Class StatementColumnPermission
java.lang.Object
org.apache.derby.iapi.sql.dictionary.StatementPermission
org.apache.derby.iapi.sql.dictionary.StatementTablePermission
org.apache.derby.iapi.sql.dictionary.StatementColumnPermission
This class describes a column permission used (required) by a statement.
-
Field Summary
FieldsFields inherited from class org.apache.derby.iapi.sql.dictionary.StatementTablePermission
privType, tableUUID
-
Constructor Summary
ConstructorsConstructorDescriptionStatementColumnPermission
(UUID tableUUID, int privType, FormatableBitSet columns) Constructor for StatementColumnPermission. -
Method Summary
Modifier and TypeMethodDescriptionprivate FormatableBitSet
addPermittedColumns
(DataDictionary dd, boolean forGrant, String authorizationId, FormatableBitSet permittedColumns) Add one user's set of permitted columns to a list of permitted columns.boolean
allColumnsCoveredByUserOrPUBLIC
(String authid, DataDictionary dd) Returns false if the current role is necessary to cover the necessary permission(s).void
check
(LanguageConnectionContext lcc, boolean forGrant, Activation activation) boolean
Method to check if another instance of column access descriptor matches this.Return list of columns that need accessgetPermissionDescriptor
(String authid, DataDictionary dd) Get the PermissionsDescriptor for the passed authorization id for this object.getPUBLIClevelColPermsDescriptor
(String authid, DataDictionary dd) This method gets called in execution phase after it is established that all the required privileges exist for the given sql.toString()
private FormatableBitSet
tryRole
(LanguageConnectionContext lcc, DataDictionary dd, boolean forGrant, String r) Try to use the supplied role r to see what column privileges are we entitled to.Methods inherited from class org.apache.derby.iapi.sql.dictionary.StatementTablePermission
getPrivName, getPrivType, getTableDescriptor, getTableUUID, hashCode, hasPermissionOnTable, oneAuthHasPermissionOnTable
Methods inherited from class org.apache.derby.iapi.sql.dictionary.StatementPermission
genericCheck, getObjectType, getPrivilegedObject, isCorrectPermission
-
Field Details
-
columns
-
-
Constructor Details
-
StatementColumnPermission
Constructor for StatementColumnPermission. Creates an instance of column permission requested for the given access.- Parameters:
tableUUID
- UUID of the tableprivType
- Access privilege requestedcolumns
- List of columns
-
-
Method Details
-
getColumns
Return list of columns that need access- Returns:
- FormatableBitSet of columns
-
equals
Method to check if another instance of column access descriptor matches this. Used to ensure only one access descriptor for a table/columns of given privilege is created.- Overrides:
equals
in classStatementTablePermission
- Parameters:
obj
- Another instance of StatementPermission- Returns:
- true if match
-
check
public void check(LanguageConnectionContext lcc, boolean forGrant, Activation activation) throws StandardException - Overrides:
check
in classStatementTablePermission
- Parameters:
lcc
- LanguageConnectionContextforGrant
-activation
- activation for statement needing check- Throws:
StandardException
- if the permission has not been granted- See Also:
-
addPermittedColumns
private FormatableBitSet addPermittedColumns(DataDictionary dd, boolean forGrant, String authorizationId, FormatableBitSet permittedColumns) throws StandardException Add one user's set of permitted columns to a list of permitted columns.- Throws:
StandardException
-
getPermissionDescriptor
public PermissionsDescriptor getPermissionDescriptor(String authid, DataDictionary dd) throws StandardException Description copied from class:StatementPermission
Get the PermissionsDescriptor for the passed authorization id for this object. This method gets called during the execution phase of create view/constraint/trigger. The return value of this method is saved in dependency system to keep track of views/constraints/triggers dependencies on required permissions. This happens in execution phase after it has been established that passed authorization id has all the permissions it needs to create that view/constraint/trigger. Which means that we can only get to writing into dependency system once all the required privileges are confirmed.- Overrides:
getPermissionDescriptor
in classStatementTablePermission
- Parameters:
authid
- AuthorizationIddd
- DataDictionary- Returns:
- PermissionsDescriptor The PermissionsDescriptor for the passed authorization id on this object
- Throws:
StandardException
- See Also:
-
getPUBLIClevelColPermsDescriptor
public PermissionsDescriptor getPUBLIClevelColPermsDescriptor(String authid, DataDictionary dd) throws StandardException This method gets called in execution phase after it is established that all the required privileges exist for the given sql. This method gets called by create view/trigger/constraint to record their dependency on various privileges. Special code is required to track column level privileges. It is possible that some column level privileges are available to the passed authorizer id but the rest required column level privileges are available at PUBLIC level. In this method, we check if all the required column level privileges are found for the passed authorizer. If yes, then simply return null, indicating that no dependency is required at PUBLIC level, because all the required privileges were found at the user level. But if some column level privileges are not available at user level, then they have to exist at the PUBLIC level when this method gets called.- Throws:
StandardException
-
allColumnsCoveredByUserOrPUBLIC
public boolean allColumnsCoveredByUserOrPUBLIC(String authid, DataDictionary dd) throws StandardException Returns false if the current role is necessary to cover the necessary permission(s).- Parameters:
authid
- authentication id of the current userdd
- data dictionary- Returns:
- false if the current role is required
- Throws:
StandardException
-
tryRole
private FormatableBitSet tryRole(LanguageConnectionContext lcc, DataDictionary dd, boolean forGrant, String r) throws StandardException Try to use the supplied role r to see what column privileges are we entitled to.- Parameters:
lcc
- language connection contextdd
- data dictionaryforGrant
- true of a GRANTable permission is soughtr
- the role to inspect to see if it can supply the required privileges return the set of columns on which we have privileges through this role- Throws:
StandardException
-
toString
- Overrides:
toString
in classStatementTablePermission
-