/tags/release-0.1-rc2/hive/external/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/Privilege.java

/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.apache.hadoop.hive.ql.security.authorization;

import java.util.EnumSet;
import org.apache.hadoop.hive.ql.parse.HiveParser;

/**
 * Privilege defines a privilege in Hive. Each privilege has a name and scope associated with it.
 * This class contains all of the predefined privileges in Hive.
 */
public class Privilege {
  
  public enum PrivilegeType {
    ALL,
    ALTER_DATA,
    ALTER_METADATA,
    CREATE,
    DROP,
    INDEX,
    LOCK,
    SELECT,
    SHOW_DATABASE,
    UNKNOWN
  }


  public static PrivilegeType getPrivTypeByToken(int token) {
    switch (token) {
    case HiveParser.TOK_PRIV_ALL:
      return PrivilegeType.ALL;
    case HiveParser.TOK_PRIV_ALTER_DATA:
      return PrivilegeType.ALTER_DATA;
    case HiveParser.TOK_PRIV_ALTER_METADATA:
      return PrivilegeType.ALTER_METADATA;
    case HiveParser.TOK_PRIV_CREATE:
      return PrivilegeType.CREATE;
    case HiveParser.TOK_PRIV_DROP:
      return PrivilegeType.DROP;
    case HiveParser.TOK_PRIV_INDEX:
      return PrivilegeType.INDEX;
    case HiveParser.TOK_PRIV_LOCK:
      return PrivilegeType.LOCK;
    case HiveParser.TOK_PRIV_SELECT:
      return PrivilegeType.SELECT;
    case HiveParser.TOK_PRIV_SHOW_DATABASE:
      return PrivilegeType.SHOW_DATABASE;
    default:
      return PrivilegeType.UNKNOWN;
    }
  }

  public static PrivilegeType getPrivTypeByName(String privilegeName) {
    String canonicalizedName = privilegeName.toLowerCase();
    if (canonicalizedName.equals("all")) {
      return PrivilegeType.ALL;
    } else if (canonicalizedName.equals("update")) {
      return PrivilegeType.ALTER_DATA;
    } else if (canonicalizedName.equals("alter")) {
      return PrivilegeType.ALTER_METADATA;
    } else if (canonicalizedName.equals("create")) {
      return PrivilegeType.CREATE;
    } else if (canonicalizedName.equals("drop")) {
      return PrivilegeType.DROP;
    } else if (canonicalizedName.equals("index")) {
      return PrivilegeType.INDEX;
    } else if (canonicalizedName.equals("lock")) {
      return PrivilegeType.LOCK;
    } else if (canonicalizedName.equals("select")) {
      return PrivilegeType.SELECT;
    } else if (canonicalizedName.equals("show_database")) {
      return PrivilegeType.SHOW_DATABASE;
    }

    return PrivilegeType.UNKNOWN;
  }

  private PrivilegeType priv;
  
  private EnumSet<PrivilegeScope> supportedScopeSet;
  
  private Privilege(PrivilegeType priv, EnumSet<PrivilegeScope> scopeSet) {
    super();
    this.priv = priv;
    this.supportedScopeSet = scopeSet;
  }

  public Privilege(PrivilegeType priv) {
    super();
    this.priv = priv;
    
  }

  public PrivilegeType getPriv() {
    return priv;
  }

  public void setPriv(PrivilegeType priv) {
    this.priv = priv;
  }
  
  public boolean supportColumnLevel() {
    return supportedScopeSet != null
        && supportedScopeSet.contains(PrivilegeScope.COLUMN_LEVEL_SCOPE);
  }

  public boolean supportDBLevel() {
    return supportedScopeSet != null
        && supportedScopeSet.contains(PrivilegeScope.DB_LEVEL_SCOPE);
  }

  public boolean supportTableLevel() {
    return supportedScopeSet != null
        && supportedScopeSet.contains(PrivilegeScope.TABLE_LEVEL_SCOPE);
  }
  
  @Override
  public String toString() {
    switch (this.priv) {
    case ALL:
      return "All";
    case ALTER_DATA:
      return "Update";
    case ALTER_METADATA:
      return "Alter";
    case CREATE:
      return "Create";
    case DROP:
      return "Drop";
    case INDEX:
      return "Index";
    case LOCK:
      return "Lock";
    case SELECT:
      return "Select";
    case SHOW_DATABASE:
      return "Show_Database";
    default:
      return "Unknown";
    }
  }

  public Privilege() {
  }

  public static Privilege ALL = new Privilege(PrivilegeType.ALL,
      PrivilegeScope.ALLSCOPE_EXCEPT_COLUMN);

  public static Privilege ALTER_METADATA = new Privilege(PrivilegeType.ALTER_METADATA,
      PrivilegeScope.ALLSCOPE_EXCEPT_COLUMN);

  public static Privilege ALTER_DATA = new Privilege(PrivilegeType.ALTER_DATA,
      PrivilegeScope.ALLSCOPE_EXCEPT_COLUMN);

  public static Privilege CREATE = new Privilege(PrivilegeType.CREATE,
      PrivilegeScope.ALLSCOPE_EXCEPT_COLUMN);

  public static Privilege DROP = new Privilege(PrivilegeType.DROP,
      PrivilegeScope.ALLSCOPE_EXCEPT_COLUMN);

  public static Privilege INDEX = new Privilege(PrivilegeType.INDEX,
      PrivilegeScope.ALLSCOPE);

  public static Privilege LOCK = new Privilege(PrivilegeType.LOCK,
      PrivilegeScope.ALLSCOPE_EXCEPT_COLUMN);

  public static Privilege SELECT = new Privilege(PrivilegeType.SELECT,
      PrivilegeScope.ALLSCOPE);

  public static Privilege SHOW_DATABASE = new Privilege(PrivilegeType.SHOW_DATABASE,
      EnumSet.of(PrivilegeScope.USER_LEVEL_SCOPE));

}