| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Abhijit Menon-Sen <ams(at)oryx(dot)com> |
| Cc: | Alvaro Herrera <alvherre(at)commandprompt(dot)com>, Jaime Casanova <systemguards(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Extending grant insert on tables to sequences |
| Date: | 2008-08-23 03:19:53 |
| Message-ID: | 200808230319.m7N3Jr106362@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pgsql-patches |
Added to September commit fest.
---------------------------------------------------------------------------
Abhijit Menon-Sen wrote:
> At 2008-07-09 15:11:25 -0400, alvherre(at)commandprompt(dot)com wrote:
> >
> > No, actually I meant having a lone "list = lappend(list, newseq);" in
> > the loop, so that ExecGrantStmt_oids is called only once.
>
> Yes, I understand what you meant. I just phrased my agreement poorly.
> Here's a more precise phrasing. ;-)
>
> (I agree with Robert Treat that there seems to be no point granting
> SELECT on the sequence. I don't *particularly* care about it, but I
> tend towards wanting to drop that bit. This patch reflects that.)
>
> Jaime: please feel free to use or ignore this, as you wish.
>
> -- ams
>
> diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c
> index 15f5af0..8664203 100644
> --- a/src/backend/catalog/aclchk.c
> +++ b/src/backend/catalog/aclchk.c
> @@ -361,6 +361,41 @@ ExecuteGrantStmt(GrantStmt *stmt)
> }
>
> ExecGrantStmt_oids(&istmt);
> +
> + /* If INSERT or UPDATE privileges are being granted or revoked on a
> + * relation, this extends the operation to include any sequences
> + * owned by the relation.
> + */
> +
> + if (istmt.objtype == ACL_OBJECT_RELATION &&
> + (istmt.privileges & (ACL_INSERT | ACL_UPDATE)))
> + {
> + InternalGrant istmt_seq;
> +
> + istmt_seq.is_grant = istmt.is_grant;
> + istmt_seq.objtype = ACL_OBJECT_SEQUENCE;
> + istmt_seq.grantees = istmt.grantees;
> + istmt_seq.grant_option = istmt.grant_option;
> + istmt_seq.behavior = istmt.behavior;
> + istmt_seq.all_privs = false;
> +
> + istmt_seq.privileges = ACL_NO_RIGHTS;
> + if (istmt.privileges & ACL_INSERT)
> + istmt_seq.privileges |= ACL_USAGE;
> + if (istmt.privileges & ACL_UPDATE)
> + istmt_seq.privileges |= ACL_UPDATE;
> +
> + istmt_seq.objects = NIL;
> + foreach (cell, istmt.objects)
> + {
> + istmt_seq.objects =
> + list_concat(istmt_seq.objects,
> + getOwnedSequences(lfirst_oid(cell)));
> + }
> +
> + if (istmt_seq.objects != NIL)
> + ExecGrantStmt_oids(&istmt_seq);
> + }
> }
>
> /*
>
> --
> Sent via pgsql-hackers mailing list (pgsql-hackers(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-hackers
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2008-08-23 03:24:31 | Re: review: table function support |
| Previous Message | Tatsuo Ishii | 2008-08-23 02:33:13 | Re: [HACKERS] WITH RECURSIVE patches 0818 |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2008-08-23 03:24:31 | Re: review: table function support |
| Previous Message | Tatsuo Ishii | 2008-08-23 02:33:13 | Re: [HACKERS] WITH RECURSIVE patches 0818 |