java.lang.String toString()
Overrides:
toString in class StatementTablePermission

Built on Thu 2011-03-10 11:54:14+0000, from revision ???

Apache Derby V10.6 Internals - Copyright © 2004,2007 The Apache Software Foundation. All Rights Reserved.