Re: [PATCH] DefaultACLs - Mailing list pgsql-hackers

From Petr Jelinek
Subject Re: [PATCH] DefaultACLs
Date
Msg-id 4A61BAF2.7070709@pjmodos.net
Whole thread Raw
In response to Re: [PATCH] DefaultACLs  (Joshua Tolley <eggyknap@gmail.com>)
List pgsql-hackers
Joshua Tolley wrote:
> First, as you've already pointed out, this needs documentation.
>
/me looks at Stephen ;)

> Once I added the missing semicolon mentioned earlier, it applies and builds
>
As we discussed outside of list, my compiler didn't picked that one
because I didn't use --enable-cassert .

> fine. The regression tests, however, seem to assume that they'll be run as the
> postgres user, and the privileges test failed.
Oh I thought they are always run under *database user* postgres, my bad,
I reworked them and the are probably better as a result.

> Very minor stylistic or comment issues:
>
> * There's a stray newline added in pg_class.h (no other changes were made to
>   that file by this patch)
>
Fixed, probably I either pressed enter by mistake while viewing that
file or it was some merging problem when updating my working copy.

> * It feels to me like the comment "Continue with standard grant" in aclchk.c
>   interrupts the flow of the code, though such a comment was likely useful
>   when the patch was being written.
>
Ok I removed that comment.

> * pg_namespace_default_acl.h:71 should read "objects stored *in* pg_class"
>
Fixed.

> * The comment at the beginning of InsertPgClassTuple() in catalog/heap.c
>   should probably be updated to say that relation's ACLs aren't always NULL by
>   default
>
Done.

> * copy_from in gram.y got changed to to_from, but to_from isn't ever used in
>   the default ACL grammar. I wondered if this was changed so you could use the
>   same TO/FROM code as COPY uses, and then you decided to hardcode TO and FROM?
>
Yes, that's more or less what happened.

> In my perusal of the patch, I didn't see any code that screamed at me as
> though it were a bad idea; quite likely there weren't any really bad ideas but
> I can't say with confidence I'd have spotted them if there were. The addition
> of both the NSPDEFACLOBJ_* defines alongside the NSP_ACL_OBJ_* defines kinda
> made me think there were too many sets of constants that had to be kept in
> sync, but I'm not sure that's much of an issue in reality, given how unlikely
> it is that schema object types to which default ACLs should apply are likely
> to be added or removed.
>
Well the problem you see is not really a problem IMHO because most of
code I've seen does not use actual catalog values inside gram.y/parser
so I didn't use them either.

But there is one problem there that also affects GRANT ON ALL patch and
that was discussed previously (see
http://archives.postgresql.org/pgsql-hackers/2009-07/msg00957.php and
the rest of the thread from there). One (or both) of those patches will
have to be adjusted but only commiter can decide that IMHO (I am happy
to make any necessary changes but I really don't know which of the 3
solutions is better).

> I don't know how patches that require catalog version changes are generally
> handled; should the patch include that change?
>
Than can reasonably be done only at commit time so it's up to commiter.

I attached updated version of the patch per your comments. Let's hope I
didn't introduce new problems :)

Thanks for your time.

--
Regards
Petr Jelinek (PJMODOS)


Attachment

pgsql-hackers by date:

Previous
From: Martijn van Oosterhout
Date:
Subject: Re: [PATCH] SE-PgSQL/tiny rev.2193
Next
From: Michael Meskes
Date:
Subject: Re: ECPG support for struct in INTO list