2010/5/24 KaiGai Kohei <kaigai@ak.jp.nec.com>:
> BTW, I guess the reason why permissions on attributes are not checked here is
> that we missed it at v8.4 development.
That's a little worrying. Can you construct and post a test case
where this results in a user-visible failure in CVS HEAD?
> The attached patch provides a common checker function of DML, and modifies
> ExecCheckRTPerms(), CopyTo() and RI_Initial_Check() to call the checker
> function instead of individual ACL checks.
This looks pretty sane to me, although I have not done a full review.
I am disinclined to create a whole new directory for it. I think the
new function should go in src/backend/catalog/aclchk.c and be declared
in src/include/utils/acl.h. If that sounds reasonable to you, please
revise and post an updated patch.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise Postgres Company