Class RoleClosureIteratorImpl

java.lang.Object
org.apache.derby.impl.sql.catalog.RoleClosureIteratorImpl
All Implemented Interfaces:
RoleClosureIterator

public class RoleClosureIteratorImpl extends Object implements RoleClosureIterator
Allows iterator over the role grant closure defined by the relation GRANT role-a TO role-b, or its inverse.

The graph is represented as a HashMap where the key is the node and the value is a List grant descriptors representing outgoing arcs. The set constructed depends on whether inverse was specified in the constructor.

See Also:
  • Field Details

    • inverse

      private final boolean inverse
      true if closure is inverse of GRANT role-a TO role-b.
    • seenSoFar

      private HashMap<String,Object> seenSoFar
      Holds roles seen so far when computing the closure.
      • Key: role name. Depending on value of inverse, the key represents and is compared against roleName() or grantee() of role descriptors visited.
      • Value: none
    • graph

      Holds the grant graph.
      • key: role name
      • value: list of RoleGrantDescriptor, making up outgoing arcs in graph
    • lifo

      private List<RoleGrantDescriptor> lifo
      Holds discovered, but not yet handed out, roles in the closure.
    • currNodeIter

      private Iterator<RoleGrantDescriptor> currNodeIter
      Last node returned by next; a logical pointer into the arcs list of a node we are currently processing.
    • dd

      private DataDictionaryImpl dd
      DataDictionaryImpl used to get closure graph
    • tc

      TransactionController used to get closure graph
    • root

      private String root
      The role for which we compute the closure.
    • initial

      private boolean initial
      true before next is called the first time
  • Constructor Details

  • Method Details

    • next

      public String next() throws StandardException
      Description copied from interface: RoleClosureIterator
      Returns the next (as yet unreturned) role in the transitive closure of the grant or grant-1 relation. The grant relation forms a DAG (directed acyclic graph).
       Example:
            Assume a set of created roles forming nodes:
                  {a1, a2, a3, b, c, d, e, f, h, j}
      
            Assume a set of GRANT statements forming arcs:
      
            GRANT a1 TO b;   GRANT b TO e;  GRANT e TO h;
            GRANT a1 TO c;                  GRANT e TO f;
            GRANT a2 TO c;   GRANT c TO f;  GRANT f TO h;
            GRANT a3 TO d;   GRANT d TO f;  GRANT a1 to j;
      
      
                a1            a2         a3
               / | \           |          |
              /  b  +--------> c          d
             j   |              \        /
                 e---+           \      /
                  \   \           \    /
                   \   \---------+ \  /
                    \             \_ f
                     \             /
                      \           /
                       \         /
                        \       /
                         \     /
                          \   /
                            h
       
      An iterator on the inverse relation starting at h for the above grant graph will return:
             closure(h, grant-inv) = {h, e, b, a1, f, c, a2, d, a3}
       

      An iterator on normal (not inverse) relation starting at a1 for the above grant graph will return:

             closure(a1, grant)    = {a1, b, j, e, h, f, c}
       
      Specified by:
      next in interface RoleClosureIterator
      Returns:
      a role name identifying a yet unseen node, or null if the closure is exhausted. The order in which the nodes are returned is not defined, except that the root is always returned first (h and a1 in the above examples).
      Throws:
      StandardException