Re: Extending grant insert on tables to sequences - Mailing list pgsql-hackers
| From | Bruce Momjian |
|---|---|
| Subject | Re: Extending grant insert on tables to sequences |
| Date | |
| Msg-id | 200808230319.m7N3Jr106362@momjian.us Whole thread Raw |
| In response to | Re: Extending grant insert on tables to sequences (Abhijit Menon-Sen <ams@oryx.com>) |
| Responses |
Re: Extending grant insert on tables to sequences
("Jaime Casanova" <jcasanov@systemguards.com.ec>)
Re: Extending grant insert on tables to sequences ("Jaime Casanova" <jcasanov@systemguards.com.ec>) |
| List | pgsql-hackers |
Added to September commit fest.
---------------------------------------------------------------------------
Abhijit Menon-Sen wrote:
> At 2008-07-09 15:11:25 -0400, alvherre@commandprompt.com wrote:
> >
> > No, actually I meant having a lone "list = lappend(list, newseq);" in
> > the loop, so that ExecGrantStmt_oids is called only once.
>
> Yes, I understand what you meant. I just phrased my agreement poorly.
> Here's a more precise phrasing. ;-)
>
> (I agree with Robert Treat that there seems to be no point granting
> SELECT on the sequence. I don't *particularly* care about it, but I
> tend towards wanting to drop that bit. This patch reflects that.)
>
> Jaime: please feel free to use or ignore this, as you wish.
>
> -- ams
>
> diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c
> index 15f5af0..8664203 100644
> --- a/src/backend/catalog/aclchk.c
> +++ b/src/backend/catalog/aclchk.c
> @@ -361,6 +361,41 @@ ExecuteGrantStmt(GrantStmt *stmt)
> }
>
> ExecGrantStmt_oids(&istmt);
> +
> + /* If INSERT or UPDATE privileges are being granted or revoked on a
> + * relation, this extends the operation to include any sequences
> + * owned by the relation.
> + */
> +
> + if (istmt.objtype == ACL_OBJECT_RELATION &&
> + (istmt.privileges & (ACL_INSERT | ACL_UPDATE)))
> + {
> + InternalGrant istmt_seq;
> +
> + istmt_seq.is_grant = istmt.is_grant;
> + istmt_seq.objtype = ACL_OBJECT_SEQUENCE;
> + istmt_seq.grantees = istmt.grantees;
> + istmt_seq.grant_option = istmt.grant_option;
> + istmt_seq.behavior = istmt.behavior;
> + istmt_seq.all_privs = false;
> +
> + istmt_seq.privileges = ACL_NO_RIGHTS;
> + if (istmt.privileges & ACL_INSERT)
> + istmt_seq.privileges |= ACL_USAGE;
> + if (istmt.privileges & ACL_UPDATE)
> + istmt_seq.privileges |= ACL_UPDATE;
> +
> + istmt_seq.objects = NIL;
> + foreach (cell, istmt.objects)
> + {
> + istmt_seq.objects =
> + list_concat(istmt_seq.objects,
> + getOwnedSequences(lfirst_oid(cell)));
> + }
> +
> + if (istmt_seq.objects != NIL)
> + ExecGrantStmt_oids(&istmt_seq);
> + }
> }
>
> /*
>
> --
> Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-hackers
-- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB
http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
pgsql-hackers by date: