private static Privilege parsePrivilege(Revoke statement, String privilegeString) { for (Privilege privilege : Privilege.values()) { if (privilege.name().equalsIgnoreCase(privilegeString)) { return privilege; } } throw new SemanticException(INVALID_PRIVILEGE, statement, "Unknown privilege: '%s'", privilegeString); } }
private static Privilege parsePrivilege(Grant statement, String privilegeString) { for (Privilege privilege : Privilege.values()) { if (privilege.name().equalsIgnoreCase(privilegeString)) { return privilege; } } throw new SemanticException(INVALID_PRIVILEGE, statement, "Unknown privilege: '%s'", privilegeString); } }
@Override public void checkCanRevokeTablePrivilege(TransactionId transactionId, Identity identity, Privilege privilege, QualifiedObjectName tableName, String revokee, boolean grantOptionFor) { denyRevokeTablePrivilege(privilege.name(), tableName.toString()); }
@Override public void checkCanRevokeTablePrivilege(ConnectorTransactionHandle transaction, Identity identity, Privilege privilege, SchemaTableName tableName, String revokee, boolean grantOptionFor) { denyRevokeTablePrivilege(privilege.name(), tableName.toString()); } }
@Override public void checkCanGrantTablePrivilege(TransactionId transactionId, Identity identity, Privilege privilege, QualifiedObjectName tableName, String grantee, boolean withGrantOption) { denyGrantTablePrivilege(privilege.name(), tableName.toString()); }
@Override public void checkCanGrantTablePrivilege(ConnectorTransactionHandle transaction, Identity identity, Privilege privilege, SchemaTableName tableName, String grantee, boolean withGrantOption) { denyGrantTablePrivilege(privilege.name(), tableName.toString()); }
@Override public void checkCanGrantTablePrivilege(ConnectorTransactionHandle transaction, Identity identity, Privilege privilege, SchemaTableName tableName, String grantee, boolean withGrantOption) { if (!checkTablePermission(identity, tableName, OWNERSHIP)) { denyGrantTablePrivilege(privilege.name(), tableName.toString()); } }
@Override public void checkCanRevokeTablePrivilege(ConnectorTransactionHandle transaction, Identity identity, Privilege privilege, SchemaTableName tableName, String revokee, boolean grantOptionFor) { if (!checkTablePermission(identity, tableName, OWNERSHIP)) { denyRevokeTablePrivilege(privilege.name(), tableName.toString()); } }
@Override public void checkCanGrantTablePrivilege(ConnectorTransactionHandle transaction, Identity identity, Privilege privilege, SchemaTableName tableName, String grantee, boolean withGrantOption) { if (checkTablePermission(transaction, identity, tableName, OWNERSHIP)) { return; } HivePrivilege hivePrivilege = toHivePrivilege(privilege); if (hivePrivilege == null || !getGrantOptionForPrivilege(transaction, identity, privilege, tableName)) { denyGrantTablePrivilege(privilege.name(), tableName.toString()); } }
@Override public void checkCanRevokeTablePrivilege(ConnectorTransactionHandle transaction, Identity identity, Privilege privilege, SchemaTableName tableName, String revokee, boolean grantOptionFor) { if (checkTablePermission(transaction, identity, tableName, OWNERSHIP)) { return; } HivePrivilege hivePrivilege = toHivePrivilege(privilege); if (hivePrivilege == null || !getGrantOptionForPrivilege(transaction, identity, privilege, tableName)) { denyRevokeTablePrivilege(privilege.name(), tableName.toString()); } }
private InternalTable buildTablePrivileges(Session session, Set<QualifiedTablePrefix> prefixes) { InternalTable.Builder table = InternalTable.builder(informationSchemaTableColumns(TABLE_TABLE_PRIVILEGES)); for (QualifiedTablePrefix prefix : prefixes) { List<GrantInfo> grants = ImmutableList.copyOf(listTablePrivileges(session, metadata, accessControl, prefix)); for (GrantInfo grant : grants) { for (PrivilegeInfo privilegeInfo : grant.getPrivilegeInfo()) { table.add( grant.getGrantor().orElse(null), grant.getIdentity().getUser(), prefix.getCatalogName(), grant.getSchemaTableName().getSchemaName(), grant.getSchemaTableName().getTableName(), privilegeInfo.getPrivilege().name(), privilegeInfo.isGrantOption(), grant.getWithHierarchy().orElse(null)); } } } return table.build(); }
private static Privilege parsePrivilege(Grant statement, String privilegeString) { for (Privilege privilege : Privilege.values()) { if (privilege.name().equalsIgnoreCase(privilegeString)) { return privilege; } } throw new SemanticException(INVALID_PRIVILEGE, statement, "Unknown privilege: '%s'", privilegeString); } }
@Override public void checkCanGrantTablePrivilege(Identity identity, Privilege privilege, SchemaTableName tableName) { denyGrantTablePrivilege(privilege.name(), tableName.toString()); } }
@Override public void checkCanGrantTablePrivilege(Identity identity, Privilege privilege, QualifiedObjectName tableName) { denyGrantTablePrivilege(privilege.name(), tableName.toString()); }
@Override public void grantTablePrivileges(ConnectorSession session, SchemaTableName schemaTableName, Set<Privilege> privileges, String grantee, boolean grantOption) { String schemaName = schemaTableName.getSchemaName(); String tableName = schemaTableName.getTableName(); Set<PrivilegeGrantInfo> privilegeGrantInfoSet = privileges.stream() .map(privilege -> new PrivilegeGrantInfo(privilege.name().toLowerCase(), 0, session.getUser(), PrincipalType.USER, grantOption)) .collect(toSet()); metastore.grantTablePrivileges(schemaName, tableName, grantee, privilegeGrantInfoSet); }
@Override public void checkCanGrantTablePrivilege(Identity identity, Privilege privilege, SchemaTableName tableName) { if (checkTablePermission(identity, tableName, OWNERSHIP)) { return; } HivePrivilege hivePrivilege = toHivePrivilege(privilege); if (hivePrivilege == null || !metastore.hasPrivilegeWithGrantOptionOnTable(identity.getUser(), tableName.getSchemaName(), tableName.getTableName(), hivePrivilege)) { denyGrantTablePrivilege(privilege.name(), tableName.toString()); } }