📄 granteemanager.java
字号:
return false; } Grantee g = (Grantee) map.remove(name); if (g == null) { return false; } g.clearPrivileges(); updateAllRights(g); if (g.isRole) { roleMap.remove(name); removeEmptyRole(g); } return true; } /** * We don't have to worry about anything manually creating a reserved * account, because the reserved accounts are created upon DB * initialization. If somebody tries to create one of these accounts * after that, it will fail because the account will already exist. * (We do prevent them from being removed, elsewhere!) */ public Grantee addGrantee(String name) throws HsqlException { if (map.containsKey(name)) { throw Trace.error(Trace.GRANTEE_ALREADY_EXISTS, name); } Grantee pubGrantee = null; if (!isReserved(name)) { pubGrantee = get(PUBLIC_ROLE_NAME); if (pubGrantee == null) { Trace.doAssert( false, Trace.getMessage(Trace.MISSING_PUBLIC_GRANTEE)); } } Grantee g = new Grantee(name, pubGrantee, this); map.put(name, g); return g; } /** * Returns true if named Grantee object exists. * This will return true for reserved Grantees * SYSTEM_AUTHORIZATION_NAME, ADMIN_ROLE_NAME, PUBLIC_USER_NAME. */ boolean isGrantee(String name) { return (map.containsKey(name)); } static int getCheckRight(String right) throws HsqlException { int r = getRight(right); if (r != 0) { return r; } throw Trace.error(Trace.NO_SUCH_RIGHT, right); } /** * Translate a string representation or right(s) into its numeric form. */ static int getRight(String right) { return rightsStringLookup.get(right, 0); } /** * Returns a comma separated list of right names corresponding to the * right flags set in the right argument. <p> */ static String getRightsList(int rights) {// checkValidFlags(right); if (rights == 0) { return null; } if (rights == ALL) { return S_R_ALL; } return StringUtil.getList(getRightsArray(rights), ",", ""); } /** * Retrieves the list of right names represented by the right flags * set in the specified <code>Integer</code> object's <code>int</code> * value. <p> * * @param rights An Integer representing a set of right flags * @return an empty list if the specified <code>Integer</code> object is * null, else a list of rights, as <code>String</code> objects, * represented by the rights flag bits set in the specified * <code>Integer</code> object's int value. * */ static String[] getRightsArray(int rights) { if (rights == 0) { return emptyRightsList; } String[] list = (String[]) hRightsLists.get(rights); if (list != null) { return list; } list = getRightsArraySub(rights); hRightsLists.put(rights, list); return list; } private static String[] getRightsArraySub(int right) {// checkValidFlags(right); if (right == 0) { return emptyRightsList; } HsqlArrayList a = new HsqlArrayList(); Iterator it = rightsStringLookup.keySet().iterator(); for (; it.hasNext(); ) { String rightString = (String) it.next(); if (rightString.equals(S_R_ALL)) { continue; } int i = rightsStringLookup.get(rightString, 0); if ((right & i) != 0) { a.add(rightString); } } return (String[]) a.toArray(new String[a.size()]); } /** * Retrieves the set of distinct, fully qualified Java <code>Class</code> * names upon which any grants currently exist to elements in * this collection. <p> * @return the set of distinct, fully qualified Java Class names, as * <code>String</code> objects, upon which grants currently exist * to the elements of this collection * */ HashSet getGrantedClassNames() throws HsqlException { int size; Grantee grantee; HashSet out; Iterator e; size = map.size(); out = new HashSet(); for (int i = 0; i < size; i++) { grantee = (Grantee) map.get(i); if (grantee == null) { continue; } e = grantee.getGrantedClassNames(false).iterator(); while (e.hasNext()) { out.add(e.next()); } } return out; } public Grantee get(String name) { return (Grantee) map.get(name); } public Collection getGrantees() { return map.values(); } public static boolean validRightString(String rightString) { return getRight(rightString) != 0; } public static boolean isImmutable(String name) { return name.equals(SYSTEM_AUTHORIZATION_NAME) || name.equals(DBA_ADMIN_ROLE_NAME); } public static boolean isReserved(String name) { return name.equals(SYSTEM_AUTHORIZATION_NAME) || name.equals(DBA_ADMIN_ROLE_NAME) || name.equals(PUBLIC_ROLE_NAME); } /** * Creates a new Role object under management of this object. <p> * * A set of constraints regarding user creation is imposed: <p> * * <OL> * <LI>Can't create a role with name same as any right. * * <LI>If the specified name is null, then an * ASSERTION_FAILED exception is thrown stating that * the name is null. * * <LI>If this object's collection already contains an element whose * name attribute equals the name argument, then * a GRANTEE_ALREADY_EXISTS or ROLE_ALREADY_EXISTS Trace * is thrown. * (This will catch attempts to create Reserved grantee names). * </OL> */ String addRole(String name) throws HsqlException { /* * Role names can't be right names because that would cause * conflicts with "GRANT name TO...". This doesn't apply to * User names or Grantee names in general, since you can't * "GRANT username TO...". That's why this check is only here. */ if (name == null) { Trace.doAssert(false, Trace.getMessage(Trace.NULL_NAME)); } Grantee g = null; if (GranteeManager.validRightString(name)) { throw Trace.error(Trace.ILLEGAL_ROLE_NAME, name); } g = addGrantee(name); g.isRole = true; boolean result = roleMap.add(name, g); if (!result) { throw Trace.error(Trace.ROLE_ALREADY_EXISTS, name); } // I don't think can get this trace since every roleMap element // will have a Grantee element which was already verified // above. Easier to leave this check here than research it. return name; } /** * Attempts to drop a Role with the specified name * from this object's set. <p> * * A successful drop action consists of: <p> * * <UL> * * <LI>removing the Grantee object with the specified name * from the set. * * <LI>revoking all rights from the removed object<br> * (this ensures that in case there are still references to the * just dropped Grantee object, those references * cannot be used to erronously access database objects). * * </UL> <p> * */ void dropRole(String name) throws HsqlException { if (name.equals(GranteeManager.DBA_ADMIN_ROLE_NAME)) { throw Trace.error(Trace.ACCESS_IS_DENIED); } if (!isRole(name)) { throw Trace.error(Trace.NO_SUCH_ROLE, name); } removeGrantee(name); roleMap.remove(name); } public Set getRoleNames() { return roleMap.keySet(); } /** * Returns Grantee for the named Role */ Grantee getRole(String name) throws HsqlException { if (!isRole(name)) { Trace.doAssert(false, "No role '" + name + "'"); } Grantee g = (Grantee) roleMap.get(name); if (g == null) { throw Trace.error(Trace.MISSING_GRANTEE, name); } return g; } boolean isRole(String name) throws HsqlException { return roleMap.containsKey(name); }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -