public class ReportPostInitHandler extends InitHandler implements IInitHandler {\r
\r
final Logger logger = LoggerFactory.getLogger(ReportPostInitHandler.class);\r
- public static final String READ_ROLE_NAME_KEY = "readerRoleName";\r
- private String readerRoleName = "reader" + ServiceMain.getInstance().getCspaceInstanceId();\r
-\r
+ public static final String DATABASE_SELECT_PRIVILEGE_NAME = "SELECT";\r
+ \r
+ // Currently retained for backward compatibility\r
+ public static final String READER_ROLE_NAME_KEY = "readerRoleName";\r
+ public static final String DEFAULT_READER_ROLE_NAME = "reader" + ServiceMain.getInstance().getCspaceInstanceId();\r
+ private String readerRoleName = DEFAULT_READER_ROLE_NAME;\r
+ \r
+ public static final String REPORTER_ROLE_NAME_KEY = "reporterRoleName";\r
+ public static final String DEFAULT_REPORTER_ROLE_NAME = "reporter" + ServiceMain.getInstance().getCspaceInstanceId();\r
+ private String reporterRoleName = DEFAULT_REPORTER_ROLE_NAME;\r
+ \r
/** See the class javadoc for this class: it shows the syntax supported in the configuration params.\r
*/\r
@Override\r
List<Property> propertyList) throws Exception {\r
//Check for existing privileges, and if not there, grant them\r
for(Property prop : propertyList) {\r
- if(READ_ROLE_NAME_KEY.equals(prop.getKey())) {\r
- String value = prop.getValue();\r
- if(Tools.notEmpty(value) && !readerRoleName.equals(value)){\r
- readerRoleName = value;\r
- logger.debug("ReportPostInitHandler: overriding readerRoleName to use: "\r
- + value);\r
- }\r
- }\r
+ if(REPORTER_ROLE_NAME_KEY.equals(prop.getKey())) {\r
+ String value = prop.getValue();\r
+ if(Tools.notEmpty(value) && !DEFAULT_REPORTER_ROLE_NAME.equals(value)){\r
+ reporterRoleName = value + ServiceMain.getInstance().getCspaceInstanceId();\r
+ logger.debug("ReportPostInitHandler: overriding reporterRoleName default value to use: "\r
+ + value);\r
+ }\r
+ }\r
+ // FIXME: Currently retained for backward compatibility; remove this block when appropriate\r
+ if(READER_ROLE_NAME_KEY.equals(prop.getKey())) {\r
+ String value = prop.getValue();\r
+ if(Tools.notEmpty(value) && !DEFAULT_READER_ROLE_NAME.equals(value)){\r
+ readerRoleName = value + ServiceMain.getInstance().getCspaceInstanceId();\r
+ logger.debug("ReportPostInitHandler: overriding readerRoleName default value to use: "\r
+ + value);\r
+ }\r
+ }\r
}\r
- \r
+ String privilegeName = DATABASE_SELECT_PRIVILEGE_NAME;\r
+ grantPrivilegeToDatabaseRole(dataSourceName, repositoryName, cspaceInstanceId, privilegeName, reporterRoleName);\r
+ // FIXME: Currently retained for backward compatibility; remove the following line when appropriate\r
+ grantPrivilegeToDatabaseRole(dataSourceName, repositoryName, cspaceInstanceId, privilegeName, readerRoleName);\r
+ }\r
+\r
+ // FIXME: This method might be refactorable / movable to the\r
+ // org.collectionspace.services.common.storage.JDBCTools class.\r
+ // If so, any database privilege constants here should be moved with it.\r
+ private void grantPrivilegeToDatabaseRole(String dataSourceName, String repositoryName, String cspaceInstanceId,\r
+ String privilegeName, String roleName) {\r
Connection conn = null;\r
Statement stmt = null;\r
String sql = "";\r
DatabaseProductType databaseProductType = JDBCTools.getDatabaseProductType(dataSourceName, repositoryName,\r
cspaceInstanceId);\r
if (databaseProductType == DatabaseProductType.MYSQL) {\r
- // Nothing to do: MYSQL already does wildcard grants in init_db.sql\r
+ // Nothing to do: MYSQL already does wildcard grants in init_db.sql\r
} else if(databaseProductType != DatabaseProductType.POSTGRESQL) {\r
throw new Exception("Unrecognized database system " + databaseProductType);\r
} else {\r
String databaseName = JDBCTools.getDatabaseName(repositoryName, cspaceInstanceId);\r
conn = JDBCTools.getConnection(dataSourceName, databaseName);\r
stmt = conn.createStatement(); \r
- //sql = "REVOKE SELECT ON ALL TABLES IN SCHEMA public FROM "+readerRoleName;\r
- //stmt.execute(sql);\r
- sql = "GRANT SELECT ON ALL TABLES IN SCHEMA public TO "+readerRoleName;\r
+ // FIXME: Check first that role exists before executing the grant\r
+ sql = String.format("GRANT %s ON ALL TABLES IN SCHEMA public TO %s", privilegeName, roleName);\r
stmt.execute(sql);\r
}\r
\r
projects / tmp / jakarta-migration.git / commitdiff