1 | /* |
2 | * Copyright 2004-2014 H2 Group. Multiple-Licensed under the MPL 2.0, |
3 | * and the EPL 1.0 (http://h2database.com/html/license.html). |
4 | * Initial Developer: H2 Group |
5 | */ |
6 | package org.h2.engine; |
7 | |
8 | import org.h2.message.DbException; |
9 | import org.h2.message.Trace; |
10 | import org.h2.table.Table; |
11 | |
12 | /** |
13 | * An access right. Rights are regular database objects, but have generated |
14 | * names. |
15 | */ |
16 | public class Right extends DbObjectBase { |
17 | |
18 | /** |
19 | * The right bit mask that means: selecting from a table is allowed. |
20 | */ |
21 | public static final int SELECT = 1; |
22 | |
23 | /** |
24 | * The right bit mask that means: deleting rows from a table is allowed. |
25 | */ |
26 | public static final int DELETE = 2; |
27 | |
28 | /** |
29 | * The right bit mask that means: inserting rows into a table is allowed. |
30 | */ |
31 | public static final int INSERT = 4; |
32 | |
33 | /** |
34 | * The right bit mask that means: updating data is allowed. |
35 | */ |
36 | public static final int UPDATE = 8; |
37 | |
38 | /** |
39 | * The right bit mask that means: create/alter/drop schema is allowed. |
40 | */ |
41 | public static final int ALTER_ANY_SCHEMA = 16; |
42 | |
43 | /** |
44 | * The right bit mask that means: select, insert, update, delete, and update |
45 | * for this object is allowed. |
46 | */ |
47 | public static final int ALL = SELECT | DELETE | INSERT | UPDATE; |
48 | |
49 | private Role grantedRole; |
50 | private int grantedRight; |
51 | private Table grantedTable; |
52 | private RightOwner grantee; |
53 | |
54 | public Right(Database db, int id, RightOwner grantee, Role grantedRole) { |
55 | initDbObjectBase(db, id, "RIGHT_" + id, Trace.USER); |
56 | this.grantee = grantee; |
57 | this.grantedRole = grantedRole; |
58 | } |
59 | |
60 | public Right(Database db, int id, RightOwner grantee, int grantedRight, |
61 | Table grantedRightOnTable) { |
62 | initDbObjectBase(db, id, "" + id, Trace.USER); |
63 | this.grantee = grantee; |
64 | this.grantedRight = grantedRight; |
65 | this.grantedTable = grantedRightOnTable; |
66 | } |
67 | |
68 | private static boolean appendRight(StringBuilder buff, int right, int mask, |
69 | String name, boolean comma) { |
70 | if ((right & mask) != 0) { |
71 | if (comma) { |
72 | buff.append(", "); |
73 | } |
74 | buff.append(name); |
75 | return true; |
76 | } |
77 | return comma; |
78 | } |
79 | |
80 | public String getRights() { |
81 | StringBuilder buff = new StringBuilder(); |
82 | if (grantedRight == ALL) { |
83 | buff.append("ALL"); |
84 | } else { |
85 | boolean comma = false; |
86 | comma = appendRight(buff, grantedRight, SELECT, "SELECT", comma); |
87 | comma = appendRight(buff, grantedRight, DELETE, "DELETE", comma); |
88 | comma = appendRight(buff, grantedRight, INSERT, "INSERT", comma); |
89 | comma = appendRight(buff, grantedRight, ALTER_ANY_SCHEMA, |
90 | "ALTER ANY SCHEMA", comma); |
91 | appendRight(buff, grantedRight, UPDATE, "UPDATE", comma); |
92 | } |
93 | return buff.toString(); |
94 | } |
95 | |
96 | public Role getGrantedRole() { |
97 | return grantedRole; |
98 | } |
99 | |
100 | public Table getGrantedTable() { |
101 | return grantedTable; |
102 | } |
103 | |
104 | public DbObject getGrantee() { |
105 | return grantee; |
106 | } |
107 | |
108 | @Override |
109 | public String getDropSQL() { |
110 | return null; |
111 | } |
112 | |
113 | @Override |
114 | public String getCreateSQLForCopy(Table table, String quotedName) { |
115 | StringBuilder buff = new StringBuilder(); |
116 | buff.append("GRANT "); |
117 | if (grantedRole != null) { |
118 | buff.append(grantedRole.getSQL()); |
119 | } else { |
120 | buff.append(getRights()); |
121 | if (table != null) { |
122 | buff.append(" ON ").append(table.getSQL()); |
123 | } |
124 | } |
125 | buff.append(" TO ").append(grantee.getSQL()); |
126 | return buff.toString(); |
127 | } |
128 | |
129 | @Override |
130 | public String getCreateSQL() { |
131 | return getCreateSQLForCopy(grantedTable, null); |
132 | } |
133 | |
134 | @Override |
135 | public int getType() { |
136 | return DbObject.RIGHT; |
137 | } |
138 | |
139 | @Override |
140 | public void removeChildrenAndResources(Session session) { |
141 | if (grantedTable != null) { |
142 | grantee.revokeRight(grantedTable); |
143 | } else { |
144 | grantee.revokeRole(grantedRole); |
145 | } |
146 | database.removeMeta(session, getId()); |
147 | grantedRole = null; |
148 | grantedTable = null; |
149 | grantee = null; |
150 | invalidate(); |
151 | } |
152 | |
153 | @Override |
154 | public void checkRename() { |
155 | DbException.throwInternalError(); |
156 | } |
157 | |
158 | public void setRightMask(int rightMask) { |
159 | grantedRight = rightMask; |
160 | } |
161 | |
162 | public int getRightMask() { |
163 | return grantedRight; |
164 | } |
165 | |
166 | } |