diff options
| author | Peter Eisentraut <peter@eisentraut.org> | 2022-11-13 08:11:17 +0100 |
|---|---|---|
| committer | Peter Eisentraut <peter@eisentraut.org> | 2022-11-13 08:12:37 +0100 |
| commit | afbfc02983f86c4d71825efa6befd547fe81a926 (patch) | |
| tree | 0cff343b85d5c01fb022e0433d89f5d350609fd4 /src/backend/commands/indexcmds.c | |
| parent | b4b7ce8061d34cea2b4915c41403b2a74d5fde0e (diff) | |
| download | postgresql-afbfc02983f86c4d71825efa6befd547fe81a926.tar.gz postgresql-afbfc02983f86c4d71825efa6befd547fe81a926.zip | |
Refactor ownercheck functions
Instead of dozens of mostly-duplicate pg_foo_ownercheck() functions,
write one common function object_ownercheck() that can handle almost
all of them. We already have all the information we need, such as
which system catalog corresponds to which catalog table and which
column is the owner column.
Reviewed-by: Corey Huinker <corey.huinker@gmail.com>
Reviewed-by: Antonin Houska <ah@cybertec.at>
Discussion: https://www.postgresql.org/message-id/flat/95c30f96-4060-2f48-98b5-a4392d3b6066@enterprisedb.com
Diffstat (limited to 'src/backend/commands/indexcmds.c')
| -rw-r--r-- | src/backend/commands/indexcmds.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/src/backend/commands/indexcmds.c b/src/backend/commands/indexcmds.c index 659e1895494..aadd67b07f5 100644 --- a/src/backend/commands/indexcmds.c +++ b/src/backend/commands/indexcmds.c @@ -27,7 +27,9 @@ #include "catalog/indexing.h" #include "catalog/pg_am.h" #include "catalog/pg_constraint.h" +#include "catalog/pg_database.h" #include "catalog/pg_inherits.h" +#include "catalog/pg_namespace.h" #include "catalog/pg_opclass.h" #include "catalog/pg_opfamily.h" #include "catalog/pg_tablespace.h" @@ -2790,7 +2792,7 @@ RangeVarCallbackForReindexIndex(const RangeVar *relation, errmsg("\"%s\" is not an index", relation->relname))); /* Check permissions */ - if (!pg_class_ownercheck(relId, GetUserId())) + if (!object_ownercheck(RelationRelationId, relId, GetUserId())) aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_INDEX, relation->relname); /* Lock heap before index to avoid deadlock. */ @@ -2914,7 +2916,7 @@ ReindexMultipleTables(const char *objectName, ReindexObjectType objectKind, { objectOid = get_namespace_oid(objectName, false); - if (!pg_namespace_ownercheck(objectOid, GetUserId())) + if (!object_ownercheck(NamespaceRelationId, objectOid, GetUserId())) aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_SCHEMA, objectName); } @@ -2926,7 +2928,7 @@ ReindexMultipleTables(const char *objectName, ReindexObjectType objectKind, ereport(ERROR, (errcode(ERRCODE_FEATURE_NOT_SUPPORTED), errmsg("can only reindex the currently open database"))); - if (!pg_database_ownercheck(objectOid, GetUserId())) + if (!object_ownercheck(DatabaseRelationId, objectOid, GetUserId())) aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_DATABASE, get_database_name(objectOid)); } @@ -3000,13 +3002,13 @@ ReindexMultipleTables(const char *objectName, ReindexObjectType objectKind, /* * The table can be reindexed if the user is superuser, the table * owner, or the database/schema owner (but in the latter case, only - * if it's not a shared relation). pg_class_ownercheck includes the + * if it's not a shared relation). object_ownercheck includes the * superuser case, and depending on objectKind we already know that * the user has permission to run REINDEX on this database or schema * per the permission checks at the beginning of this routine. */ if (classtuple->relisshared && - !pg_class_ownercheck(relid, GetUserId())) + !object_ownercheck(RelationRelationId, relid, GetUserId())) continue; /* |