public class RoleClosureIteratorImpl extends java.lang.Object implements RoleClosureIterator
GRANT
role-a TO
role-b, or its inverse.
The graph is represented as a HashMap
where the key is
the node and the value is a List grant descriptors representing
outgoing arcs. The set constructed depends on whether inverse
was specified in the constructor.
RoleClosureIterator
Modifier and Type | Field and Description |
---|---|
private java.util.Iterator<RoleGrantDescriptor> |
currNodeIter
Last node returned by next; a logical pointer into the arcs
list of a node we are currently processing.
|
private DataDictionaryImpl |
dd
DataDictionaryImpl used to get closure graph
|
private java.util.HashMap<java.lang.String,java.util.List<RoleGrantDescriptor>> |
graph
Holds the grant graph.
|
private boolean |
initial
true before next is called the first time
|
private boolean |
inverse
true if closure is inverse of GRANT role-a TO role-b.
|
private java.util.List<RoleGrantDescriptor> |
lifo
Holds discovered, but not yet handed out, roles in the closure.
|
private java.lang.String |
root
The role for which we compute the closure.
|
private java.util.HashMap<java.lang.String,java.lang.Object> |
seenSoFar
Holds roles seen so far when computing the closure.
|
private TransactionController |
tc
TransactionController used to get closure graph
|
Constructor and Description |
---|
RoleClosureIteratorImpl(java.lang.String root,
boolean inverse,
DataDictionaryImpl dd,
TransactionController tc)
Constructor (package private).
|
Modifier and Type | Method and Description |
---|---|
java.lang.String |
next()
Returns the next (as yet unreturned) role in the transitive closure of
the grant or grant-1 relation.
|
private final boolean inverse
private java.util.HashMap<java.lang.String,java.lang.Object> seenSoFar
inverse
, the
key represents and is compared against roleName()
or grantee()
of role descriptors visited.private java.util.HashMap<java.lang.String,java.util.List<RoleGrantDescriptor>> graph
RoleGrantDescriptor
, making up outgoing arcs
in graphprivate java.util.List<RoleGrantDescriptor> lifo
private java.util.Iterator<RoleGrantDescriptor> currNodeIter
private DataDictionaryImpl dd
private TransactionController tc
private java.lang.String root
private boolean initial
RoleClosureIteratorImpl(java.lang.String root, boolean inverse, DataDictionaryImpl dd, TransactionController tc)
createRoleClosureIterator
to obtain an instance.root
- The role name for which to compute the closureinverse
- If true
, graph
represents the
grant-1 relation.dd
- data dictionarytc
- transaction controllerDataDictionary.createRoleClosureIterator(org.apache.derby.iapi.store.access.TransactionController, java.lang.String, boolean)
public java.lang.String next() throws StandardException
RoleClosureIterator
Example: Assume a set of created roles forming nodes: {a1, a2, a3, b, c, d, e, f, h, j} Assume a set of GRANT statements forming arcs: GRANT a1 TO b; GRANT b TO e; GRANT e TO h; GRANT a1 TO c; GRANT e TO f; GRANT a2 TO c; GRANT c TO f; GRANT f TO h; GRANT a3 TO d; GRANT d TO f; GRANT a1 to j; a1 a2 a3 / | \ | | / b +--------> c d j | \ / e---+ \ / \ \ \ / \ \---------+ \ / \ \_ f \ / \ / \ / \ / \ / \ / hAn iterator on the inverse relation starting at h for the above grant graph will return:
closure(h, grant-inv) = {h, e, b, a1, f, c, a2, d, a3}
An iterator on normal (not inverse) relation starting at a1 for the above grant graph will return:
closure(a1, grant) = {a1, b, j, e, h, f, c}
next
in interface RoleClosureIterator
StandardException
Apache Derby V10.13 Internals - Copyright © 2004,2016 The Apache Software Foundation. All Rights Reserved.