[ http://issues.apache.org/jira/browse/DERBY-1330?page=comments#action_12418146 ]
Daniel John Debrunner commented on DERBY-1330: ---------------------------------------------- Just from a quick look at the patch there are many cases where you add a new method or field and add comments, but not as javadoc comments. E.g. + //A call to this method means stop collecting privilege requirements for + //this node because this node is executing under definer's privileges. + public void accessThisWithDefinerPrivileges() This means the comment does not make into the generated javadoc for the engine and (I think) will not be picked up by smart IDEs like Eclipse. In Eclipse "hovering" over a method call will show the javadoc comment for the called method, which can be useful when navigating unfamilar code. A javadoc comment uses the /** */ tokens, e.g. /** A call to this method means stop collecting privilege requirements for this node because this node is executing under definer's privileges. */ public void accessThisWithDefinerPrivileges() Is it possible to change to javadoc methods and get into the habit of using them for new fields, classes and methods? > Provide runtime privilege checking for grant/revoke functionality > ----------------------------------------------------------------- > > Key: DERBY-1330 > URL: http://issues.apache.org/jira/browse/DERBY-1330 > Project: Derby > Type: Sub-task > Components: SQL > Versions: 10.2.0.0 > Reporter: Mamta A. Satoor > Attachments: AuthorizationModelForDerbySQLStandardAuthorization.html, > AuthorizationModelForDerbySQLStandardAuthorizationV2.html, > Derby1330ViewPrivilegeCollectionV1diff.txt, > Derby1330ViewPrivilegeCollectionV1stat.txt > > Additional work needs to be done for grant/revoke to make sure that only > users with required privileges can access various database objects. In order > to do that, first we need to collect the privilege requirements for various > database objects and store them in SYS.SYSREQUIREDPERM. Once we have this > information then when a user tries to access an object, the required > SYS.SYSREQUIREDPERM privileges for the object will be checked against the > user privileges in SYS.SYSTABLEPERMS, SYS.SYSCOLPERMS and > SYS.SYSROUTINEPERMS. The database object access will succeed only if the user > has the necessary privileges. > SYS.SYSTABLEPERMS, SYS.SYSCOLPERMS and SYS.SYSROUTINEPERMS are already > populated by Satheesh's work on DERBY-464. But SYS.SYSREQUIREDPERM doesn't > have any information in it at this point and hence no runtime privilege > checking is getting done at this point. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
