diff options
| author | Alvaro Herrera <alvherre@alvh.no-ip.org> | 2005-11-21 12:49:33 +0000 |
|---|---|---|
| committer | Alvaro Herrera <alvherre@alvh.no-ip.org> | 2005-11-21 12:49:33 +0000 |
| commit | cec3b0a9e63fd94b05dac894cca8bfa51358afec (patch) | |
| tree | 464377c39a1b3f42b4d2ab82a261e9a603fa1220 /src/backend/commands/user.c | |
| parent | c52795d18a698d25b9cd7cd1ca9318a42b08fdb9 (diff) | |
| download | postgresql-cec3b0a9e63fd94b05dac894cca8bfa51358afec.tar.gz postgresql-cec3b0a9e63fd94b05dac894cca8bfa51358afec.zip | |
Implement DROP OWNED and REASSIGN OWNED. These new commands facilitate the
process of dropping roles by dropping objects owned by them and privileges
granted to them, or giving the owned objects to someone else, through the
use of the data stored in the new pg_shdepend catalog.
Some refactoring of the GRANT/REVOKE code was needed, as well as ALTER OWNER
code. Further cleanup of code duplication in the GRANT code seems necessary.
Implemented by me after an idea from Tom Lane, who also provided various kind
of implementation advice.
Regression tests pass. Some tests for the new functionality are also added,
as well as rudimentary documentation.
Diffstat (limited to 'src/backend/commands/user.c')
| -rw-r--r-- | src/backend/commands/user.c | 63 |
1 files changed, 62 insertions, 1 deletions
diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c index 91befbc6aba..9ac3c8a97ef 100644 --- a/src/backend/commands/user.c +++ b/src/backend/commands/user.c @@ -6,7 +6,7 @@ * Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group * Portions Copyright (c) 1994, Regents of the University of California * - * $PostgreSQL: pgsql/src/backend/commands/user.c,v 1.164 2005/11/04 17:25:15 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/commands/user.c,v 1.165 2005/11/21 12:49:31 alvherre Exp $ * *------------------------------------------------------------------------- */ @@ -1119,6 +1119,67 @@ GrantRole(GrantRoleStmt *stmt) } /* + * DropOwnedObjects + * + * Drop the objects owned by a given list of roles. + */ +void +DropOwnedObjects(DropOwnedStmt *stmt) +{ + List *role_ids = roleNamesToIds(stmt->roles); + ListCell *cell; + + /* Check privileges */ + foreach (cell, role_ids) + { + Oid roleid = lfirst_oid(cell); + + if (!has_privs_of_role(GetUserId(), roleid)) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("permission denied to drop objects"))); + } + + /* Ok, do it */ + shdepDropOwned(role_ids, stmt->behavior); +} + +/* + * ReassignOwnedObjects + * + * Give the objects owned by a given list of roles away to another user. + */ +void +ReassignOwnedObjects(ReassignOwnedStmt *stmt) +{ + List *role_ids = roleNamesToIds(stmt->roles); + ListCell *cell; + Oid newrole; + + /* Check privileges */ + foreach (cell, role_ids) + { + Oid roleid = lfirst_oid(cell); + + if (!has_privs_of_role(GetUserId(), roleid)) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("permission denied to reassign objects"))); + } + + /* Must have privileges on the receiving side too */ + newrole = get_roleid_checked(stmt->newrole); + + if (!has_privs_of_role(GetUserId(), newrole)) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("permission denied to reassign objects"))); + + /* Ok, do it */ + shdepReassignOwned(role_ids, newrole); +} + +/* * roleNamesToIds * * Given a list of role names (as String nodes), generate a list of role OIDs |