public void CheckRoleList(string granteeName, OrderedHashSet <string> roleList, Grantee grantor, bool grant)
{
Grantee grantee = this.Get(granteeName);
for (int i = 0; i < roleList.Size(); i++)
{
string name = roleList.Get(i);
Grantee role = this.GetRole(name);
if (role == null)
{
throw Error.GetError(0x898, name);
}
if (name.Equals("SYS") || name.Equals("PUBLIC"))
{
throw Error.GetError(0xfa2, name);
}
if (grant)
{
if (grantee.GetDirectRoles().Contains(role))
{
throw Error.GetError(0x898, granteeName);
}
}
else if (!grantee.GetDirectRoles().Contains(role))
{
throw Error.GetError(0x898, name);
}
if (!grantor.IsAdmin())
{
throw Error.GetError(0x7d0, grantor.GetNameString());
}
}
}
public Right GetAllGrantableRights(QNameManager.QName name)
{
if (this._isAdmin)
{
return(name.schema.Owner.OwnerRights);
}
if (name.schema.Owner == this)
{
return(this.OwnerRights);
}
if (this.Roles.Contains(name.schema.Owner))
{
return(name.schema.Owner.OwnerRights);
}
OrderedHashSet <Grantee> allRoles = this.GetAllRoles();
for (int i = 0; i < allRoles.Size(); i++)
{
Grantee grantee = allRoles.Get(i);
if (name.schema.Owner == grantee)
{
return(grantee.OwnerRights);
}
}
Right right2 = this._fullRightsMap.Get(name);
if ((right2 != null) && (right2.GrantableRights != null))
{
return(right2.GrantableRights);
}
return(Right.NoRights);
}
private void RemoveEmptyRole(Grantee role)
{
for (int i = 0; i < this._map.Size(); i++)
{
this._map.Get(i).Roles.Remove(role);
}
}
public void Revoke(Grantee role)
{
if (!this.HasRoleDirect(role))
{
throw Error.GetError(0x8cd, role.GetNameString());
}
this.Roles.Remove(role);
}
public bool HasSchemaUpdateOrGrantRights(string schemaName)
{
if (this.IsAdmin())
{
return(true);
}
Grantee role = this.granteeManager.database.schemaManager.ToSchemaOwner(schemaName);
return((role == this) || this.HasRole(role));
}
public Grantee GetRole(string name)
{
Grantee local1 = this._roleMap.Get(name);
if (local1 == null)
{
throw Error.GetError(0x898, name);
}
return(local1);
}
private void AddGranteeAndRoles(OrderedHashSet <Grantee> set)
{
set.Add(this);
for (int i = 0; i < this.Roles.Size(); i++)
{
Grantee key = this.Roles.Get(i);
if (!set.Contains(key))
{
key.AddGranteeAndRoles(set);
}
}
}
public void Grant(QNameManager.QName name, Right right, Grantee grantor, bool withGrant)
{
Right allGrantableRights = grantor.GetAllGrantableRights(name);
Right right3 = null;
if (right == Right.FullRights)
{
if (allGrantableRights.IsEmpty())
{
return;
}
right = allGrantableRights;
}
else if (!allGrantableRights.Contains(right))
{
throw Error.GetError(0x7d0);
}
Iterator <Right> iterator = this._directRightsMap.Get(name);
while (iterator.HasNext())
{
Right right4 = iterator.Next();
if (right4.Grantor == grantor)
{
right3 = right4;
right3.Add(right);
break;
}
}
if (right3 == null)
{
right3 = right.Duplicate();
right3.Grantor = grantor;
right3.grantee = this;
this._directRightsMap.Put(name, right3);
}
if (withGrant)
{
if (right3.GrantableRights == null)
{
right3.GrantableRights = right.Duplicate();
}
else
{
right3.GrantableRights.Add(right);
}
}
if (!grantor._isSystem)
{
grantor._grantedRightsMap.Put(name, right3);
}
this.UpdateAllRights();
}
public void Revoke(OrderedHashSet <string> granteeList, ISchemaObject dbObject, Right rights, Grantee grantor, bool grantOption, bool cascade)
{
RoutineSchema schema = dbObject as RoutineSchema;
if (schema != null)
{
ISchemaObject[] specificRoutines = schema.GetSpecificRoutines();
this.Revoke(granteeList, specificRoutines, rights, grantor, grantOption, cascade);
}
else
{
QNameManager.QName specificName = dbObject.GetName();
Routine routine = dbObject as Routine;
if (routine != null)
{
specificName = routine.GetSpecificName();
}
if (!grantor.IsFullyAccessibleByRole(specificName))
{
throw Error.GetError(0x157d, dbObject.GetName().Name);
}
if (grantor.IsAdmin())
{
grantor = dbObject.GetOwner();
}
for (int i = 0; i < granteeList.Size(); i++)
{
string str = granteeList.Get(i);
if (this.Get(str) == null)
{
throw Error.GetError(0xfa1, str);
}
if (IsImmutable(str))
{
throw Error.GetError(0xfa2, str);
}
}
for (int j = 0; j < granteeList.Size(); j++)
{
string str2 = granteeList.Get(j);
Grantee role = this.Get(str2);
role.Revoke(dbObject, rights, grantor, grantOption);
role.UpdateAllRights();
if (role.IsRole)
{
this.UpdateAllRights(role);
}
}
}
}
public bool IsFullyAccessibleByRole(QNameManager.QName name)
{
if (this._isAdmin)
{
return(true);
}
if (name.schema == null)
{
return(false);
}
Grantee owner = name.schema.Owner;
return((owner == this) || this.HasRole(owner));
}
public GranteeManager(Database database)
{
this.database = database;
this.AddRole(this.database.NameManager.NewQName("PUBLIC", false, 11));
this.PublicRole = this.GetRole("PUBLIC");
this.PublicRole.IsPublic = true;
this.AddRole(this.database.NameManager.NewQName("DBA", false, 11));
this.DbaRole = this.GetRole("DBA");
this.DbaRole.SetAdminDirect();
this.AddRole(this.database.NameManager.NewQName("CREATE_SCHEMA", false, 11));
this.SchemaRole = this.GetRole("CREATE_SCHEMA");
this.AddRole(this.database.NameManager.NewQName("CHANGE_AUTHORIZATION", false, 11));
this.ChangeAuthRole = this.GetRole("CHANGE_AUTHORIZATION");
}
public Grantee AddRole(QNameManager.QName name)
{
if (this._map.ContainsKey(name.Name))
{
throw Error.GetError(0xfa3, name.Name);
}
Grantee grantee = new Grantee(name, this)
{
IsRole = true
};
this._map.Put(name.Name, grantee);
this._roleMap.Add(name.Name, grantee);
return(grantee);
}
public string[] GetRightstSQL()
{
List <string> list = new List <string>();
Iterator <Grantee> iterator = this.GetGrantees().GetIterator();
while (iterator.HasNext())
{
Grantee grantee = iterator.Next();
if (!IsImmutable(grantee.GetNameString()))
{
List <string> rightsSQL = grantee.GetRightsSQL();
list.AddRange(rightsSQL);
}
}
return(list.ToArray());
}
public void UpdateAllRights()
{
this._fullRightsMap.Clear();
this._isAdmin = this._isAdminDirect;
for (int i = 0; i < this.Roles.Size(); i++)
{
Grantee grantee = this.Roles.Get(i);
this.AddToFullRights(grantee._fullRightsMap);
this._isAdmin |= grantee.IsAdmin();
}
this.AddToFullRights(this._directRightsMap);
if ((!this._isRole && !this._isPublic) && !this._isSystem)
{
this.AddToFullRights(this.granteeManager.PublicRole._fullRightsMap);
}
}
public void Revoke(ISchemaObject obj, Right right, Grantee grantor, bool grantOption)
{
QNameManager.QName key = obj.GetName();
Routine routine = obj as Routine;
if (routine != null)
{
key = routine.GetSpecificName();
}
Iterator <Right> iterator = this._directRightsMap.Get(key);
Right right2 = null;
while (iterator.HasNext())
{
right2 = iterator.Next();
if (right2.Grantor == grantor)
{
break;
}
}
if (right2 != null)
{
if (right2.GrantableRights != null)
{
right2.GrantableRights.Remove(obj, right);
}
if (!grantOption)
{
if (right.IsFull)
{
this._directRightsMap.Remove(key, right2);
grantor._grantedRightsMap.Remove(key, right2);
this.UpdateAllRights();
}
else
{
right2.Remove(obj, right);
if (right2.IsEmpty())
{
this._directRightsMap.Remove(key, right2);
grantor._grantedRightsMap.Remove(key, right2);
}
this.UpdateAllRights();
}
}
}
}
private void UpdateAllRights(Grantee role)
{
for (int i = 0; i < this._map.Size(); i++)
{
Grantee grantee = this._map.Get(i);
if (grantee.IsRole)
{
grantee.UpdateNestedRoles(role);
}
}
for (int j = 0; j < this._map.Size(); j++)
{
Grantee grantee2 = this._map.Get(j);
if (!grantee2.IsRole)
{
grantee2.UpdateAllRights();
}
}
}
public bool RemoveGrantee(string name)
{
if (IsReserved(name))
{
return(false);
}
Grantee role = this._map.Remove(name);
if (role == null)
{
return(false);
}
role.ClearPrivileges();
this.UpdateAllRights(role);
if (role.IsRole)
{
this._roleMap.Remove(name);
this.RemoveEmptyRole(role);
}
return(true);
}
public void Revoke(string granteeName, string roleName, Grantee grantor)
{
if (!grantor.IsAdmin())
{
throw Error.GetError(0x1583);
}
Grantee role = this.Get(granteeName);
if (role == null)
{
throw Error.GetError(0xfa0, granteeName);
}
Grantee grantee2 = this._roleMap.Get(roleName);
role.Revoke(grantee2);
role.UpdateAllRights();
if (role.IsRole)
{
this.UpdateAllRights(role);
}
}
public bool UpdateNestedRoles(Grantee role)
{
bool flag = false;
if (role != this)
{
for (int i = 0; i < this.Roles.Size(); i++)
{
Grantee grantee = this.Roles.Get(i);
flag |= grantee.UpdateNestedRoles(role);
}
}
if (flag)
{
this.UpdateAllRights();
}
if (!flag)
{
return(role == this);
}
return(true);
}
public void Grant(string granteeName, string roleName, Grantee grantor)
{
Grantee role = this.Get(granteeName);
if (role == null)
{
throw Error.GetError(0xfa1, granteeName);
}
if (IsImmutable(granteeName))
{
throw Error.GetError(0xfa2, granteeName);
}
Grantee grantee2 = this.GetRole(roleName);
if (grantee2 == null)
{
throw Error.GetError(0x898, roleName);
}
if (grantee2 == role)
{
throw Error.GetError(0x8cb, granteeName);
}
if (grantee2.HasRole(role))
{
throw Error.GetError(0x8cb, roleName);
}
if (!grantor.IsGrantable(grantee2))
{
throw Error.GetError(0x7d0, grantor.GetNameString());
}
role.Grant(grantee2);
role.UpdateAllRights();
if (role.IsRole)
{
this.UpdateAllRights(role);
}
}
public void Grant(OrderedHashSet <string> granteeList, ISchemaObject dbObject, Right right, Grantee grantor, bool withGrantOption)
{
RoutineSchema schema = dbObject as RoutineSchema;
if (schema != null)
{
ISchemaObject[] specificRoutines = schema.GetSpecificRoutines();
this.Grant(granteeList, specificRoutines, right, grantor, withGrantOption);
}
else
{
QNameManager.QName specificName = dbObject.GetName();
Routine routine = dbObject as Routine;
if (routine != null)
{
specificName = routine.GetSpecificName();
}
if (!grantor.IsGrantable(dbObject, right))
{
throw Error.GetError(0x7d0, grantor.GetNameString());
}
if (grantor.IsAdmin())
{
grantor = dbObject.GetOwner();
}
this.CheckGranteeList(granteeList);
for (int i = 0; i < granteeList.Size(); i++)
{
Grantee role = this.Get(granteeList.Get(i));
role.Grant(specificName, right, grantor, withGrantOption);
if (role.IsRole)
{
this.UpdateAllRights(role);
}
}
}
}
public string[] GetSQL()
{
List <string> list = new List <string>();
Iterator <Grantee> iterator = this.GetRoles().GetIterator();
while (iterator.HasNext())
{
Grantee grantee = iterator.Next();
if (!IsReserved(grantee.GetNameString()))
{
list.Add(grantee.GetSql());
}
}
iterator = this.GetGrantees().GetIterator();
while (iterator.HasNext())
{
Grantee grantee2 = iterator.Next();
if (grantee2 is User)
{
list.Add(grantee2.GetSql());
}
}
return(list.ToArray());
}
public bool IsGrantable(Grantee role)
{
return(this._isAdmin);
}
public bool HasRoleDirect(Grantee role)
{
return(this.Roles.Contains(role));
}
public bool HasRole(Grantee role)
{
return(this.GetAllRoles().Contains(role));
}
public void Grant(OrderedHashSet <string> granteeList, ISchemaObject[] routines, Right right, Grantee grantor, bool withGrantOption)
{
bool flag = false;
for (int i = 0; i < routines.Length; i++)
{
if (grantor.IsGrantable(routines[i], right))
{
this.Grant(granteeList, routines[i], right, grantor, withGrantOption);
flag = true;
}
}
if (!flag)
{
throw Error.GetError(0x7d0, grantor.GetNameString());
}
}
public void Grant(Grantee role)
{
this.Roles.Add(role);
}
public void Revoke(OrderedHashSet <string> granteeList, ISchemaObject[] routines, Right rights, Grantee grantor, bool grantOption, bool cascade)
{
for (int i = 0; i < routines.Length; i++)
{
this.Revoke(granteeList, routines[i], rights, grantor, grantOption, cascade);
}
}