Extend support of "GRANT ALTER ANY SCHEMA TO <user>" to allow grantee ability to manipulate tables

696b949a · noelgrandin · f8c487d8 · 696b949a · 696b949a · 696b949a
--- a/h2/src/docsrc/html/changelog.html
+++ b/h2/src/docsrc/html/changelog.html
@@ -42,6 +42,7 @@ Change Log
 </li><li>Issue 522: Treat empty strings like NULL in Oracle compatibility mode, patch by Daniel Gredler.
 </li><li>Issue 527: Oracle compatibility mode: incorrect scale behavior, patch by Daniel Gredler.
 </li><li>Slightly reduce the memory cost of View metadata.
+</li><li>Extend support of "GRANT ALTER ANY SCHEMA TO &lt;user&gt;" to allow grantee ability to manipulate tables
 </li></ul>

 <h2>Version 1.3.174 (2013-10-19)</h2>

--- a/h2/src/main/org/h2/engine/User.java
+++ b/h2/src/main/org/h2/engine/User.java
@@ -125,6 +125,9 @@ public class User extends RightOwner {
            return true;
        }
        if (table != null) {
+            if (hasRight(null, Right.ALTER_ANY_SCHEMA)) {
+                return true;
+            }
            String tableType = table.getTableType();
            if (Table.VIEW.equals(tableType)) {
                TableView v = (TableView) table;
@@ -212,7 +215,7 @@ public class User extends RightOwner {
     * @throws DbException if this user is not a schema admin
     */
    public void checkSchemaAdmin() {
-        if (!admin && !hasRight(null, Right.ALTER_ANY_SCHEMA)) {
+        if (!hasRight(null, Right.ALTER_ANY_SCHEMA)) {
            throw DbException.get(ErrorCode.ADMIN_RIGHTS_REQUIRED);
        }
    }

--- a/h2/src/test/org/h2/test/db/TestRights.java
+++ b/h2/src/test/org/h2/test/db/TestRights.java
@@ -212,15 +212,20 @@ public class TestRights extends TestBase {
        testTableType(conn, "MEMORY");
        testTableType(conn, "CACHED");

+        /* make sure admin can still do it. */
+        
        executeSuccess("CREATE USER SCHEMA_CREATOR PASSWORD 'xyz'");

        executeSuccess("CREATE SCHEMA SCHEMA_RIGHT_TEST");
        executeSuccess("ALTER SCHEMA SCHEMA_RIGHT_TEST RENAME TO SCHEMA_RIGHT_TEST_RENAMED");
        executeSuccess("DROP SCHEMA SCHEMA_RIGHT_TEST_RENAMED");
+        
+        /* create this for tests below */
        executeSuccess("CREATE SCHEMA SCHEMA_RIGHT_TEST_EXISTS");
+        executeSuccess("CREATE TABLE SCHEMA_RIGHT_TEST_EXISTS.TEST_EXISTS(ID INT PRIMARY KEY, NAME VARCHAR)");
        conn.close();

-        // try and fail
+        // try and fail (no rights yet)
        conn = getConnection("rights;LOG=2", "SCHEMA_CREATOR", getPassword("xyz"));
        stat = conn.createStatement();
        assertThrows(ErrorCode.ADMIN_RIGHTS_REQUIRED, stat).execute(
@@ -231,29 +236,42 @@ public class TestRights extends TestBase {
                "DROP SCHEMA SCHEMA_RIGHT_TEST_EXISTS");
        conn.close();

-        // give them
+        // grant the right
        conn = getConnection("rights");
        stat = conn.createStatement();
-        executeSuccess("DROP SCHEMA SCHEMA_RIGHT_TEST_EXISTS");
        executeSuccess("GRANT ALTER ANY SCHEMA TO SCHEMA_CREATOR");
        conn.close();

        // try and succeed
        conn = getConnection("rights;LOG=2", "SCHEMA_CREATOR", getPassword("xyz"));
        stat = conn.createStatement();
+        
+        /* should be able to create a schema and manipulate tables on that schema... */
        executeSuccess("CREATE SCHEMA SCHEMA_RIGHT_TEST");
-        executeSuccess("ALTER SCHEMA SCHEMA_RIGHT_TEST RENAME TO SCHEMA_RIGHT_TEST_RENAMED");
-        executeSuccess("DROP SCHEMA SCHEMA_RIGHT_TEST_RENAMED");
-        executeSuccess("CREATE SCHEMA SCHEMA_RIGHT_TEST_EXISTS");
+        executeSuccess("ALTER SCHEMA SCHEMA_RIGHT_TEST RENAME TO S");
+        executeSuccess("CREATE TABLE S.TEST(ID INT PRIMARY KEY, NAME VARCHAR)");
+        executeSuccess("ALTER TABLE S.TEST ADD COLUMN QUESTION VARCHAR");
+        executeSuccess("INSERT INTO  S.TEST (ID, NAME) VALUES (42, 'Adams')");
+        executeSuccess("UPDATE S.TEST Set NAME = 'Douglas'");
+        executeSuccess("DELETE FROM S.TEST");
+        executeSuccess("DROP SCHEMA S");
+
+        /* ...and on other schemata */
+        executeSuccess("CREATE TABLE TEST(ID INT PRIMARY KEY, NAME VARCHAR)");
+        executeSuccess("ALTER TABLE TEST ADD COLUMN QUESTION VARCHAR");
+        executeSuccess("INSERT INTO  TEST (ID, NAME) VALUES (42, 'Adams')");
+        executeSuccess("UPDATE TEST Set NAME = 'Douglas'");
+        executeSuccess("DELETE FROM TEST");
+        
        conn.close();

-        // revoke them
+        // revoke the right
        conn = getConnection("rights");
        stat = conn.createStatement();
        executeSuccess("REVOKE ALTER ANY SCHEMA FROM SCHEMA_CREATOR");
        conn.close();

-        // try and fail
+        // try again and fail
        conn = getConnection("rights;LOG=2", "SCHEMA_CREATOR", getPassword("xyz"));
        stat = conn.createStatement();
        assertThrows(ErrorCode.ADMIN_RIGHTS_REQUIRED, stat).
@@ -262,6 +280,14 @@ public class TestRights extends TestBase {
            execute("ALTER SCHEMA SCHEMA_RIGHT_TEST_EXISTS RENAME TO SCHEMA_RIGHT_TEST_RENAMED");
        assertThrows(ErrorCode.ADMIN_RIGHTS_REQUIRED, stat).
            execute("DROP SCHEMA SCHEMA_RIGHT_TEST_EXISTS");
+        assertThrows(ErrorCode.NOT_ENOUGH_RIGHTS_FOR_1, stat).
+        	execute("CREATE TABLE SCHEMA_RIGHT_TEST_EXISTS.TEST(ID INT PRIMARY KEY, NAME VARCHAR)");
+        assertThrows(ErrorCode.NOT_ENOUGH_RIGHTS_FOR_1, stat).
+        	execute("INSERT INTO  SCHEMA_RIGHT_TEST_EXISTS.TEST_EXISTS (ID, NAME) VALUES (42, 'Adams')");
+        assertThrows(ErrorCode.NOT_ENOUGH_RIGHTS_FOR_1, stat).
+        	execute("UPDATE SCHEMA_RIGHT_TEST_EXISTS.TEST_EXISTS Set NAME = 'Douglas'");
+        assertThrows(ErrorCode.NOT_ENOUGH_RIGHTS_FOR_1, stat).
+        	execute("DELETE FROM SCHEMA_RIGHT_TEST_EXISTS.TEST_EXISTS");
        conn.close();
    }