Class StatementColumnPermission


public class StatementColumnPermission extends StatementTablePermission
This class describes a column permission used (required) by a statement.
  • Field Details

  • Constructor Details

    • StatementColumnPermission

      public StatementColumnPermission(UUID tableUUID, int privType, FormatableBitSet columns)
      Constructor for StatementColumnPermission. Creates an instance of column permission requested for the given access.
      Parameters:
      tableUUID - UUID of the table
      privType - Access privilege requested
      columns - List of columns
  • Method Details

    • getColumns

      public FormatableBitSet getColumns()
      Return list of columns that need access
      Returns:
      FormatableBitSet of columns
    • equals

      public boolean equals(Object obj)
      Method to check if another instance of column access descriptor matches this. Used to ensure only one access descriptor for a table/columns of given privilege is created.
      Overrides:
      equals in class StatementTablePermission
      Parameters:
      obj - Another instance of StatementPermission
      Returns:
      true if match
    • check

      public void check(LanguageConnectionContext lcc, boolean forGrant, Activation activation) throws StandardException
      Overrides:
      check in class StatementTablePermission
      Parameters:
      lcc - LanguageConnectionContext
      forGrant -
      activation - activation for statement needing check
      Throws:
      StandardException - if the permission has not been granted
      See Also:
    • addPermittedColumns

      private FormatableBitSet addPermittedColumns(DataDictionary dd, boolean forGrant, String authorizationId, FormatableBitSet permittedColumns) throws StandardException
      Add one user's set of permitted columns to a list of permitted columns.
      Throws:
      StandardException
    • getPermissionDescriptor

      public PermissionsDescriptor getPermissionDescriptor(String authid, DataDictionary dd) throws StandardException
      Description copied from class: StatementPermission
      Get the PermissionsDescriptor for the passed authorization id for this object. This method gets called during the execution phase of create view/constraint/trigger. The return value of this method is saved in dependency system to keep track of views/constraints/triggers dependencies on required permissions. This happens in execution phase after it has been established that passed authorization id has all the permissions it needs to create that view/constraint/trigger. Which means that we can only get to writing into dependency system once all the required privileges are confirmed.
      Overrides:
      getPermissionDescriptor in class StatementTablePermission
      Parameters:
      authid - AuthorizationId
      dd - DataDictionary
      Returns:
      PermissionsDescriptor The PermissionsDescriptor for the passed authorization id on this object
      Throws:
      StandardException
      See Also:
    • getPUBLIClevelColPermsDescriptor

      public PermissionsDescriptor getPUBLIClevelColPermsDescriptor(String authid, DataDictionary dd) throws StandardException
      This method gets called in execution phase after it is established that all the required privileges exist for the given sql. This method gets called by create view/trigger/constraint to record their dependency on various privileges. Special code is required to track column level privileges. It is possible that some column level privileges are available to the passed authorizer id but the rest required column level privileges are available at PUBLIC level. In this method, we check if all the required column level privileges are found for the passed authorizer. If yes, then simply return null, indicating that no dependency is required at PUBLIC level, because all the required privileges were found at the user level. But if some column level privileges are not available at user level, then they have to exist at the PUBLIC level when this method gets called.
      Throws:
      StandardException
    • allColumnsCoveredByUserOrPUBLIC

      public boolean allColumnsCoveredByUserOrPUBLIC(String authid, DataDictionary dd) throws StandardException
      Returns false if the current role is necessary to cover the necessary permission(s).
      Parameters:
      authid - authentication id of the current user
      dd - data dictionary
      Returns:
      false if the current role is required
      Throws:
      StandardException
    • tryRole

      private FormatableBitSet tryRole(LanguageConnectionContext lcc, DataDictionary dd, boolean forGrant, String r) throws StandardException
      Try to use the supplied role r to see what column privileges are we entitled to.
      Parameters:
      lcc - language connection context
      dd - data dictionary
      forGrant - true of a GRANTable permission is sought
      r - the role to inspect to see if it can supply the required privileges return the set of columns on which we have privileges through this role
      Throws:
      StandardException
    • toString

      public String toString()
      Overrides:
      toString in class StatementTablePermission