Merge pull request #9865 from dbeaver/datatransfer-restrict#9521

#9521 Check for required permissions in datatransfer

plugins/org.jkiss.dbeaver.data.transfer/src/org/jkiss/dbeaver/tools/transfer/database/DatabaseTransferConsumer.java

@@ -134,7 +134,7 @@ public class DatabaseTransferConsumer implements IDataTransferConsumer<DatabaseC
         try {
             initExporter(session.getProgressMonitor());
         } catch (DBException e) {
-            throw new DBCException("Error initializing exporter");
+            throw new DBCException("Error initializing exporter", e);
         }
         if (containerMapping == null) {
             throw new DBCException("Internal error: consumer mappings not set");
@@ -527,6 +527,10 @@ public class DatabaseTransferConsumer implements IDataTransferConsumer<DatabaseC
     }
 
     private void createTargetTable(DBCSession session, DatabaseMappingContainer containerMapping) throws DBException {
+        DBPDataSourceContainer dataSourceContainer = session.getDataSource().getContainer();
+        if (!dataSourceContainer.hasModifyPermission(DBPDataSourcePermission.PERMISSION_EDIT_METADATA)) {
+            throw new DBCException("New table creation in database [" + dataSourceContainer.getName() + "] restricted by connection configuration");
+        }
         DBSObjectContainer schema = settings.getContainer();
         if (schema == null) {
             throw new DBException("No target container selected");
@@ -544,6 +548,11 @@ public class DatabaseTransferConsumer implements IDataTransferConsumer<DatabaseC
     }
 
     private void createTargetAttribute(DBCSession session, DatabaseMappingAttribute attribute) throws DBCException {
+        DBPDataSourceContainer dataSourceContainer = session.getDataSource().getContainer();
+        if (!dataSourceContainer.hasModifyPermission(DBPDataSourcePermission.PERMISSION_EDIT_METADATA)) {
+            throw new DBCException("New attribute creation in database [" + dataSourceContainer.getName() + "] restricted by connection configuration");
+        }
+
         session.getProgressMonitor().subTask("Create column " + DBUtils.getObjectFullName(attribute.getParent().getTarget(), DBPEvaluationContext.DDL) + "." + attribute.getTargetName());
         try {
             DatabaseTransferUtils.executeDDL(session, new DBEPersistAction[] { DatabaseTransferUtils.generateTargetAttributeDDL(session.getDataSource(), attribute) } );

plugins/org.jkiss.dbeaver.model/src/org/jkiss/dbeaver/model/DBPDataSourcePermission.java

@@ -16,15 +16,17 @@
  */
 package org.jkiss.dbeaver.model;
 
+import org.jkiss.dbeaver.model.messages.ModelMessages;
+
 /**
  * Data-source permissions
  */
 public enum DBPDataSourcePermission
 {
-    PERMISSION_EDIT_DATA("edit.data", "Restrict data edit", "Restrict and direct data modifications"),
-    PERMISSION_EDIT_METADATA("edit.meta", "Restrict structure edit", "Restrict structure (metadata) changes, like tables create/drop"),
-    PERMISSION_EXECUTE_SCRIPTS("edit.execute", "Restrict script execute", "Restruct custom user scripts (SQL) execution"),
-    PERMISSION_IMPORT_DATA("import.data", "Restrict data import", "Restrict importing data");
+    PERMISSION_EDIT_DATA("edit.data", ModelMessages.dbp_permission_edit_data_name, ModelMessages.dbp_permission_edit_data_description),
+    PERMISSION_EDIT_METADATA("edit.meta", ModelMessages.dbp_permission_edit_metadata_name, ModelMessages.dbp_permission_edit_metadata_description),
+    PERMISSION_EXECUTE_SCRIPTS("edit.execute", ModelMessages.dbp_permission_execute_scripts_name, ModelMessages.dbp_permission_execute_scripts_description),
+    PERMISSION_IMPORT_DATA("import.data", ModelMessages.dbp_permission_import_data_name, ModelMessages.dbp_permission_import_data_description);
 
     private final String id;
     private final String label;

plugins/org.jkiss.dbeaver.model/src/org/jkiss/dbeaver/model/messages/ModelMessages.java

@@ -173,6 +173,15 @@ public class ModelMessages extends NLS {
     public static String dialog_connection_wizard_start_connection_monitor_thread;
     public static String dialog_connection_wizard_start_dialog_error_message;
 
+    public static String dbp_permission_edit_data_name;
+    public static String dbp_permission_edit_data_description;
+    public static String dbp_permission_edit_metadata_name;
+    public static String dbp_permission_edit_metadata_description;
+    public static String dbp_permission_execute_scripts_name;
+    public static String dbp_permission_execute_scripts_description;
+    public static String dbp_permission_import_data_name;
+    public static String dbp_permission_import_data_description;
+
     static {
 		// initialize resource bundle
 		NLS.initializeMessages(BUNDLE_NAME, ModelMessages.class);

plugins/org.jkiss.dbeaver.model/src/org/jkiss/dbeaver/model/messages/ModelResources.properties

@@ -139,3 +139,12 @@ dialog_connection_wizard_start_connection_monitor_subtask_test = Test connection
 dialog_connection_wizard_start_connection_monitor_success = Success
 dialog_connection_wizard_start_connection_monitor_thread = Test datasource connection
 dialog_connection_wizard_start_dialog_error_message = Database connectivity error
+
+dbp_permission_edit_data_name = Restrict data edit
+dbp_permission_edit_data_description = Restrict direct data modifications
+dbp_permission_edit_metadata_name = Restrict structure edit
+dbp_permission_edit_metadata_description = Restrict structure (metadata) changes, like tables create
+dbp_permission_execute_scripts_name = Restrict script execute
+dbp_permission_execute_scripts_description = Restrict custom user scripts (SQL) execution
+dbp_permission_import_data_name = Restrict data import
+dbp_permission_import_data_description = Restrict importing data

plugins/org.jkiss.dbeaver.model/src/org/jkiss/dbeaver/model/messages/ModelResources_ru.properties

@@ -57,3 +57,12 @@ dialog_connection_wizard_start_connection_monitor_success=\u0423\u0441\u043F\u04
 dialog_connection_wizard_start_connection_monitor_thread=\u041F\u0440\u043E\u0432\u0435\u0440\u043A\u0430 \u0441\u043E\u0435\u0434\u0438\u043D\u0435\u043D\u0438\u044F \u0441 \u0438\u0441\u0442\u043E\u0447\u043D\u0438\u043A\u043E\u043C \u0434\u0430\u043D\u043D\u044B\u0445
 dialog_connection_wizard_start_dialog_error_message=\u041E\u0448\u0438\u0431\u043A\u0430 \u0441\u043E\u0435\u0434\u0438\u043D\u0435\u043D\u0438\u044F \u0441 \u0411\u0414
 dialog_connection_wizard_start_connection_monitor_connected=\u0421\u043E\u0435\u0434\u0438\u043D\u0435\u043D\u043E ({0} \u043C\u0441)
+
+dbp_permission_edit_data_name = \u0417\u0430\u043F\u0440\u0435\u0442\u0438\u0442\u044C \u0438\u0437\u043C\u0435\u043D\u0435\u043D\u0438\u0435 \u0434\u0430\u043D\u043D\u044B\u0445
+dbp_permission_edit_data_description = \u0417\u0430\u043F\u0440\u0435\u0442\u0438\u0442\u044C \u043F\u0440\u044F\u043C\u0443\u044E \u043C\u043E\u0434\u0438\u0444\u0438\u043A\u0430\u0446\u0438\u044E \u0434\u0430\u043D\u043D\u044B\u0445
+dbp_permission_edit_metadata_name = \u0417\u0430\u043F\u0440\u0435\u0442\u0438\u0442\u044C \u0438\u0437\u043C\u0435\u043D\u0435\u043D\u0438\u0435 \u0441\u0442\u0443\u043A\u0442\u0443\u0440\u044B
+dbp_permission_edit_metadata_description = \u0417\u0430\u043F\u0440\u0435\u0442\u0438\u0442\u044C \u0438\u0437\u043C\u0435\u043D\u0435\u043D\u0438\u0435 \u0441\u0442\u0440\u0443\u043A\u0442\u0443\u0440\u044B (\u043D\u0430\u043F\u0440\u0438\u043C\u0435\u0440 \u0441\u043E\u0437\u0434\u0430\u043D\u0438\u0435 \u0442\u0430\u0431\u043B\u0438\u0446)
+dbp_permission_execute_scripts_name = \u0417\u0430\u043F\u0440\u0435\u0442\u0438\u0442\u044C \u0432\u044B\u043F\u043E\u043B\u043D\u0435\u043D\u0438\u0435 \u0441\u043A\u0440\u0438\u043F\u0442\u043E\u0432
+dbp_permission_execute_scripts_description = \u0417\u0430\u043F\u0440\u0435\u0442\u0438\u0442\u044C \u0432\u044B\u043F\u043E\u043B\u043D\u0435\u043D\u0438\u0435 \u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u0435\u043B\u044C\u0441\u043A\u0438\u0445 SQL \u0441\u043A\u0440\u0438\u043F\u0442\u043E\u0432
+dbp_permission_import_data_name = \u0417\u0430\u043F\u0440\u0435\u0442\u0438\u0442\u044C \u0438\u043C\u043F\u043E\u0440\u0442 \u0434\u0430\u043D\u043D\u044B\u0445
+dbp_permission_import_data_description = \u0417\u0430\u043F\u0440\u0435\u0442\u0438\u0442\u044C \u0438\u043C\u043F\u043E\u0440\u0442 \u0434\u0430\u043D\u043D\u044B\u0445