I had disabled sqlStandard permission mode to resolve two online backup
test failures. This patch should reenable this mode, allowing for grant
and revoke DDLs. I will submit this patch today.
Satheesh
Index: java/engine/org/apache/derby/impl/sql/compile/CompilerContextImpl.java
===================================================================
--- java/engine/org/apache/derby/impl/sql/compile/CompilerContextImpl.java
(revision 366308)
+++ java/engine/org/apache/derby/impl/sql/compile/CompilerContextImpl.java
(working copy)
@@ -693,18 +693,14 @@
requiredColumnPrivileges = null;
requiredTablePrivileges = null;
requiredRoutinePrivileges = null;
- try
+ LanguageConnectionContext lcc = (LanguageConnectionContext)
+
getContextManager().getContext(LanguageConnectionContext.CONTEXT_ID);
+ if( lcc.usesSqlStandardPermissions())
{
- LanguageConnectionContext lcc =
(LanguageConnectionContext)
-
getContextManager().getContext(LanguageConnectionContext.CONTEXT_ID);
- if( lcc.getAuthorizer().usesSqlStandardPermissions())
- {
- requiredColumnPrivileges = new HashMap();
- requiredTablePrivileges = new HashMap();
- requiredRoutinePrivileges = new HashMap();
- }
+ requiredColumnPrivileges = new HashMap();
+ requiredTablePrivileges = new HashMap();
+ requiredRoutinePrivileges = new HashMap();
}
- catch( StandardException se){}
} // end of initRequiredPriv
/**
Index: java/engine/org/apache/derby/impl/sql/compile/sqlgrammar.jj
===================================================================
--- java/engine/org/apache/derby/impl/sql/compile/sqlgrammar.jj (revision
366308)
+++ java/engine/org/apache/derby/impl/sql/compile/sqlgrammar.jj (working copy)
@@ -326,7 +326,7 @@
*/
private void checkSqlStandardAccess( String command) throws
StandardException
{
- if(
getLanguageConnectionContext().getAuthorizer().usesSqlStandardPermissions())
+ if( getLanguageConnectionContext().usesSqlStandardPermissions())
return;
throw
StandardException.newException(SQLState.LANG_GRANT_REVOKE_WITH_LEGACY_ACCESS,
@@ -11736,8 +11736,7 @@
{
<EXTERNAL> <SECURITY>
{
- // GrantRevoke TODO: This needs to check for 10.2 version
- checkVersion( DataDictionary.DD_VERSION_DERBY_10_1, "EXTERNAL
SECURITY");
+ checkVersion( DataDictionary.DD_VERSION_DERBY_10_2, "EXTERNAL
SECURITY");
checkSqlStandardAccess( "EXTERNAL SECURITY");
}
( invocationType = securityDefinerInvoker())
@@ -11771,8 +11770,7 @@
{
<GRANT>
{
- // GrantRevoke TODO: This needs to check for 10.2 version
- checkVersion( DataDictionary.DD_VERSION_DERBY_10_1, "GRANT");
+ checkVersion( DataDictionary.DD_VERSION_DERBY_10_2, "GRANT");
checkSqlStandardAccess( "GRANT");
}
( node = tableGrantStatement() | node = routineGrantStatement() )
Index:
java/engine/org/apache/derby/impl/sql/conn/GenericLanguageConnectionContext.java
===================================================================
---
java/engine/org/apache/derby/impl/sql/conn/GenericLanguageConnectionContext.java
(revision 366308)
+++
java/engine/org/apache/derby/impl/sql/conn/GenericLanguageConnectionContext.java
(working copy)
@@ -188,6 +188,7 @@
protected String userName = null; //The name the user connects with.
//May still be quoted.
+ protected boolean usesSqlPermissions = false;
protected SchemaDescriptor sd;
// RESOLVE - How do we want to set the default.
@@ -302,6 +303,13 @@
"derby.language.logQueryPlan");
logQueryPlan =
Boolean.valueOf(logQueryPlanProperty).booleanValue();
+ // GrantRevoke TODO: May need to make database property value
override system value
+ String modeS =
PropertyUtil.getServiceProperty(getTransactionCompile(),
+
Property.DEFAULT_CONNECTION_MODE_PROPERTY);
+ if (modeS != null &&
+ StringUtil.SQLEqualsIgnoreCase(modeS,
Property.SQL_STANDARD_ACCESS))
+ usesSqlPermissions = true;
+
setRunTimeStatisticsMode(logQueryPlan);
lockEscalationThreshold =
@@ -398,6 +406,14 @@
}
/**
+ * @see LanguageConnectionContext#usesSqlStandardPermissions
+ */
+ public boolean usesSqlStandardPermissions()
+ {
+ return usesSqlPermissions;
+ }
+
+ /**
* get the lock escalation threshold.
*/
public int getLockEscalationThreshold()
Index: java/engine/org/apache/derby/impl/sql/conn/GenericAuthorizer.java
===================================================================
--- java/engine/org/apache/derby/impl/sql/conn/GenericAuthorizer.java
(revision 366308)
+++ java/engine/org/apache/derby/impl/sql/conn/GenericAuthorizer.java
(working copy)
@@ -284,21 +284,4 @@
if (userAccessLevel == NO_ACCESS)
throw
StandardException.newException(SQLState.AUTH_DATABASE_CONNECTION_REFUSED);
}
-
- public boolean usesSqlStandardPermissions() throws StandardException
- {
- // GrantRevoke TODO: Disabling this mode because of two failing
tests.
- if (true)
- return false;
-
- // RESOLVE use getDefaultAccessLevel() when SQL standard
permissions are fully implemented
- // GrantRevoke TODO: May need to make database property value
override system value
- PersistentSet tc = lcc.getTransactionExecute();
- String modeS = (String)
- PropertyUtil.getServiceProperty(tc,
-
Property.DEFAULT_CONNECTION_MODE_PROPERTY);
- if( modeS == null)
- return false;
- return StringUtil.SQLEqualsIgnoreCase(modeS,
Property.SQL_STANDARD_ACCESS);
- } // end of usesSqlStandardPermissions
}
Index: java/engine/org/apache/derby/iapi/sql/conn/LanguageConnectionContext.java
===================================================================
--- java/engine/org/apache/derby/iapi/sql/conn/LanguageConnectionContext.java
(revision 366308)
+++ java/engine/org/apache/derby/iapi/sql/conn/LanguageConnectionContext.java
(working copy)
@@ -1111,4 +1111,10 @@
*/
public String getDbname();
+ /**
+ * Check if in SQL standard mode, with support for Grant & Revoke
+ *
+ * @return True if SQL standard permissions are being used
+ */
+ public boolean usesSqlStandardPermissions();
}
Index: java/engine/org/apache/derby/iapi/sql/conn/Authorizer.java
===================================================================
--- java/engine/org/apache/derby/iapi/sql/conn/Authorizer.java (revision
366308)
+++ java/engine/org/apache/derby/iapi/sql/conn/Authorizer.java (working copy)
@@ -125,12 +125,4 @@
@exception StandardException Oops.
*/
public void refresh() throws StandardException;
-
- /**
- * @return true if the authorizer uses the SQL standard permissions
(grant/revoke),
- * false if the legacy Derby permissions system is used.
- *
- * @exception StandardException standard error policy.
- */
- public boolean usesSqlStandardPermissions() throws StandardException;
}
Index: java/testing/org/apache/derbyTesting/functionTests/tests/lang/connect.sql
===================================================================
--- java/testing/org/apache/derbyTesting/functionTests/tests/lang/connect.sql
(revision 366308)
+++ java/testing/org/apache/derbyTesting/functionTests/tests/lang/connect.sql
(working copy)
@@ -26,3 +26,13 @@
-- and this should succeed (no database name in URL)
connect 'jdbc:derby:;databaseName=wombat';
disconnect;
+
+-- Doing some simple grant/revoke negative tests in legacy database.
+-- All should fail with errors.
+
+connect 'jdbc:derby:wombat';
+create table mytab(i int);
+
+grant select on mytab to satheesh;
+revoke select on mytab to satheesh;
+disconnect;
Index: java/testing/org/apache/derbyTesting/functionTests/master/connect.out
===================================================================
--- java/testing/org/apache/derbyTesting/functionTests/master/connect.out
(revision 366308)
+++ java/testing/org/apache/derbyTesting/functionTests/master/connect.out
(working copy)
@@ -29,4 +29,14 @@
ij> -- and this should succeed (no database name in URL)
connect 'jdbc:derby:;databaseName=wombat';
ij> disconnect;
+ij> -- Doing some simple grant/revoke negative tests in legacy database.
+-- All should fail with errors.
+connect 'jdbc:derby:wombat';
+ij> create table mytab(i int);
+0 rows inserted/updated/deleted
+ij> grant select on mytab to satheesh;
+ERROR 42Z60: GRANT not allowed unless database property
derby.database.defaultConnectionMode has value 'sqlStandard'.
+ij> revoke select on mytab to satheesh;
+ERROR 42Z60: REVOKE not allowed unless database property
derby.database.defaultConnectionMode has value 'sqlStandard'.
+ij> disconnect;
ij>
