Class RoleClosureIteratorImpl
java.lang.Object
org.apache.derby.impl.sql.catalog.RoleClosureIteratorImpl
- All Implemented Interfaces:
RoleClosureIterator
Allows iterator over the role grant closure defined by the relation
GRANT
role-a TO
role-b, or its inverse.
The graph is represented as a HashMap
where the key is
the node and the value is a List grant descriptors representing
outgoing arcs. The set constructed depends on whether inverse
was specified in the constructor.
- See Also:
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate Iterator
<RoleGrantDescriptor> Last node returned by next; a logical pointer into the arcs list of a node we are currently processing.private DataDictionaryImpl
DataDictionaryImpl used to get closure graphprivate HashMap
<String, List<RoleGrantDescriptor>> Holds the grant graph.private boolean
true before next is called the first timeprivate final boolean
true if closure is inverse of GRANT role-a TO role-b.private List
<RoleGrantDescriptor> Holds discovered, but not yet handed out, roles in the closure.private String
The role for which we compute the closure.Holds roles seen so far when computing the closure.private TransactionController
TransactionController used to get closure graph -
Constructor Summary
ConstructorsConstructorDescriptionRoleClosureIteratorImpl
(String root, boolean inverse, DataDictionaryImpl dd, TransactionController tc) Constructor (package private). -
Method Summary
-
Field Details
-
inverse
private final boolean inversetrue if closure is inverse of GRANT role-a TO role-b. -
seenSoFar
Holds roles seen so far when computing the closure.- Key: role name. Depending on value of
inverse
, the key represents and is compared againstroleName()
orgrantee()
of role descriptors visited. - Value: none
- Key: role name. Depending on value of
-
graph
Holds the grant graph.- key: role name
- value: list of
RoleGrantDescriptor
, making up outgoing arcs in graph
-
lifo
Holds discovered, but not yet handed out, roles in the closure. -
currNodeIter
Last node returned by next; a logical pointer into the arcs list of a node we are currently processing. -
dd
DataDictionaryImpl used to get closure graph -
tc
TransactionController used to get closure graph -
root
The role for which we compute the closure. -
initial
private boolean initialtrue before next is called the first time
-
-
Constructor Details
-
RoleClosureIteratorImpl
RoleClosureIteratorImpl(String root, boolean inverse, DataDictionaryImpl dd, TransactionController tc) Constructor (package private). UsecreateRoleClosureIterator
to obtain an instance.- Parameters:
root
- The role name for which to compute the closureinverse
- Iftrue
,graph
represents the grant-1 relation.dd
- data dictionarytc
- transaction controller- See Also:
-
-
Method Details
-
next
Description copied from interface:RoleClosureIterator
Returns the next (as yet unreturned) role in the transitive closure of the grant or grant-1 relation. The grant relation forms a DAG (directed acyclic graph).Example: Assume a set of created roles forming nodes: {a1, a2, a3, b, c, d, e, f, h, j} Assume a set of GRANT statements forming arcs: GRANT a1 TO b; GRANT b TO e; GRANT e TO h; GRANT a1 TO c; GRANT e TO f; GRANT a2 TO c; GRANT c TO f; GRANT f TO h; GRANT a3 TO d; GRANT d TO f; GRANT a1 to j; a1 a2 a3 / | \ | | / b +--------> c d j | \ / e---+ \ / \ \ \ / \ \---------+ \ / \ \_ f \ / \ / \ / \ / \ / \ / h
An iterator on the inverse relation starting at h for the above grant graph will return:closure(h, grant-inv) = {h, e, b, a1, f, c, a2, d, a3}
An iterator on normal (not inverse) relation starting at a1 for the above grant graph will return:
closure(a1, grant) = {a1, b, j, e, h, f, c}
- Specified by:
next
in interfaceRoleClosureIterator
- Returns:
- a role name identifying a yet unseen node, or null if the closure is exhausted. The order in which the nodes are returned is not defined, except that the root is always returned first (h and a1 in the above examples).
- Throws:
StandardException
-