001: /**
002: * com.mckoi.database.interpret.PrivManager 21 Aug 2002
003: *
004: * Mckoi SQL Database ( http://www.mckoi.com/database )
005: * Copyright (C) 2000, 2001, 2002 Diehl and Associates, Inc.
006: *
007: * This program is free software; you can redistribute it and/or
008: * modify it under the terms of the GNU General Public License
009: * Version 2 as published by the Free Software Foundation.
010: *
011: * This program is distributed in the hope that it will be useful,
012: * but WITHOUT ANY WARRANTY; without even the implied warranty of
013: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
014: * GNU General Public License Version 2 for more details.
015: *
016: * You should have received a copy of the GNU General Public License
017: * Version 2 along with this program; if not, write to the Free Software
018: * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
019: *
020: * Change Log:
021: *
022: *
023: */package com.mckoi.database.interpret;
024:
025: import com.mckoi.database.*;
026: import java.util.ArrayList;
027: import java.util.List;
028:
029: /**
030: * Handler for grant/revoke queries for setting up grant information in the
031: * database.
032: *
033: * @author Tobias Downer
034: */
035:
036: public class PrivManager extends Statement {
037:
038: // ---------- Implemented from Statement ----------
039:
040: public void prepare() throws DatabaseException {
041: // Nothing to do here
042: }
043:
044: public Table evaluate() throws DatabaseException {
045:
046: DatabaseQueryContext context = new DatabaseQueryContext(
047: database);
048:
049: String command_type = (String) cmd.getObject("command");
050:
051: ArrayList priv_list = (ArrayList) cmd.getObject("priv_list");
052: String priv_object = (String) cmd.getObject("priv_object");
053:
054: int grant_object;
055: String grant_param;
056:
057: // Parse the priv object,
058: if (priv_object.startsWith("T:")) {
059: // Granting to a table object
060: String table_name_str = priv_object.substring(2);
061: TableName table_name = database
062: .resolveTableName(table_name_str);
063: // Check the table exists
064: if (!database.tableExists(table_name)) {
065: throw new DatabaseException("Table '" + table_name
066: + "' doesn't exist.");
067: }
068: grant_object = GrantManager.TABLE;
069: grant_param = table_name.toString();
070: } else if (priv_object.startsWith("S:")) {
071: // Granting to a schema object
072: String schema_name_str = priv_object.substring(2);
073: SchemaDef schema_name = database
074: .resolveSchemaName(schema_name_str);
075: // Check the schema exists
076: if (schema_name == null
077: || !database.schemaExists(schema_name.toString())) {
078: schema_name_str = schema_name == null ? schema_name_str
079: : schema_name.toString();
080: throw new DatabaseException("Schema '"
081: + schema_name_str + "' doesn't exist.");
082: }
083: grant_object = GrantManager.SCHEMA;
084: grant_param = schema_name.toString();
085: } else {
086: throw new Error("Priv object formatting error.");
087: }
088:
089: if (command_type.equals("GRANT")) {
090: ArrayList grant_to = (ArrayList) cmd.getObject("grant_to");
091: boolean grant_option = cmd.getBoolean("grant_option");
092:
093: // Get the grant manager.
094: GrantManager manager = context.getGrantManager();
095:
096: // Get the grant options this user has on the given object.
097: Privileges options_privs = manager.userGrantOptions(
098: grant_object, grant_param, user.getUserName());
099:
100: // Is the user permitted to give out these privs?
101: Privileges grant_privs = Privileges.EMPTY_PRIVS;
102: for (int i = 0; i < priv_list.size(); ++i) {
103: String priv = ((String) priv_list.get(i)).toUpperCase();
104: int priv_bit;
105: if (priv.equals("ALL")) {
106: if (grant_object == GrantManager.TABLE) {
107: priv_bit = Privileges.TABLE_ALL_PRIVS.toInt();
108: } else if (grant_object == GrantManager.SCHEMA) {
109: priv_bit = Privileges.SCHEMA_ALL_PRIVS.toInt();
110: } else {
111: throw new Error("Unrecognised grant object.");
112: }
113: } else {
114: priv_bit = Privileges.parseString(priv);
115: }
116: if (!options_privs.permits(priv_bit)) {
117: throw new UserAccessException(
118: "User is not permitted to grant '" + priv
119: + "' access on object "
120: + grant_param);
121: }
122: grant_privs = grant_privs.add(priv_bit);
123: }
124:
125: // Do the users exist?
126: for (int i = 0; i < grant_to.size(); ++i) {
127: String name = (String) grant_to.get(i);
128: if (!name.equalsIgnoreCase("public")
129: && !database.getDatabase().userExists(context,
130: name)) {
131: throw new DatabaseException("User '" + name
132: + "' doesn't exist.");
133: }
134: }
135:
136: // Everything checks out so add the grants to the users.
137: for (int i = 0; i < grant_to.size(); ++i) {
138: String name = (String) grant_to.get(i);
139: if (name.equalsIgnoreCase("public")) {
140: // Add a public grant,
141: manager.addGrant(grant_privs, grant_object,
142: grant_param,
143: GrantManager.PUBLIC_USERNAME_STR,
144: grant_option, user.getUserName());
145: } else {
146: // Add a user grant.
147: manager.addGrant(grant_privs, grant_object,
148: grant_param, name, grant_option, user
149: .getUserName());
150: }
151: }
152:
153: // All done.
154:
155: } else if (command_type.equals("REVOKE")) {
156: ArrayList revoke_from = (ArrayList) cmd
157: .getObject("revoke_from");
158: boolean revoke_grant_option = cmd
159: .getBoolean("revoke_grant_option");
160:
161: // Get the grant manager.
162: GrantManager manager = context.getGrantManager();
163:
164: // Is the user permitted to give out these privs?
165: Privileges revoke_privs = Privileges.EMPTY_PRIVS;
166: for (int i = 0; i < priv_list.size(); ++i) {
167: String priv = ((String) priv_list.get(i)).toUpperCase();
168: int priv_bit;
169: if (priv.equals("ALL")) {
170: if (grant_object == GrantManager.TABLE) {
171: priv_bit = Privileges.TABLE_ALL_PRIVS.toInt();
172: } else if (grant_object == GrantManager.SCHEMA) {
173: priv_bit = Privileges.SCHEMA_ALL_PRIVS.toInt();
174: } else {
175: throw new Error("Unrecognised grant object.");
176: }
177: } else {
178: priv_bit = Privileges.parseString(priv);
179: }
180: revoke_privs = revoke_privs.add(priv_bit);
181: }
182:
183: // Revoke the grants for the given users
184: for (int i = 0; i < revoke_from.size(); ++i) {
185: String name = (String) revoke_from.get(i);
186: if (name.equalsIgnoreCase("public")) {
187: // Revoke a public grant,
188: manager.removeGrant(revoke_privs, grant_object,
189: grant_param,
190: GrantManager.PUBLIC_USERNAME_STR,
191: revoke_grant_option, user.getUserName());
192: } else {
193: // Revoke a user grant.
194: manager.removeGrant(revoke_privs, grant_object,
195: grant_param, name, revoke_grant_option,
196: user.getUserName());
197: }
198: }
199:
200: // All done.
201:
202: } else {
203: throw new Error("Unknown priv manager command: "
204: + command_type);
205: }
206:
207: return FunctionTable.resultTable(context, 0);
208: }
209:
210: }
|