From 695082ece7003dc85f38016e342ff2fe86083537 Mon Sep 17 00:00:00 2001
From: Alexander Zhdanov <alexander.zhdanov@red-soft.ru>
Date: Thu, 26 Oct 2023 00:37:13 +0300
Subject: [PATCH] added the ability to change sql security option in alter
 package

---
 doc/sql.extensions/README.ddl.txt |  5 +++
 src/dsql/PackageNodes.epp         | 60 ++++++++++++++++++++++++++++---
 src/dsql/PackageNodes.h           |  3 +-
 src/dsql/parse.y                  | 18 +++++++++-
 src/jrd/drq.h                     |  1 +
 5 files changed, 80 insertions(+), 7 deletions(-)

diff --git a/doc/sql.extensions/README.ddl.txt b/doc/sql.extensions/README.ddl.txt
index 16b679e109..1c7b6e831b 100644
--- a/doc/sql.extensions/README.ddl.txt
+++ b/doc/sql.extensions/README.ddl.txt
@@ -613,3 +613,8 @@ ALTER FUNCTION <name> [ {DETERMINISTIC | NOT DETERMINISTIC} ] [ SQL SECURITY {DE
 (Alexander Zhdanov)
 
 ALTER PROCEDURE <name> SQL SECURITY {DEFINER | INVOKER} | DROP SQL SECURITY
+
+26) Added the ability to change sql security option without specifying the entire body of the package
+(Alexander Zhdanov)
+
+ALTER PACKAGE <name> SQL SECURITY {DEFINER | INVOKER} | DROP SQL SECURITY
diff --git a/src/dsql/PackageNodes.epp b/src/dsql/PackageNodes.epp
index 93cc622ccb..fc8c307fcf 100644
--- a/src/dsql/PackageNodes.epp
+++ b/src/dsql/PackageNodes.epp
@@ -215,6 +215,9 @@ string CreateAlterPackageNode::internalPrint(NodePrinter& printer) const
 
 DdlNode* CreateAlterPackageNode::dsqlPass(DsqlCompilerScratch* dsqlScratch)
 {
+	if(alter && !items)
+		return DdlNode::dsqlPass(dsqlScratch);
+
 	MemoryPool& pool = dsqlScratch->getPool();
 
 	source.ltrim("\n\r\t ");
@@ -319,9 +322,18 @@ void CreateAlterPackageNode::execute(thread_db* tdbb, DsqlCompilerScratch* dsqlS
 	// run all statements under savepoint control
 	AutoSavePoint savePoint(tdbb, transaction);
 
+	const bool alterIndividualParameters = (alter && !items);
+
 	if (alter)
 	{
-		if (!executeAlter(tdbb, dsqlScratch, transaction))
+		if(alterIndividualParameters)
+		{
+			if(!executeAlterIndividualParameters(tdbb, dsqlScratch, transaction))
+				status_exception::raise(
+					Arg::Gds(isc_no_meta_update) <<
+					Arg::Gds(isc_dyn_package_not_found) << Arg::Str(name));
+		}
+		else if (!executeAlter(tdbb, dsqlScratch, transaction))
 		{
 			if (create)	// create or alter
 				executeCreate(tdbb, dsqlScratch, transaction);
@@ -371,10 +383,10 @@ void CreateAlterPackageNode::executeCreate(thread_db* tdbb, DsqlCompilerScratch*
 		PKG.RDB$PACKAGE_HEADER_SOURCE.NULL = FALSE;
 		attachment->storeMetaDataBlob(tdbb, transaction, &PKG.RDB$PACKAGE_HEADER_SOURCE, source);
 
-		if (ssDefiner.isAssigned())
+		if (ssDefiner.has_value())
 		{
 			PKG.RDB$SQL_SECURITY.NULL = FALSE;
-			PKG.RDB$SQL_SECURITY = ssDefiner.asBool() ? FB_TRUE : FB_FALSE;
+			PKG.RDB$SQL_SECURITY = ssDefiner.value() == SqlSecurity::SS_DEFINER ? FB_TRUE : FB_FALSE;
 		}
 		else
 			PKG.RDB$SQL_SECURITY.NULL = TRUE;
@@ -445,10 +457,10 @@ bool CreateAlterPackageNode::executeAlter(thread_db* tdbb, DsqlCompilerScratch*
 			if (!PKG.RDB$VALID_BODY_FLAG.NULL)
 				PKG.RDB$VALID_BODY_FLAG = FALSE;
 
-			if (ssDefiner.isAssigned())
+			if (ssDefiner.has_value())
 			{
 				PKG.RDB$SQL_SECURITY.NULL = FALSE;
-				PKG.RDB$SQL_SECURITY = ssDefiner.asBool() ? FB_TRUE : FB_FALSE;
+				PKG.RDB$SQL_SECURITY = ssDefiner.value() == SqlSecurity::SS_DEFINER ? FB_TRUE : FB_FALSE;
 			}
 			else
 				PKG.RDB$SQL_SECURITY.NULL = TRUE;
@@ -475,6 +487,44 @@ bool CreateAlterPackageNode::executeAlter(thread_db* tdbb, DsqlCompilerScratch*
 }
 
 
+bool CreateAlterPackageNode::executeAlterIndividualParameters(thread_db* tdbb, DsqlCompilerScratch* dsqlScratch, jrd_tra* transaction)
+{
+	AutoCacheRequest requestHandle(tdbb, drq_m_prm_pkg, DYN_REQUESTS);
+	bool modified = false;
+
+	FOR (REQUEST_HANDLE requestHandle TRANSACTION_HANDLE transaction)
+		PKG IN RDB$PACKAGES
+		WITH PKG.RDB$PACKAGE_NAME EQ name.c_str()
+	{
+		modified = true;
+
+		executeDdlTrigger(tdbb, dsqlScratch, transaction, DTW_BEFORE,
+			DDL_TRIGGER_ALTER_PACKAGE, name, NULL);
+
+		MODIFY PKG
+			if (ssDefiner.has_value())
+			{
+				if(ssDefiner.value() != SqlSecurity::SS_DROP)
+				{
+					PKG.RDB$SQL_SECURITY.NULL = FALSE;
+					PKG.RDB$SQL_SECURITY = ssDefiner.value() == SqlSecurity::SS_DEFINER ? FB_TRUE : FB_FALSE;
+				}
+				else
+					PKG.RDB$SQL_SECURITY.NULL = TRUE;
+			}
+		END_MODIFY
+	}
+	END_FOR
+
+	if (modified)
+	{
+		executeDdlTrigger(tdbb, dsqlScratch, transaction,
+			DTW_AFTER, DDL_TRIGGER_ALTER_PACKAGE, name, NULL);
+	}
+
+	return modified;
+}
+
 void CreateAlterPackageNode::executeItems(thread_db* tdbb, DsqlCompilerScratch* dsqlScratch,
 	jrd_tra* transaction)
 {
diff --git a/src/dsql/PackageNodes.h b/src/dsql/PackageNodes.h
index 0e1ad83d2b..e97fa32085 100644
--- a/src/dsql/PackageNodes.h
+++ b/src/dsql/PackageNodes.h
@@ -100,6 +100,7 @@ protected:
 private:
 	void executeCreate(thread_db* tdbb, DsqlCompilerScratch* dsqlScratch, jrd_tra* transaction);
 	bool executeAlter(thread_db* tdbb, DsqlCompilerScratch* dsqlScratch, jrd_tra* transaction);
+	bool executeAlterIndividualParameters(thread_db* tdbb, DsqlCompilerScratch* dsqlScratch, jrd_tra* transaction);
 	void executeItems(thread_db* tdbb, DsqlCompilerScratch* dsqlScratch, jrd_tra* transaction);
 
 public:
@@ -110,7 +111,7 @@ public:
 	Firebird::Array<Item>* items;
 	Firebird::SortedArray<MetaName> functionNames;
 	Firebird::SortedArray<MetaName> procedureNames;
-	TriState ssDefiner;
+	std::optional<SqlSecurity> ssDefiner;
 
 private:
 	MetaName owner;
diff --git a/src/dsql/parse.y b/src/dsql/parse.y
index 9178458174..9b20b5be2c 100644
--- a/src/dsql/parse.y
+++ b/src/dsql/parse.y
@@ -2977,7 +2977,7 @@ replace_function_clause
 
 %type <createAlterPackageNode> package_clause
 package_clause
-	: symbol_package_name sql_security_clause_opt AS BEGIN package_items_opt END
+	: symbol_package_name optional_sql_security_full_alter_clause AS BEGIN package_items_opt END
 		{
 			CreateAlterPackageNode* node = newNode<CreateAlterPackageNode>(*$1);
 			node->ssDefiner = $2;
@@ -2987,6 +2987,16 @@ package_clause
 		}
 	;
 
+%type <createAlterPackageNode> change_opt_package_clause
+change_opt_package_clause
+	: symbol_package_name optional_sql_security_partial_alter_clause
+		{
+			CreateAlterPackageNode* node = newNode<CreateAlterPackageNode>(*$1);
+			node->ssDefiner = $2;
+			$$ = node;
+		}
+	;
+
 %type <packageItems> package_items_opt
 package_items_opt
 	: package_items
@@ -3024,6 +3034,12 @@ alter_package_clause
 			$$->alter = true;
 			$$->create = false;
 		}
+	| change_opt_package_clause
+		{
+			$$ = $1;
+			$$->alter = true;
+			$$->create = false;
+		}
 	;
 
 %type <createAlterPackageNode> replace_package_clause
diff --git a/src/jrd/drq.h b/src/jrd/drq.h
index 01622d25e9..741c5e2cc2 100644
--- a/src/jrd/drq.h
+++ b/src/jrd/drq.h
@@ -200,6 +200,7 @@ enum drq_type_t
 	drq_m_pkg_prc,			// drop package body
 	drq_m_pkg_fun,			// drop package body
 	drq_m_pkg,				// alter package
+	drq_m_prm_pkg,			// modify individual package parameters
 	drq_l_pkg_funcs,		// lookup packaged functions
 	drq_l_pkg_func_args,	// lookup packaged function arguments
 	drq_l_pkg_procs,		// lookup packaged procedures