📄 grantee.java
字号:
void revokeDbObject(Object dbobject) { rightsMap.remove(dbobject); fullRightsMap.remove(dbobject); } /** * Revokes all rights from this Grantee object. The map is cleared and * the database administrator role attribute is set false. */ void clearPrivileges() { roles.clear(); rightsMap.clear(); fullRightsMap.clear(); adminDirect = false; } /** * Checks if any of the rights represented by the rights * argument have been granted on the specified database object. <p> * * This is done by checking that a mapping exists in the rights map * from the dbobject argument for at least one of the rights * contained in the rights argument. Otherwise, it throws. */ void check(Object dbobject, int rights) throws HsqlException { if (!isAccessible(dbobject, rights)) { throw Trace.error(Trace.ACCESS_IS_DENIED); } } /** * Returns true if any of the rights represented by the * rights argument has been granted on the database object identified * by the dbobject argument. <p> * * This is done by checking that a mapping exists in the rights map * from the dbobject argument for at least one of the rights * contained in the rights argument. * * Only does one level of recursion to check the PUBLIC role. */ boolean isAccessible(Object dbObject, int rights) throws HsqlException { if (dbObject instanceof String) { if (((String) dbObject).startsWith("org.hsqldb.Library") || ((String) dbObject).startsWith("java.lang.Math")) { return true; } } if (admin) { return true; } if (pubGrantee != null && pubGrantee.isAccessible(dbObject, rights)) { return true; } int n = fullRightsMap.get(dbObject, 0); if (n != 0) { return (n & rights) != 0; } return false; } /** * Returns true if any of the rights represented by the * rights argument has been granted on the database object identified * by the dbObject argument. <p> * * This is done by checking that a mapping exists in the rights map * from the dbObject argument for at least one of the rights * contained in the rights argument. * * Considers none of pubGranee, nested roles, admin privs, globally * available Class object. */ protected boolean isDirectlyAccessible(Object dbObject, int rights) throws HsqlException { int n = rightsMap.get(dbObject, 0); if (n != 0) { return (n & rights) != 0; } return false; } /** * Returns true if any right at all has been granted to this User object * on the database object identified by the dbObject argument. */ boolean isAccessible(Object dbObject) throws HsqlException { return isAccessible(dbObject, GranteeManager.ALL); } /** * Checks whether this Grantee has administrative privs either directly * or indirectly. Otherwise it throws. */ void checkAdmin() throws HsqlException { if (!isAdmin()) { throw Trace.error(Trace.ACCESS_IS_DENIED); } } /** * Returns true if this Grantee has administrative privs either directly * or indirectly. */ boolean isAdmin() { return admin; } /** * Returns true if this User object is for a user with Direct * database administrator privileges. * I.e., if this User/Role has Admin priv. directly, not via a * nested Role. */ boolean isAdminDirect() { return adminDirect; } /** * Retrieves the distinct set of Java <code>Class</code> FQNs * for which this <code>User</code> object has been * granted <code>ALL</code> (the Class execution privilege). <p> * @param andToPublic if <code>true</code>, then the set includes the * names of classes accessible to this <code>User</code> object * through grants to its Roles + <code>PUBLIC</code> * <code>User</code> object attribute, else only role grants * + direct grants are included. * @return the distinct set of Java Class FQNs for which this * this <code>User</code> object has been granted * <code>ALL</code>. */ HashSet getGrantedClassNames(boolean andToPublic) throws HsqlException { IntValueHashMap rights; Object key; int right; Iterator i; rights = rightsMap; HashSet out = getGrantedClassNamesDirect(); if (andToPublic && pubGrantee != null) { rights = pubGrantee.rightsMap; i = rights.keySet().iterator(); while (i.hasNext()) { key = i.next(); if (key instanceof String) { right = rights.get(key, 0); if (right == GranteeManager.ALL) { out.add(key); } } } } Iterator it = getAllRoles().iterator(); while (it.hasNext()) { out.addAll( ((Grantee) granteeManager.getRole( (String) it.next())).getGrantedClassNamesDirect()); } return out; } /** * Retrieves the distinct set of Java <code>Class</code> FQNs * for which this <code>User</code> object has directly been * granted <code>ALL</code> (the Class execution privilege). * * Does NOT check nested the pubGrantee nor nested roles. * @return the distinct set of Java Class FQNs for which this * this <code>User</code> object has been granted * <code>ALL</code>. * */ HashSet getGrantedClassNamesDirect() throws HsqlException { IntValueHashMap rights; HashSet out; Object key; int right; Iterator i; rights = rightsMap; out = new HashSet(); i = rightsMap.keySet().iterator(); while (i.hasNext()) { key = i.next(); if (key instanceof String) { right = rights.get(key, 0); if (right == GranteeManager.ALL) { out.add(key); } } } return out; } /** * Retrieves a string[] whose elements are the names of the rights * explicitly granted with the GRANT command to this <code>User</code> * object on the <code>Table</code> object identified by the * <code>name</code> argument. * * @return array of Strings naming the rights granted to this * <code>User</code> object on the <code>Table</code> object * identified by the <code>name</code> argument. * @param name a <code>Table</code> object identifier * */ String[] listGrantedTablePrivileges(HsqlName name) { return GranteeManager.getRightsArray(rightsMap.get(name, 0)); } /** * Violates naming convention (for backward compatibility). * Should be "setAdminDirect(boolean"). */ void setAdminDirect() { admin = adminDirect = true; } /** * Recursive method used with ROLE Grantee objects to set the fullRightsMap * and admin flag for all the roles. * * If a new ROLE is granted to a ROLE Grantee object, the ROLE should first * be added to the Set of ROLE Grantee objects (roles) for the grantee. * The grantee will be the parameter. * * If the direct permissions granted to an existing ROLE Grentee is * modified no extra initial action is necessary. * The existing Grantee will b the parameter. * * If an existing ROLE is REVOKEed from a ROLE, it should first be removed * from the set of ROLE Grantee objects in the containing ROLE. * The containing ROLE will be the parameter. * * If an existing ROLE is DROPped, all its privileges should be cleared * first. The ROLE will be the parameter. After calling this method on * all other roles, the DROPped role should be removed from all grantees. * * After the initial modification, this method should be called iteratively * on all the ROLE Grantee objects contained in RoleManager. * * The updateAllRights() method is then called iteratively on all the * USER Grantee objects contained in UserManager. * @param role a modified, revoked or dropped role. * @return true if this Grantee has possibly changed as a result */ boolean updateNestedRoles(String role) { boolean hasNested = false; boolean isSelf = role.equals(granteeName); if (!isSelf) { Iterator it = roles.iterator(); while (it.hasNext()) { String roleName = (String) it.next(); try { Grantee currentRole = granteeManager.getRole(roleName); hasNested |= currentRole.updateNestedRoles(role); } catch (HsqlException e) {} } } if (hasNested) { updateAllRights(); } return hasNested || isSelf; } /** * Method used with all Grantee objects to set the full set of rights * according to those inherited form ROLE Grantee objects and those * granted to the object itself. */ void updateAllRights() { fullRightsMap.clear(); admin = adminDirect; Iterator it = roles.iterator(); while (it.hasNext()) { String roleName = (String) it.next(); try { Grantee currentRole = granteeManager.getRole(roleName); fullRightsMap.putAll(currentRole.fullRightsMap); admin |= currentRole.isAdmin(); } catch (HsqlException e) {} } fullRightsMap.putAll(rightsMap); }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -