granteemanager.java

hsqldb是100％java实现的数据库,是一个开放源代码的JAVA数据库 l 具有标准的SQL语法和JAVA接口 l HSQLDB可以自由使用和分发 l 非常简洁和快速的

/* Copyright (c) 2001-2005, The HSQL Development Group
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 * Redistributions of source code must retain the above copyright notice, this
 * list of conditions and the following disclaimer.
 *
 * Redistributions in binary form must reproduce the above copyright notice,
 * this list of conditions and the following disclaimer in the documentation
 * and/or other materials provided with the distribution.
 *
 * Neither the name of the HSQL Development Group nor the names of its
 * contributors may be used to endorse or promote products derived from this
 * software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED. IN NO EVENT SHALL HSQL DEVELOPMENT GROUP, HSQLDB.ORG,
 * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */


package org.hsqldb;

import org.hsqldb.lib.HashMappedList;
import org.hsqldb.lib.HashSet;
import org.hsqldb.lib.HsqlArrayList;
import org.hsqldb.lib.IntKeyHashMap;
import org.hsqldb.lib.IntValueHashMap;
import org.hsqldb.lib.Iterator;
import org.hsqldb.lib.StringUtil;
import org.hsqldb.lib.Collection;
import org.hsqldb.lib.Set;

/**
 * Contains a set of Grantee objects, and supports operations for creating,
 * finding, modifying and deleting Grantee objects for a Database; plus
 * Administrative privileges.
 *
 * @author boucherb@users
 * @author fredt@users
 * @author unsaved@users
 *
 * @version 1.8.0
 * @since 1.8.0
 * @see Grantee
 */
class GranteeManager implements GrantConstants {

    /**
     * The role name reserved for authorization of INFORMATION_SCHEMA and
     * system objects.
     */
    static final String SYSTEM_AUTHORIZATION_NAME = "_SYSTEM";

    /** The role name reserved for ADMIN users. */
    static final String DBA_ADMIN_ROLE_NAME = "DBA";

    /** The role name reserved for the special PUBLIC pseudo-user. */
    static final String PUBLIC_ROLE_NAME = "PUBLIC";

    /**
     * An empty list that is returned from
     * {@link #listTablePrivileges listTablePrivileges} when
     * it is detected that neither this <code>User</code> object or
     * its <code>PUBLIC</code> <code>User</code> object attribute have been
     * granted any rights on the <code>Table</code> object identified by
     * the specified <code>HsqlName</code> object.
     *
     */
    static final String[] emptyRightsList = new String[0];

    /**
     * MAP:  int => HsqlArrayList. <p>
     *
     * This map caches the lists of <code>String</code> objects naming the rights
     * corresponding to each valid set of rights flags, as returned by
     * {@link #listRightNames listRightNames}
     *
     */
    static final IntKeyHashMap hRightsLists = new IntKeyHashMap();

    /**
     * Used to provide access to the RoleManager for Grantee.isAccessible()
     * lookups
     */
    /*
     * Our map here has the same keys as the UserManager map
     * EXCEPT that we include all roles, including the SYSTEM_AUTHORIZATION_NAME
     * because we need o keep track of those permissions, but not his identity.
     * I.e., our list here is all-inclusive, whether the User or Role is
     * visible to database users or not.
     */

    /**
     * Map of String-to-Grantee-objects.<p>
     * Primary object maintained by this class
     */
    private HashMappedList map = new HashMappedList();

    /**
     * This object's set of Role objects. <p>
     * role-Strings-to-Grantee-object
     */
    private HashMappedList roleMap = new HashMappedList();

    /**
     * Construct the GranteeManager for a Database.
     *
     * Construct special Grantee objects for PUBLIC and SYS, and add them
     * to the Grantee map.
     * We depend on the corresponding User accounts being created
     * independently so as to remove a dependency to the UserManager class.
     *
     * @param inDatabase Only needed to link to the RoleManager later on.
     */
    public GranteeManager(Database inDatabase) throws HsqlException {
        addRole(GranteeManager.DBA_ADMIN_ROLE_NAME);
        getRole(GranteeManager.DBA_ADMIN_ROLE_NAME).setAdminDirect();
    }

    static final IntValueHashMap rightsStringLookup = new IntValueHashMap(7);

    static {
        rightsStringLookup.put(S_R_ALL, ALL);
        rightsStringLookup.put(S_R_SELECT, SELECT);
        rightsStringLookup.put(S_R_UPDATE, UPDATE);
        rightsStringLookup.put(S_R_DELETE, DELETE);
        rightsStringLookup.put(S_R_INSERT, INSERT);
    }

    /**
     * Grants the rights represented by the rights argument on
     * the database object identified by the dbobject argument
     * to the Grantee object identified by name argument.<p>
     *
     *  Note: For the dbobject argument, Java Class objects are identified
     *  using a String object whose value is the fully qualified name
     *  of the Class, while Table and other objects are
     *  identified by an HsqlName object.  A Table
     *  object identifier must be precisely the one obtained by calling
     *  table.getName(); if a different HsqlName
     *  object with an identical name attribute is specified, then
     *  rights checks and tests will fail, since the HsqlName
     *  class implements its {@link HsqlName#hashCode hashCode} and
     *  {@link HsqlName#equals equals} methods based on pure object
     *  identity, rather than on attribute values. <p>
     */
    void grant(String name, Object dbobject,
               int rights) throws HsqlException {

        Grantee g = get(name);

        if (g == null) {
            throw Trace.error(Trace.NO_SUCH_GRANTEE, name);
        }

        if (isImmutable(name)) {
            throw Trace.error(Trace.NONMOD_GRANTEE, name);
        }

        g.grant(dbobject, rights);
        g.updateAllRights();

        if (g.isRole) {
            updateAllRights(g);
        }
    }

    /**
     * Grant a role to this Grantee.
     */
    void grant(String name, String role) throws HsqlException {

        Grantee grantee = get(name);

        if (grantee == null) {
            throw Trace.error(Trace.NO_SUCH_GRANTEE, name);
        }

        if (isImmutable(name)) {
            throw Trace.error(Trace.NONMOD_GRANTEE, name);
        }

        Grantee r = get(role);

        if (r == null) {
            throw Trace.error(Trace.NO_SUCH_ROLE, role);
        }

        if (role.equals(name)) {
            throw Trace.error(Trace.CIRCULAR_GRANT, name);
        }

        // boucherb@users 20050515
        // SQL 2003 Foundation, 4.34.3
        // No cycles of role grants are allowed.
        if (r.hasRole(name)) {

            // boucherb@users
            // TODO: Correct reporting of actual grant path
            throw Trace.error(Trace.CIRCULAR_GRANT,
                              Trace.getMessage(Trace.ALREADY_HAVE_ROLE)
                              + " GRANT " + name + " TO " + role);
        }

        if (grantee.getDirectRoles().contains(role)) {
            throw Trace.error(Trace.ALREADY_HAVE_ROLE, role);
        }

        grantee.grant(role);
        grantee.updateAllRights();

        if (grantee.isRole) {
            updateAllRights(grantee);
        }
    }

    /**
     * Revoke a role from a Grantee
     */
    void revoke(String name, String role) throws HsqlException {

        Grantee g = get(name);

        if (g == null) {
            throw Trace.error(Trace.NO_SUCH_GRANTEE, name);
        }

        g.revoke(role);
        g.updateAllRights();

        if (g.isRole) {
            updateAllRights(g);
        }
    }

    /**
     * Revokes the rights represented by the rights argument on
     * the database object identified by the dbobject argument
     * from the User object identified by the name
     * argument.<p>
     * @see #grant
     */
    void revoke(String name, Object dbobject,
                int rights) throws HsqlException {

        Grantee g = get(name);

        g.revoke(dbobject, rights);
        g.updateAllRights();

        if (g.isRole) {
            updateAllRights(g);
        }
    }

    /**
     * Removes a role without any privileges from all grantees
     */
    void removeEmptyRole(Grantee role) {

        String name = role.getName();

        for (int i = 0; i < map.size(); i++) {
            Grantee grantee = (Grantee) map.get(i);

            grantee.roles.remove(name);
        }
    }

    /**
     * Removes all rights mappings for the database object identified by
     * the dbobject argument from all Grantee objects in the set.
     */
    void removeDbObject(Object dbobject) {

        for (int i = 0; i < map.size(); i++) {
            Grantee g = (Grantee) map.get(i);

            g.revokeDbObject(dbobject);
        }
    }

    /**
     * First updates all ROLE Grantee objects. Then updates all USER Grantee
     * Objects.
     */
    void updateAllRights(Grantee role) {

        String name = role.getName();

        for (int i = 0; i < map.size(); i++) {
            Grantee grantee = (Grantee) map.get(i);

            if (grantee.isRole) {
                grantee.updateNestedRoles(name);
            }
        }

        for (int i = 0; i < map.size(); i++) {
            Grantee grantee = (Grantee) map.get(i);

            if (!grantee.isRole) {
                grantee.updateAllRights();
            }
        }
    }

    /**
     */
    public boolean removeGrantee(String name) {

        /*
         * Explicitly can't remove PUBLIC_USER_NAME and system grantees.
         */
        if (isReserved(name)) {