org.apache.phoenix.parse.ChangePermsStatement Maven / Gradle / Ivy
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to you under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.phoenix.parse;
import org.antlr.runtime.RecognitionException;
import org.apache.hadoop.hbase.AuthUtil;
import org.apache.hadoop.hbase.security.access.Permission;
import org.apache.phoenix.exception.PhoenixParserException;
import org.apache.phoenix.jdbc.PhoenixStatement;
import org.apache.phoenix.util.SchemaUtil;
import java.util.Arrays;
/**
* See PHOENIX-672, Use GRANT/REVOKE statements to assign or remove permissions for a user OR group on a table OR namespace
* Permissions are managed by HBase using hbase:acl table, Allowed permissions are RWXCA
*/
public class ChangePermsStatement implements BindableStatement {
private Permission.Action[] permsList;
private TableName tableName;
private String schemaName;
private String name;
// Grant/Revoke statements are differentiated based on this boolean
private boolean isGrantStatement;
public ChangePermsStatement(String permsString, boolean isSchemaName,
TableName tableName, String schemaName, boolean isGroupName, LiteralParseNode ugNode, boolean isGrantStatement) {
// PHOENIX-672 HBase API doesn't allow to revoke specific permissions, hence this parameter will be ignored here.
// To comply with SQL standards, we may support the user given permissions to revoke specific permissions in future.
// GRANT permissions statement requires this parameter and the parsing will fail if it is not specified in SQL
if(permsString != null) {
Permission permission = new Permission(permsString.getBytes());
permsList = permission.getActions();
}
if(isSchemaName) {
this.schemaName = SchemaUtil.normalizeIdentifier(schemaName);
} else {
this.tableName = tableName;
}
name = SchemaUtil.normalizeLiteral(ugNode);
name = isGroupName ? AuthUtil.toGroupEntry(name) : name;
this.isGrantStatement = isGrantStatement;
}
public Permission.Action[] getPermsList() {
return permsList;
}
public String getName() {
return name;
}
public TableName getTableName() {
return tableName;
}
public String getSchemaName() {
return schemaName;
}
public boolean isGrantStatement() {
return isGrantStatement;
}
public String toString() {
StringBuffer buffer = new StringBuffer();
buffer = this.isGrantStatement() ? buffer.append("GRANT ") : buffer.append("REVOKE ");
buffer.append("permissions requested for user/group: " + this.getName());
if (this.getSchemaName() != null) {
buffer.append(" for Schema: " + this.getSchemaName());
} else if (this.getTableName() != null) {
buffer.append(" for Table: " + this.getTableName());
}
buffer.append(" Permissions: " + Arrays.toString(this.getPermsList()));
return buffer.toString();
}
@Override
public int getBindCount() {
return 0;
}
@Override
public PhoenixStatement.Operation getOperation() {
return PhoenixStatement.Operation.ADMIN;
}
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy