diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2002-04-27 03:45:03 +0000 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2002-04-27 03:45:03 +0000 |
| commit | 31c775adeb2251a9c66328cbc9016877e5e4f085 (patch) | |
| tree | 065014ccecaae449f8a1c977319e823d54364c4b /src/backend/commands/aggregatecmds.c | |
| parent | aafe72efb2d9a01db77bacf94b9b103042b5eb60 (diff) | |
| download | postgresql-31c775adeb2251a9c66328cbc9016877e5e4f085.tar.gz postgresql-31c775adeb2251a9c66328cbc9016877e5e4f085.zip | |
Restructure aclcheck error reporting to make permission-failure
messages more uniform and internationalizable: the global array
aclcheck_error_strings[] is gone in favor of a subroutine
aclcheck_error(). Partial implementation of namespace-related
permission checks --- not all done yet.
Diffstat (limited to 'src/backend/commands/aggregatecmds.c')
| -rw-r--r-- | src/backend/commands/aggregatecmds.c | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/src/backend/commands/aggregatecmds.c b/src/backend/commands/aggregatecmds.c index 7ee0c8f0784..c3c1ed16dfc 100644 --- a/src/backend/commands/aggregatecmds.c +++ b/src/backend/commands/aggregatecmds.c @@ -9,7 +9,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/commands/aggregatecmds.c,v 1.1 2002/04/15 05:22:03 tgl Exp $ + * $Header: /cvsroot/pgsql/src/backend/commands/aggregatecmds.c,v 1.2 2002/04/27 03:45:00 tgl Exp $ * * DESCRIPTION * The "DefineFoo" routines take the parse tree and pick out the @@ -26,6 +26,7 @@ #include "catalog/catname.h" #include "catalog/namespace.h" #include "catalog/pg_aggregate.h" +#include "catalog/pg_proc.h" #include "commands/comment.h" #include "commands/defrem.h" #include "miscadmin.h" @@ -45,6 +46,7 @@ DefineAggregate(List *names, List *parameters) { char *aggName; Oid aggNamespace; + AclResult aclresult; List *transfuncName = NIL; List *finalfuncName = NIL; TypeName *baseType = NULL; @@ -57,6 +59,11 @@ DefineAggregate(List *names, List *parameters) /* Convert list of names to a name and namespace */ aggNamespace = QualifiedNameGetCreationNamespace(names, &aggName); + /* Check we have creation rights in target namespace */ + aclresult = pg_namespace_aclcheck(aggNamespace, GetUserId(), ACL_CREATE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, get_namespace_name(aggNamespace)); + foreach(pl, parameters) { DefElem *defel = (DefElem *) lfirst(pl); @@ -157,20 +164,6 @@ RemoveAggregate(List *aggName, TypeName *aggType) procOid = find_aggregate_func("RemoveAggregate", aggName, basetypeID); - /* Permission check */ - - if (!pg_proc_ownercheck(procOid, GetUserId())) - { - if (basetypeID == InvalidOid) - elog(ERROR, "RemoveAggregate: aggregate %s for all types: permission denied", - NameListToString(aggName)); - else - elog(ERROR, "RemoveAggregate: aggregate %s for type %s: permission denied", - NameListToString(aggName), format_type_be(basetypeID)); - } - - /* Remove the pg_proc tuple */ - relation = heap_openr(ProcedureRelationName, RowExclusiveLock); tup = SearchSysCache(PROCOID, @@ -180,9 +173,16 @@ RemoveAggregate(List *aggName, TypeName *aggType) elog(ERROR, "RemoveAggregate: couldn't find pg_proc tuple for %s", NameListToString(aggName)); + /* Permission check: must own agg or its namespace */ + if (!pg_proc_ownercheck(procOid, GetUserId()) && + !pg_namespace_ownercheck(((Form_pg_proc) GETSTRUCT(tup))->pronamespace, + GetUserId())) + aclcheck_error(ACLCHECK_NOT_OWNER, NameListToString(aggName)); + /* Delete any comments associated with this function */ DeleteComments(procOid, RelationGetRelid(relation)); + /* Remove the pg_proc tuple */ simple_heap_delete(relation, &tup->t_self); ReleaseSysCache(tup); |