1 | /* |
2 | * Copyright 2004-2014 H2 Group. Multiple-Licensed under the MPL 2.0, |
3 | * and the EPL 1.0 (http://h2database.com/html/license.html). |
4 | * Initial Developer: H2 Group |
5 | */ |
6 | package org.h2.engine; |
7 | |
8 | import java.util.HashMap; |
9 | |
10 | import org.h2.table.Table; |
11 | import org.h2.util.New; |
12 | |
13 | /** |
14 | * A right owner (sometimes called principal). |
15 | */ |
16 | public abstract class RightOwner extends DbObjectBase { |
17 | |
18 | /** |
19 | * The map of granted roles. |
20 | */ |
21 | private HashMap<Role, Right> grantedRoles; |
22 | |
23 | /** |
24 | * The map of granted rights. |
25 | */ |
26 | private HashMap<Table, Right> grantedRights; |
27 | |
28 | protected RightOwner(Database database, int id, String name, |
29 | String traceModule) { |
30 | initDbObjectBase(database, id, name, traceModule); |
31 | } |
32 | |
33 | /** |
34 | * Check if a role has been granted for this right owner. |
35 | * |
36 | * @param grantedRole the role |
37 | * @return true if the role has been granted |
38 | */ |
39 | public boolean isRoleGranted(Role grantedRole) { |
40 | if (grantedRole == this) { |
41 | return true; |
42 | } |
43 | if (grantedRoles != null) { |
44 | for (Role role : grantedRoles.keySet()) { |
45 | if (role == grantedRole) { |
46 | return true; |
47 | } |
48 | if (role.isRoleGranted(grantedRole)) { |
49 | return true; |
50 | } |
51 | } |
52 | } |
53 | return false; |
54 | } |
55 | |
56 | /** |
57 | * Check if a right is already granted to this object or to objects that |
58 | * were granted to this object. |
59 | * |
60 | * @param table the table to check |
61 | * @param rightMask the right mask to check |
62 | * @return true if the right was already granted |
63 | */ |
64 | boolean isRightGrantedRecursive(Table table, int rightMask) { |
65 | Right right; |
66 | if (grantedRights != null) { |
67 | right = grantedRights.get(table); |
68 | if (right != null) { |
69 | if ((right.getRightMask() & rightMask) == rightMask) { |
70 | return true; |
71 | } |
72 | } |
73 | } |
74 | if (grantedRoles != null) { |
75 | for (RightOwner role : grantedRoles.keySet()) { |
76 | if (role.isRightGrantedRecursive(table, rightMask)) { |
77 | return true; |
78 | } |
79 | } |
80 | } |
81 | return false; |
82 | } |
83 | |
84 | /** |
85 | * Grant a right for the given table. Only one right object per table is |
86 | * supported. |
87 | * |
88 | * @param table the table |
89 | * @param right the right |
90 | */ |
91 | public void grantRight(Table table, Right right) { |
92 | if (grantedRights == null) { |
93 | grantedRights = New.hashMap(); |
94 | } |
95 | grantedRights.put(table, right); |
96 | } |
97 | |
98 | /** |
99 | * Revoke the right for the given table. |
100 | * |
101 | * @param table the table |
102 | */ |
103 | void revokeRight(Table table) { |
104 | if (grantedRights == null) { |
105 | return; |
106 | } |
107 | grantedRights.remove(table); |
108 | if (grantedRights.size() == 0) { |
109 | grantedRights = null; |
110 | } |
111 | } |
112 | |
113 | /** |
114 | * Grant a role to this object. |
115 | * |
116 | * @param role the role |
117 | * @param right the right to grant |
118 | */ |
119 | public void grantRole(Role role, Right right) { |
120 | if (grantedRoles == null) { |
121 | grantedRoles = New.hashMap(); |
122 | } |
123 | grantedRoles.put(role, right); |
124 | } |
125 | |
126 | /** |
127 | * Remove the right for the given role. |
128 | * |
129 | * @param role the role to revoke |
130 | */ |
131 | void revokeRole(Role role) { |
132 | if (grantedRoles == null) { |
133 | return; |
134 | } |
135 | Right right = grantedRoles.get(role); |
136 | if (right == null) { |
137 | return; |
138 | } |
139 | grantedRoles.remove(role); |
140 | if (grantedRoles.size() == 0) { |
141 | grantedRoles = null; |
142 | } |
143 | } |
144 | |
145 | /** |
146 | * Get the 'grant table' right of this object. |
147 | * |
148 | * @param table the granted table |
149 | * @return the right or null if the right has not been granted |
150 | */ |
151 | public Right getRightForTable(Table table) { |
152 | if (grantedRights == null) { |
153 | return null; |
154 | } |
155 | return grantedRights.get(table); |
156 | } |
157 | |
158 | /** |
159 | * Get the 'grant role' right of this object. |
160 | * |
161 | * @param role the granted role |
162 | * @return the right or null if the right has not been granted |
163 | */ |
164 | public Right getRightForRole(Role role) { |
165 | if (grantedRoles == null) { |
166 | return null; |
167 | } |
168 | return grantedRoles.get(role); |
169 | } |
170 | |
171 | } |