src/backend/catalog/aclchk.c

Total Lines

modified

Covered

47.6%

Uncovered

52.4%

키보드 네비게이션

↑W 이전 미실행

↓S 다음 미실행

←A 이전 수정

→D 다음 수정

PgUpQ 이전함수

PgDnE 다음함수

HomeC-A 시작

EndC-E 끝

ESCBS 목록

restrict_and_check_grant() lines 240-388

Modified Lines Coverage: 0/3 lines (0.0%)

Line	Hits	Source	Commit
240	-	restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs,	-
241	-	AclMode privileges, Oid objectId, Oid grantorId,	-
242	-	ObjectType objtype, const char *objname,	-
243	-	AttrNumber att_number, const char *colname)	-
244	-	{	-
245	-	AclMode this_privileges;	-
246	-	AclMode whole_mask;	-
247	-		-
248	-	switch (objtype)	-
249	-	{	-
250	-	case OBJECT_COLUMN:	-
251	-	whole_mask = ACL_ALL_RIGHTS_COLUMN;	-
252	-	break;	-
253	-	case OBJECT_TABLE:	-
254	-	whole_mask = ACL_ALL_RIGHTS_RELATION;	-
255	-	break;	-
256	-	case OBJECT_SEQUENCE:	-
257	-	whole_mask = ACL_ALL_RIGHTS_SEQUENCE;	-
258	-	break;	-
259	-	case OBJECT_DATABASE:	-
260	-	whole_mask = ACL_ALL_RIGHTS_DATABASE;	-
261	-	break;	-
262	-	case OBJECT_FUNCTION:	-
263	-	whole_mask = ACL_ALL_RIGHTS_FUNCTION;	-
264	-	break;	-
265	-	case OBJECT_LANGUAGE:	-
266	-	whole_mask = ACL_ALL_RIGHTS_LANGUAGE;	-
267	-	break;	-
268	-	case OBJECT_LARGEOBJECT:	-
269	-	whole_mask = ACL_ALL_RIGHTS_LARGEOBJECT;	-
270	-	break;	-
271	-	case OBJECT_SCHEMA:	-
272	-	whole_mask = ACL_ALL_RIGHTS_SCHEMA;	-
273	-	break;	-
274	-	case OBJECT_TABLESPACE:	-
275	-	whole_mask = ACL_ALL_RIGHTS_TABLESPACE;	-
276	-	break;	-
277	-	case OBJECT_FDW:	-
278	-	whole_mask = ACL_ALL_RIGHTS_FDW;	-
279	-	break;	-
280	-	case OBJECT_FOREIGN_SERVER:	-
281	-	whole_mask = ACL_ALL_RIGHTS_FOREIGN_SERVER;	-
282	-	break;	-
283	-	case OBJECT_EVENT_TRIGGER:	-
284	-	elog(ERROR, "grantable rights not supported for event triggers");	-
285	-	/* not reached, but keep compiler quiet */	-
286	-	return ACL_NO_RIGHTS;	-
287	-	case OBJECT_TYPE:	-
288	-	whole_mask = ACL_ALL_RIGHTS_TYPE;	-
289	-	break;	-
290	-	case OBJECT_PARAMETER_ACL:	-
291	-	whole_mask = ACL_ALL_RIGHTS_PARAMETER_ACL;	-
292	-	break;	-
293	0	case OBJECT_PROPGRAPH:	86c14eaWIP: SQL Property Graph Queries (SQL/PGQ)
294	0	whole_mask = ACL_ALL_RIGHTS_PROPGRAPH;	86c14eaWIP: SQL Property Graph Queries (SQL/PGQ)
295	0	break;	86c14eaWIP: SQL Property Graph Queries (SQL/PGQ)
296	-	default:	-
297	-	elog(ERROR, "unrecognized object type: %d", objtype);	-
298	-	/* not reached, but keep compiler quiet */	-
299	-	return ACL_NO_RIGHTS;	-
300	-	}	-
301	-		-
302	-	/*	-
303	-	* If we found no grant options, consider whether to issue a hard error.	-
304	-	* Per spec, having any privilege at all on the object will get you by	-
305	-	* here.	-
306	-	*/	-
307	-	if (avail_goptions == ACL_NO_RIGHTS)	-
308	-	{	-
309	-	if (pg_aclmask(objtype, objectId, att_number, grantorId,	-
310	-	whole_mask \| ACL_GRANT_OPTION_FOR(whole_mask),	-
311	-	ACLMASK_ANY) == ACL_NO_RIGHTS)	-
312	-	{	-
313	-	if (objtype == OBJECT_COLUMN && colname)	-
314	-	aclcheck_error_col(ACLCHECK_NO_PRIV, objtype, objname, colname);	-
315	-	else	-
316	-	aclcheck_error(ACLCHECK_NO_PRIV, objtype, objname);	-
317	-	}	-
318	-	}	-
319	-		-
320	-	/*	-
321	-	* Restrict the operation to what we can actually grant or revoke, and	-
322	-	* issue a warning if appropriate. (For REVOKE this isn't quite what the	-
323	-	* spec says to do: the spec seems to want a warning only if no privilege	-
324	-	* bits actually change in the ACL. In practice that behavior seems much	-
325	-	* too noisy, as well as inconsistent with the GRANT case.)	-
326	-	*/	-
327	-	this_privileges = privileges & ACL_OPTION_TO_PRIVS(avail_goptions);	-
328	-	if (is_grant)	-
329	-	{	-
330	-	if (this_privileges == 0)	-
331	-	{	-
332	-	if (objtype == OBJECT_COLUMN && colname)	-
333	-	ereport(WARNING,	-
334	-	(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),	-
335	-	errmsg("no privileges were granted for column \"%s\" of relation \"%s\"",	-
336	-	colname, objname)));	-
337	-	else	-
338	-	ereport(WARNING,	-
339	-	(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),	-
340	-	errmsg("no privileges were granted for \"%s\"",	-
341	-	objname)));	-
342	-	}	-
343	-	else if (!all_privs && this_privileges != privileges)	-
344	-	{	-
345	-	if (objtype == OBJECT_COLUMN && colname)	-
346	-	ereport(WARNING,	-
347	-	(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),	-
348	-	errmsg("not all privileges were granted for column \"%s\" of relation \"%s\"",	-
349	-	colname, objname)));	-
350	-	else	-
351	-	ereport(WARNING,	-
352	-	(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),	-
353	-	errmsg("not all privileges were granted for \"%s\"",	-
354	-	objname)));	-
355	-	}	-
356	-	}	-
357	-	else	-
358	-	{	-
359	-	if (this_privileges == 0)	-
360	-	{	-
361	-	if (objtype == OBJECT_COLUMN && colname)	-
362	-	ereport(WARNING,	-
363	-	(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),	-
364	-	errmsg("no privileges could be revoked for column \"%s\" of relation \"%s\"",	-
365	-	colname, objname)));	-
366	-	else	-
367	-	ereport(WARNING,	-
368	-	(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),	-
369	-	errmsg("no privileges could be revoked for \"%s\"",	-
370	-	objname)));	-
371	-	}	-
372	-	else if (!all_privs && this_privileges != privileges)	-
373	-	{	-
374	-	if (objtype == OBJECT_COLUMN && colname)	-
375	-	ereport(WARNING,	-
376	-	(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),	-
377	-	errmsg("not all privileges could be revoked for column \"%s\" of relation \"%s\"",	-
378	-	colname, objname)));	-
379	-	else	-
380	-	ereport(WARNING,	-
381	-	(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),	-
382	-	errmsg("not all privileges could be revoked for \"%s\"",	-
383	-	objname)));	-
384	-	}	-
385	-	}	-
386	-		-
387	-	return this_privileges;	-
388	-	}	-

ExecuteGrantStmt() lines 394-600

Modified Lines Coverage: 4/4 lines (100.0%)

Line	Hits	Source	Commit
394	-	ExecuteGrantStmt(GrantStmt *stmt)	-
395	-	{	-
396	-	InternalGrant istmt;	-
397	-	ListCell *cell;	-
398	-	const char *errormsg;	-
399	-	AclMode all_privileges;	-
400	-		-
401	-	if (stmt->grantor)	-
402	-	{	-
403	-	Oid grantor;	-
404	-		-
405	-	grantor = get_rolespec_oid(stmt->grantor, false);	-
406	-		-
407	-	/*	-
408	-	* Currently, this clause is only for SQL compatibility, not very	-
409	-	* interesting otherwise.	-
410	-	*/	-
411	-	if (grantor != GetUserId())	-
412	-	ereport(ERROR,	-
413	-	(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),	-
414	-	errmsg("grantor must be current user")));	-
415	-	}	-
416	-		-
417	-	/*	-
418	-	* Turn the regular GrantStmt into the InternalGrant form.	-
419	-	*/	-
420	-	istmt.is_grant = stmt->is_grant;	-
421	-	istmt.objtype = stmt->objtype;	-
422	-		-
423	-	/* Collect the OIDs of the target objects */	-
424	-	switch (stmt->targtype)	-
425	-	{	-
426	-	case ACL_TARGET_OBJECT:	-
427	-	istmt.objects = objectNamesToOids(stmt->objtype, stmt->objects,	-
428	-	stmt->is_grant);	-
429	-	break;	-
430	-	case ACL_TARGET_ALL_IN_SCHEMA:	-
431	-	istmt.objects = objectsInSchemaToOids(stmt->objtype, stmt->objects);	-
432	-	break;	-
433	-	/* ACL_TARGET_DEFAULTS should not be seen here */	-
434	-	default:	-
435	-	elog(ERROR, "unrecognized GrantStmt.targtype: %d",	-
436	-	(int) stmt->targtype);	-
437	-	}	-
438	-		-
439	-	/* all_privs to be filled below */	-
440	-	/* privileges to be filled below */	-
441	-	istmt.col_privs = NIL; /* may get filled below */	-
442	-	istmt.grantees = NIL; /* filled below */	-
443	-	istmt.grant_option = stmt->grant_option;	-
444	-	istmt.behavior = stmt->behavior;	-
445	-		-
446	-	/*	-
447	-	* Convert the RoleSpec list into an Oid list. Note that at this point we	-
448	-	* insert an ACL_ID_PUBLIC into the list if appropriate, so downstream	-
449	-	* there shouldn't be any additional work needed to support this case.	-
450	-	*/	-
451	-	foreach(cell, stmt->grantees)	-
452	-	{	-
453	-	RoleSpec grantee = (RoleSpec ) lfirst(cell);	-
454	-	Oid grantee_uid;	-
455	-		-
456	-	switch (grantee->roletype)	-
457	-	{	-
458	-	case ROLESPEC_PUBLIC:	-
459	-	grantee_uid = ACL_ID_PUBLIC;	-
460	-	break;	-
461	-	default:	-
462	-	grantee_uid = get_rolespec_oid(grantee, false);	-
463	-	break;	-
464	-	}	-
465	-	istmt.grantees = lappend_oid(istmt.grantees, grantee_uid);	-
466	-	}	-
467	-		-
468	-	/*	-
469	-	* Convert stmt->privileges, a list of AccessPriv nodes, into an AclMode	-
470	-	* bitmask. Note: objtype can't be OBJECT_COLUMN.	-
471	-	*/	-
472	-	switch (stmt->objtype)	-
473	-	{	-
474	-	case OBJECT_TABLE:	-
475	-		-
476	-	/*	-
477	-	* Because this might be a sequence, we test both relation and	-
478	-	* sequence bits, and later do a more limited test when we know	-
479	-	* the object type.	-
480	-	*/	-
481	-	all_privileges = ACL_ALL_RIGHTS_RELATION \| ACL_ALL_RIGHTS_SEQUENCE;	-
482	-	errormsg = gettext_noop("invalid privilege type %s for relation");	-
483	-	break;	-
484	-	case OBJECT_SEQUENCE:	-
485	-	all_privileges = ACL_ALL_RIGHTS_SEQUENCE;	-
486	-	errormsg = gettext_noop("invalid privilege type %s for sequence");	-
487	-	break;	-
488	-	case OBJECT_DATABASE:	-
489	-	all_privileges = ACL_ALL_RIGHTS_DATABASE;	-
490	-	errormsg = gettext_noop("invalid privilege type %s for database");	-
491	-	break;	-
492	-	case OBJECT_DOMAIN:	-
493	-	all_privileges = ACL_ALL_RIGHTS_TYPE;	-
494	-	errormsg = gettext_noop("invalid privilege type %s for domain");	-
495	-	break;	-
496	-	case OBJECT_FUNCTION:	-
497	-	all_privileges = ACL_ALL_RIGHTS_FUNCTION;	-
498	-	errormsg = gettext_noop("invalid privilege type %s for function");	-
499	-	break;	-
500	-	case OBJECT_LANGUAGE:	-
501	-	all_privileges = ACL_ALL_RIGHTS_LANGUAGE;	-
502	-	errormsg = gettext_noop("invalid privilege type %s for language");	-
503	-	break;	-
504	-	case OBJECT_LARGEOBJECT:	-
505	-	all_privileges = ACL_ALL_RIGHTS_LARGEOBJECT;	-
506	-	errormsg = gettext_noop("invalid privilege type %s for large object");	-
507	-	break;	-
508	-	case OBJECT_SCHEMA:	-
509	-	all_privileges = ACL_ALL_RIGHTS_SCHEMA;	-
510	-	errormsg = gettext_noop("invalid privilege type %s for schema");	-
511	-	break;	-
512	-	case OBJECT_PROCEDURE:	-
513	-	all_privileges = ACL_ALL_RIGHTS_FUNCTION;	-
514	-	errormsg = gettext_noop("invalid privilege type %s for procedure");	-
515	-	break;	-
516	-	case OBJECT_ROUTINE:	-
517	-	all_privileges = ACL_ALL_RIGHTS_FUNCTION;	-
518	-	errormsg = gettext_noop("invalid privilege type %s for routine");	-
519	-	break;	-
520	-	case OBJECT_TABLESPACE:	-
521	-	all_privileges = ACL_ALL_RIGHTS_TABLESPACE;	-
522	-	errormsg = gettext_noop("invalid privilege type %s for tablespace");	-
523	-	break;	-
524	-	case OBJECT_TYPE:	-
525	-	all_privileges = ACL_ALL_RIGHTS_TYPE;	-
526	-	errormsg = gettext_noop("invalid privilege type %s for type");	-
527	-	break;	-
528	-	case OBJECT_FDW:	-
529	-	all_privileges = ACL_ALL_RIGHTS_FDW;	-
530	-	errormsg = gettext_noop("invalid privilege type %s for foreign-data wrapper");	-
531	-	break;	-
532	-	case OBJECT_FOREIGN_SERVER:	-
533	-	all_privileges = ACL_ALL_RIGHTS_FOREIGN_SERVER;	-
534	-	errormsg = gettext_noop("invalid privilege type %s for foreign server");	-
535	-	break;	-
536	-	case OBJECT_PARAMETER_ACL:	-
537	-	all_privileges = ACL_ALL_RIGHTS_PARAMETER_ACL;	-
538	-	errormsg = gettext_noop("invalid privilege type %s for parameter");	-
539	-	break;	-
540	6	case OBJECT_PROPGRAPH:	86c14eaWIP: SQL Property Graph Queries (SQL/PGQ)
541	6	all_privileges = ACL_ALL_RIGHTS_PROPGRAPH;	86c14eaWIP: SQL Property Graph Queries (SQL/PGQ)
542	6	errormsg = gettext_noop("invalid privilege type %s for property graph");	86c14eaWIP: SQL Property Graph Queries (SQL/PGQ)
543	6	break;	86c14eaWIP: SQL Property Graph Queries (SQL/PGQ)
544	-	default:	-
545	-	elog(ERROR, "unrecognized GrantStmt.objtype: %d",	-
546	-	(int) stmt->objtype);	-
547	-	/* keep compiler quiet */	-
548	-	all_privileges = ACL_NO_RIGHTS;	-
549	-	errormsg = NULL;	-
550	-	}	-
551	-		-
552	-	if (stmt->privileges == NIL)	-
553	-	{	-
554	-	istmt.all_privs = true;	-
555	-		-
556	-	/*	-
557	-	* will be turned into ACL_ALL_RIGHTS_* by the internal routines	-
558	-	* depending on the object type	-
559	-	*/	-
560	-	istmt.privileges = ACL_NO_RIGHTS;	-
561	-	}	-
562	-	else	-
563	-	{	-
564	-	istmt.all_privs = false;	-
565	-	istmt.privileges = ACL_NO_RIGHTS;	-
566	-		-
567	-	foreach(cell, stmt->privileges)	-
568	-	{	-
569	-	AccessPriv privnode = (AccessPriv ) lfirst(cell);	-
570	-	AclMode priv;	-
571	-		-
572	-	/*	-
573	-	* If it's a column-level specification, we just set it aside in	-
574	-	* col_privs for the moment; but insist it's for a relation.	-
575	-	*/	-
576	-	if (privnode->cols)	-
577	-	{	-
578	-	if (stmt->objtype != OBJECT_TABLE)	-
579	-	ereport(ERROR,	-
580	-	(errcode(ERRCODE_INVALID_GRANT_OPERATION),	-
581	-	errmsg("column privileges are only valid for relations")));	-
582	-	istmt.col_privs = lappend(istmt.col_privs, privnode);	-
583	-	continue;	-
584	-	}	-
585	-		-
586	-	if (privnode->priv_name == NULL) /* parser mistake? */	-
587	-	elog(ERROR, "AccessPriv node must specify privilege or columns");	-
588	-	priv = string_to_privilege(privnode->priv_name);	-
589	-		-
590	-	if (priv & ~all_privileges)	-
591	-	ereport(ERROR,	-
592	-	(errcode(ERRCODE_INVALID_GRANT_OPERATION),	-
593	-	errmsg(errormsg, privilege_to_string(priv))));	-
594	-		-
595	-	istmt.privileges \|= priv;	-
596	-	}	-
597	-	}	-
598	-		-
599	-	ExecGrantStmt_oids(&istmt);	-
600	-	}	-

ExecGrantStmt_oids() lines 608-663

Modified Lines Coverage: 0/0 lines (0.0%)

Line	Hits	Source	Commit
608	-	ExecGrantStmt_oids(InternalGrant *istmt)	-
609	-	{	-
610	-	switch (istmt->objtype)	-
611	-	{	-
612	-	case OBJECT_TABLE:	-
613	-	case OBJECT_SEQUENCE:	-
614	-	case OBJECT_PROPGRAPH:	86c14eaWIP: SQL Property Graph Queries (SQL/PGQ)
615	-	ExecGrant_Relation(istmt);	-
616	-	break;	-
617	-	case OBJECT_DATABASE:	-
618	-	ExecGrant_common(istmt, DatabaseRelationId, ACL_ALL_RIGHTS_DATABASE, NULL);	-
619	-	break;	-
620	-	case OBJECT_DOMAIN:	-
621	-	case OBJECT_TYPE:	-
622	-	ExecGrant_common(istmt, TypeRelationId, ACL_ALL_RIGHTS_TYPE, ExecGrant_Type_check);	-
623	-	break;	-
624	-	case OBJECT_FDW:	-
625	-	ExecGrant_common(istmt, ForeignDataWrapperRelationId, ACL_ALL_RIGHTS_FDW, NULL);	-
626	-	break;	-
627	-	case OBJECT_FOREIGN_SERVER:	-
628	-	ExecGrant_common(istmt, ForeignServerRelationId, ACL_ALL_RIGHTS_FOREIGN_SERVER, NULL);	-
629	-	break;	-
630	-	case OBJECT_FUNCTION:	-
631	-	case OBJECT_PROCEDURE:	-
632	-	case OBJECT_ROUTINE:	-
633	-	ExecGrant_common(istmt, ProcedureRelationId, ACL_ALL_RIGHTS_FUNCTION, NULL);	-
634	-	break;	-
635	-	case OBJECT_LANGUAGE:	-
636	-	ExecGrant_common(istmt, LanguageRelationId, ACL_ALL_RIGHTS_LANGUAGE, ExecGrant_Language_check);	-
637	-	break;	-
638	-	case OBJECT_LARGEOBJECT:	-
639	-	ExecGrant_Largeobject(istmt);	-
640	-	break;	-
641	-	case OBJECT_SCHEMA:	-
642	-	ExecGrant_common(istmt, NamespaceRelationId, ACL_ALL_RIGHTS_SCHEMA, NULL);	-
643	-	break;	-
644	-	case OBJECT_TABLESPACE:	-
645	-	ExecGrant_common(istmt, TableSpaceRelationId, ACL_ALL_RIGHTS_TABLESPACE, NULL);	-
646	-	break;	-
647	-	case OBJECT_PARAMETER_ACL:	-
648	-	ExecGrant_Parameter(istmt);	-
649	-	break;	-
650	-	default:	-
651	-	elog(ERROR, "unrecognized GrantStmt.objtype: %d",	-
652	-	(int) istmt->objtype);	-
653	-	}	-
654	-		-
655	-	/*	-
656	-	* Pass the info to event triggers about the just-executed GRANT. Note	-
657	-	* that we prefer to do it after actually executing it, because that gives	-
658	-	* the functions a chance to adjust the istmt with privileges actually	-
659	-	* granted.	-
660	-	*/	-
661	-	if (EventTriggerSupportsObjectType(istmt->objtype))	-
662	-	EventTriggerCollectGrant(istmt);	-
663	-	}	-

objectNamesToOids() lines 685-788

Modified Lines Coverage: 0/0 lines (0.0%)

Line	Hits	Source	Commit
685	-	objectNamesToOids(ObjectType objtype, List *objnames, bool is_grant)	-
686	-	{	-
687	-	List *objects = NIL;	-
688	-	ListCell *cell;	-
689	-	const LOCKMODE lockmode = AccessShareLock;	-
690	-		-
691	-	Assert(objnames != NIL);	-
692	-		-
693	-	switch (objtype)	-
694	-	{	-
695	-	default:	-
696	-		-
697	-	/*	-
698	-	* For most object types, we use get_object_address() directly.	-
699	-	*/	-
700	-	foreach(cell, objnames)	-
701	-	{	-
702	-	ObjectAddress address;	-
703	-		-
704	-	address = get_object_address(objtype, lfirst(cell), NULL, lockmode, false);	-
705	-	objects = lappend_oid(objects, address.objectId);	-
706	-	}	-
707	-	break;	-
708	-		-
709	-	case OBJECT_TABLE:	-
710	-	case OBJECT_SEQUENCE:	-
711	-	case OBJECT_PROPGRAPH:	86c14eaWIP: SQL Property Graph Queries (SQL/PGQ)
712	-		-
713	-	/*	-
714	-	* Here, we don't use get_object_address(). It requires that the	-
715	-	* specified object type match the actual type of the object, but	-
716	-	* in GRANT/REVOKE, all table-like things are addressed as TABLE.	-
717	-	*/	-
718	-	foreach(cell, objnames)	-
719	-	{	-
720	-	RangeVar relvar = (RangeVar ) lfirst(cell);	-
721	-	Oid relOid;	-
722	-		-
723	-	relOid = RangeVarGetRelid(relvar, lockmode, false);	-
724	-	objects = lappend_oid(objects, relOid);	-
725	-	}	-
726	-	break;	-
727	-		-
728	-	case OBJECT_DOMAIN:	-
729	-	case OBJECT_TYPE:	-
730	-		-
731	-	/*	-
732	-	* The parse representation of types and domains in privilege	-
733	-	* targets is different from that expected by get_object_address()	-
734	-	* (for parse conflict reasons), so we have to do a bit of	-
735	-	* conversion here.	-
736	-	*/	-
737	-	foreach(cell, objnames)	-
738	-	{	-
739	-	List typname = (List ) lfirst(cell);	-
740	-	TypeName *tn = makeTypeNameFromNameList(typname);	-
741	-	ObjectAddress address;	-
742	-	Relation relation;	-
743	-		-
744	-	address = get_object_address(objtype, (Node *) tn, &relation, lockmode, false);	-
745	-	Assert(relation == NULL);	-
746	-	objects = lappend_oid(objects, address.objectId);	-
747	-	}	-
748	-	break;	-
749	-		-
750	-	case OBJECT_PARAMETER_ACL:	-
751	-		-
752	-	/*	-
753	-	* Parameters are handled completely differently.	-
754	-	*/	-
755	-	foreach(cell, objnames)	-
756	-	{	-
757	-	/*	-
758	-	* In this code we represent a GUC by the OID of its entry in	-
759	-	* pg_parameter_acl, which we have to manufacture here if it	-
760	-	* doesn't exist yet. (That's a hack for sure, but it avoids	-
761	-	* messing with all the GRANT/REVOKE infrastructure that	-
762	-	* expects to use OIDs for object identities.) However, if	-
763	-	* this is a REVOKE, we can instead just ignore any GUCs that	-
764	-	* don't have such an entry, as they must not have any	-
765	-	* privileges needing removal.	-
766	-	*/	-
767	-	char *parameter = strVal(lfirst(cell));	-
768	-	Oid parameterId = ParameterAclLookup(parameter, true);	-
769	-		-
770	-	if (!OidIsValid(parameterId) && is_grant)	-
771	-	{	-
772	-	parameterId = ParameterAclCreate(parameter);	-
773	-		-
774	-	/*	-
775	-	* Prevent error when processing duplicate objects, and	-
776	-	* make this new entry visible so that ExecGrant_Parameter	-
777	-	* can update it.	-
778	-	*/	-
779	-	CommandCounterIncrement();	-
780	-	}	-
781	-	if (OidIsValid(parameterId))	-
782	-	objects = lappend_oid(objects, parameterId);	-
783	-	}	-
784	-	break;	-
785	-	}	-
786	-		-
787	-	return objects;	-
788	-	}	-

objectsInSchemaToOids() lines 798-883

Modified Lines Coverage: 0/4 lines (0.0%)

Line	Hits	Source	Commit
798	-	objectsInSchemaToOids(ObjectType objtype, List *nspnames)	-
799	-	{	-
800	-	List *objects = NIL;	-
801	-	ListCell *cell;	-
802	-		-
803	-	foreach(cell, nspnames)	-
804	-	{	-
805	-	char *nspname = strVal(lfirst(cell));	-
806	-	Oid namespaceId;	-
807	-	List *objs;	-
808	-		-
809	-	namespaceId = LookupExplicitNamespace(nspname, false);	-
810	-		-
811	-	switch (objtype)	-
812	-	{	-
813	-	case OBJECT_TABLE:	-
814	-	objs = getRelationsInNamespace(namespaceId, RELKIND_RELATION);	-
815	-	objects = list_concat(objects, objs);	-
816	-	objs = getRelationsInNamespace(namespaceId, RELKIND_VIEW);	-
817	-	objects = list_concat(objects, objs);	-
818	-	objs = getRelationsInNamespace(namespaceId, RELKIND_MATVIEW);	-
819	-	objects = list_concat(objects, objs);	-
820	-	objs = getRelationsInNamespace(namespaceId, RELKIND_FOREIGN_TABLE);	-
821	-	objects = list_concat(objects, objs);	-
822	-	objs = getRelationsInNamespace(namespaceId, RELKIND_PARTITIONED_TABLE);	-
823	-	objects = list_concat(objects, objs);	-
824	-	break;	-
825	-	case OBJECT_SEQUENCE:	-
826	-	objs = getRelationsInNamespace(namespaceId, RELKIND_SEQUENCE);	-
827	-	objects = list_concat(objects, objs);	-
828	-	break;	-
829	0	case OBJECT_PROPGRAPH:	86c14eaWIP: SQL Property Graph Queries (SQL/PGQ)
830	0	objs = getRelationsInNamespace(namespaceId, RELKIND_PROPGRAPH);	86c14eaWIP: SQL Property Graph Queries (SQL/PGQ)
831	0	objects = list_concat(objects, objs);	86c14eaWIP: SQL Property Graph Queries (SQL/PGQ)
832	0	break;	86c14eaWIP: SQL Property Graph Queries (SQL/PGQ)
833	-	case OBJECT_FUNCTION:	-
834	-	case OBJECT_PROCEDURE:	-
835	-	case OBJECT_ROUTINE:	-
836	-	{	-
837	-	ScanKeyData key[2];	-
838	-	int keycount;	-
839	-	Relation rel;	-
840	-	TableScanDesc scan;	-
841	-	HeapTuple tuple;	-
842	-		-
843	-	keycount = 0;	-
844	-	ScanKeyInit(&key[keycount++],	-
845	-	Anum_pg_proc_pronamespace,	-
846	-	BTEqualStrategyNumber, F_OIDEQ,	-
847	-	ObjectIdGetDatum(namespaceId));	-
848	-		-
849	-	if (objtype == OBJECT_FUNCTION)	-
850	-	/* includes aggregates and window functions */	-
851	-	ScanKeyInit(&key[keycount++],	-
852	-	Anum_pg_proc_prokind,	-
853	-	BTEqualStrategyNumber, F_CHARNE,	-
854	-	CharGetDatum(PROKIND_PROCEDURE));	-
855	-	else if (objtype == OBJECT_PROCEDURE)	-
856	-	ScanKeyInit(&key[keycount++],	-
857	-	Anum_pg_proc_prokind,	-
858	-	BTEqualStrategyNumber, F_CHAREQ,	-
859	-	CharGetDatum(PROKIND_PROCEDURE));	-
860	-		-
861	-	rel = table_open(ProcedureRelationId, AccessShareLock);	-
862	-	scan = table_beginscan_catalog(rel, keycount, key);	-
863	-		-
864	-	while ((tuple = heap_getnext(scan, ForwardScanDirection)) != NULL)	-
865	-	{	-
866	-	Oid oid = ((Form_pg_proc) GETSTRUCT(tuple))->oid;	-
867	-		-
868	-	objects = lappend_oid(objects, oid);	-
869	-	}	-
870	-		-
871	-	table_endscan(scan);	-
872	-	table_close(rel, AccessShareLock);	-
873	-	}	-
874	-	break;	-
875	-	default:	-
876	-	/* should not happen */	-
877	-	elog(ERROR, "unrecognized GrantStmt.objtype: %d",	-
878	-	(int) objtype);	-
879	-	}	-
880	-	}	-
881	-		-
882	-	return objects;	-
883	-	}	-

ExecAlterDefaultPrivilegesStmt() lines 929-1114

Modified Lines Coverage: 0/4 lines (0.0%)

Line	Hits	Source	Commit
929	-	ExecAlterDefaultPrivilegesStmt(ParseState pstate, AlterDefaultPrivilegesStmt stmt)	-
930	-	{	-
931	-	GrantStmt *action = stmt->action;	-
932	-	InternalDefaultACL iacls;	-
933	-	ListCell *cell;	-
934	-	List *rolespecs = NIL;	-
935	-	List *nspnames = NIL;	-
936	-	DefElem *drolespecs = NULL;	-
937	-	DefElem *dnspnames = NULL;	-
938	-	AclMode all_privileges;	-
939	-	const char *errormsg;	-
940	-		-
941	-	/* Deconstruct the "options" part of the statement */	-
942	-	foreach(cell, stmt->options)	-
943	-	{	-
944	-	DefElem defel = (DefElem ) lfirst(cell);	-
945	-		-
946	-	if (strcmp(defel->defname, "schemas") == 0)	-
947	-	{	-
948	-	if (dnspnames)	-
949	-	errorConflictingDefElem(defel, pstate);	-
950	-	dnspnames = defel;	-
951	-	}	-
952	-	else if (strcmp(defel->defname, "roles") == 0)	-
953	-	{	-
954	-	if (drolespecs)	-
955	-	errorConflictingDefElem(defel, pstate);	-
956	-	drolespecs = defel;	-
957	-	}	-
958	-	else	-
959	-	elog(ERROR, "option \"%s\" not recognized", defel->defname);	-
960	-	}	-
961	-		-
962	-	if (dnspnames)	-
963	-	nspnames = (List *) dnspnames->arg;	-
964	-	if (drolespecs)	-
965	-	rolespecs = (List *) drolespecs->arg;	-
966	-		-
967	-	/* Prepare the InternalDefaultACL representation of the statement */	-
968	-	/* roleid to be filled below */	-
969	-	/* nspid to be filled in SetDefaultACLsInSchemas */	-
970	-	iacls.is_grant = action->is_grant;	-
971	-	iacls.objtype = action->objtype;	-
972	-	/* all_privs to be filled below */	-
973	-	/* privileges to be filled below */	-
974	-	iacls.grantees = NIL; /* filled below */	-
975	-	iacls.grant_option = action->grant_option;	-
976	-	iacls.behavior = action->behavior;	-
977	-		-
978	-	/*	-
979	-	* Convert the RoleSpec list into an Oid list. Note that at this point we	-
980	-	* insert an ACL_ID_PUBLIC into the list if appropriate, so downstream	-
981	-	* there shouldn't be any additional work needed to support this case.	-
982	-	*/	-
983	-	foreach(cell, action->grantees)	-
984	-	{	-
985	-	RoleSpec grantee = (RoleSpec ) lfirst(cell);	-
986	-	Oid grantee_uid;	-
987	-		-
988	-	switch (grantee->roletype)	-
989	-	{	-
990	-	case ROLESPEC_PUBLIC:	-
991	-	grantee_uid = ACL_ID_PUBLIC;	-
992	-	break;	-
993	-	default:	-
994	-	grantee_uid = get_rolespec_oid(grantee, false);	-
995	-	break;	-
996	-	}	-
997	-	iacls.grantees = lappend_oid(iacls.grantees, grantee_uid);	-
998	-	}	-
999	-		-
1000	-	/*	-
1001	-	* Convert action->privileges, a list of privilege strings, into an	-
1002	-	* AclMode bitmask.	-
1003	-	*/	-
1004	-	switch (action->objtype)	-
1005	-	{	-
1006	-	case OBJECT_TABLE:	-
1007	-	all_privileges = ACL_ALL_RIGHTS_RELATION;	-
1008	-	errormsg = gettext_noop("invalid privilege type %s for relation");	-
1009	-	break;	-
1010	-	case OBJECT_SEQUENCE:	-
1011	-	all_privileges = ACL_ALL_RIGHTS_SEQUENCE;	-
1012	-	errormsg = gettext_noop("invalid privilege type %s for sequence");	-
1013	-	break;	-
1014	-	case OBJECT_FUNCTION:	-
1015	-	all_privileges = ACL_ALL_RIGHTS_FUNCTION;	-
1016	-	errormsg = gettext_noop("invalid privilege type %s for function");	-
1017	-	break;	-
1018	-	case OBJECT_PROCEDURE:	-
1019	-	all_privileges = ACL_ALL_RIGHTS_FUNCTION;	-
1020	-	errormsg = gettext_noop("invalid privilege type %s for procedure");	-
1021	-	break;	-
1022	-	case OBJECT_ROUTINE:	-
1023	-	all_privileges = ACL_ALL_RIGHTS_FUNCTION;	-
1024	-	errormsg = gettext_noop("invalid privilege type %s for routine");	-
1025	-	break;	-
1026	-	case OBJECT_TYPE:	-
1027	-	all_privileges = ACL_ALL_RIGHTS_TYPE;	-
1028	-	errormsg = gettext_noop("invalid privilege type %s for type");	-
1029	-	break;	-
1030	-	case OBJECT_SCHEMA:	-
1031	-	all_privileges = ACL_ALL_RIGHTS_SCHEMA;	-
1032	-	errormsg = gettext_noop("invalid privilege type %s for schema");	-
1033	-	break;	-
1034	-	case OBJECT_LARGEOBJECT:	-
1035	-	all_privileges = ACL_ALL_RIGHTS_LARGEOBJECT;	-
1036	-	errormsg = gettext_noop("invalid privilege type %s for large object");	-
1037	-	break;	-
1038	0	case OBJECT_PROPGRAPH:	86c14eaWIP: SQL Property Graph Queries (SQL/PGQ)
1039	0	all_privileges = ACL_ALL_RIGHTS_PROPGRAPH;	86c14eaWIP: SQL Property Graph Queries (SQL/PGQ)
1040	0	errormsg = gettext_noop("invalid privilege type %s for property graph");	86c14eaWIP: SQL Property Graph Queries (SQL/PGQ)
1041	0	break;	86c14eaWIP: SQL Property Graph Queries (SQL/PGQ)
1042	-	default:	-
1043	-	elog(ERROR, "unrecognized GrantStmt.objtype: %d",	-
1044	-	(int) action->objtype);	-
1045	-	/* keep compiler quiet */	-
1046	-	all_privileges = ACL_NO_RIGHTS;	-
1047	-	errormsg = NULL;	-
1048	-	}	-
1049	-		-
1050	-	if (action->privileges == NIL)	-
1051	-	{	-
1052	-	iacls.all_privs = true;	-
1053	-		-
1054	-	/*	-
1055	-	* will be turned into ACL_ALL_RIGHTS_* by the internal routines	-
1056	-	* depending on the object type	-
1057	-	*/	-
1058	-	iacls.privileges = ACL_NO_RIGHTS;	-
1059	-	}	-
1060	-	else	-
1061	-	{	-
1062	-	iacls.all_privs = false;	-
1063	-	iacls.privileges = ACL_NO_RIGHTS;	-
1064	-		-
1065	-	foreach(cell, action->privileges)	-
1066	-	{	-
1067	-	AccessPriv privnode = (AccessPriv ) lfirst(cell);	-
1068	-	AclMode priv;	-
1069	-		-
1070	-	if (privnode->cols)	-
1071	-	ereport(ERROR,	-
1072	-	(errcode(ERRCODE_INVALID_GRANT_OPERATION),	-
1073	-	errmsg("default privileges cannot be set for columns")));	-
1074	-		-
1075	-	if (privnode->priv_name == NULL) /* parser mistake? */	-
1076	-	elog(ERROR, "AccessPriv node must specify privilege");	-
1077	-	priv = string_to_privilege(privnode->priv_name);	-
1078	-		-
1079	-	if (priv & ~all_privileges)	-
1080	-	ereport(ERROR,	-
1081	-	(errcode(ERRCODE_INVALID_GRANT_OPERATION),	-
1082	-	errmsg(errormsg, privilege_to_string(priv))));	-
1083	-		-
1084	-	iacls.privileges \|= priv;	-
1085	-	}	-
1086	-	}	-
1087	-		-
1088	-	if (rolespecs == NIL)	-
1089	-	{	-
1090	-	/* Set permissions for myself */	-
1091	-	iacls.roleid = GetUserId();	-
1092	-		-
1093	-	SetDefaultACLsInSchemas(&iacls, nspnames);	-
1094	-	}	-
1095	-	else	-
1096	-	{	-
1097	-	/* Look up the role OIDs and do permissions checks */	-
1098	-	ListCell *rolecell;	-
1099	-		-
1100	-	foreach(rolecell, rolespecs)	-
1101	-	{	-
1102	-	RoleSpec *rolespec = lfirst(rolecell);	-
1103	-		-
1104	-	iacls.roleid = get_rolespec_oid(rolespec, false);	-
1105	-		-
1106	-	if (!has_privs_of_role(GetUserId(), iacls.roleid))	-
1107	-	ereport(ERROR,	-
1108	-	(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),	-
1109	-	errmsg("permission denied to change default privileges")));	-
1110	-		-
1111	-	SetDefaultACLsInSchemas(&iacls, nspnames);	-
1112	-	}	-
1113	-	}	-
1114	-	}	-

aclcheck_error() lines 2671-2962

Modified Lines Coverage: 6/6 lines (100.0%)

Line	Hits	Source	Commit
2671	-	aclcheck_error(AclResult aclerr, ObjectType objtype,	-
2672	-	const char *objectname)	-
2673	-	{	-
2674	-	switch (aclerr)	-
2675	-	{	-
2676	-	case ACLCHECK_OK:	-
2677	-	/* no error, so return to caller */	-
2678	-	break;	-
2679	-	case ACLCHECK_NO_PRIV:	-
2680	-	{	-
2681	-	const char *msg = "???";	-
2682	-		-
2683	-	switch (objtype)	-
2684	-	{	-
2685	-	case OBJECT_AGGREGATE:	-
2686	-	msg = gettext_noop("permission denied for aggregate %s");	-
2687	-	break;	-
2688	-	case OBJECT_COLLATION:	-
2689	-	msg = gettext_noop("permission denied for collation %s");	-
2690	-	break;	-
2691	-	case OBJECT_COLUMN:	-
2692	-	msg = gettext_noop("permission denied for column %s");	-
2693	-	break;	-
2694	-	case OBJECT_CONVERSION:	-
2695	-	msg = gettext_noop("permission denied for conversion %s");	-
2696	-	break;	-
2697	-	case OBJECT_DATABASE:	-
2698	-	msg = gettext_noop("permission denied for database %s");	-
2699	-	break;	-
2700	-	case OBJECT_DOMAIN:	-
2701	-	msg = gettext_noop("permission denied for domain %s");	-
2702	-	break;	-
2703	-	case OBJECT_EVENT_TRIGGER:	-
2704	-	msg = gettext_noop("permission denied for event trigger %s");	-
2705	-	break;	-
2706	-	case OBJECT_EXTENSION:	-
2707	-	msg = gettext_noop("permission denied for extension %s");	-
2708	-	break;	-
2709	-	case OBJECT_FDW:	-
2710	-	msg = gettext_noop("permission denied for foreign-data wrapper %s");	-
2711	-	break;	-
2712	-	case OBJECT_FOREIGN_SERVER:	-
2713	-	msg = gettext_noop("permission denied for foreign server %s");	-
2714	-	break;	-
2715	-	case OBJECT_FOREIGN_TABLE:	-
2716	-	msg = gettext_noop("permission denied for foreign table %s");	-
2717	-	break;	-
2718	-	case OBJECT_FUNCTION:	-
2719	-	msg = gettext_noop("permission denied for function %s");	-
2720	-	break;	-
2721	-	case OBJECT_INDEX:	-
2722	-	msg = gettext_noop("permission denied for index %s");	-
2723	-	break;	-
2724	-	case OBJECT_LANGUAGE:	-
2725	-	msg = gettext_noop("permission denied for language %s");	-
2726	-	break;	-
2727	-	case OBJECT_LARGEOBJECT:	-
2728	-	msg = gettext_noop("permission denied for large object %s");	-
2729	-	break;	-
2730	-	case OBJECT_MATVIEW:	-
2731	-	msg = gettext_noop("permission denied for materialized view %s");	-
2732	-	break;	-
2733	-	case OBJECT_OPCLASS:	-
2734	-	msg = gettext_noop("permission denied for operator class %s");	-
2735	-	break;	-
2736	-	case OBJECT_OPERATOR:	-
2737	-	msg = gettext_noop("permission denied for operator %s");	-
2738	-	break;	-
2739	-	case OBJECT_OPFAMILY:	-
2740	-	msg = gettext_noop("permission denied for operator family %s");	-
2741	-	break;	-
2742	-	case OBJECT_PARAMETER_ACL:	-
2743	-	msg = gettext_noop("permission denied for parameter %s");	-
2744	-	break;	-
2745	-	case OBJECT_POLICY:	-
2746	-	msg = gettext_noop("permission denied for policy %s");	-
2747	-	break;	-
2748	-	case OBJECT_PROCEDURE:	-
2749	-	msg = gettext_noop("permission denied for procedure %s");	-
2750	-	break;	-
2751	6	case OBJECT_PROPGRAPH:	86c14eaWIP: SQL Property Graph Queries (SQL/PGQ)
2752	6	msg = gettext_noop("permission denied for property graph %s");	86c14eaWIP: SQL Property Graph Queries (SQL/PGQ)
2753	6	break;	86c14eaWIP: SQL Property Graph Queries (SQL/PGQ)
2754	-	case OBJECT_PUBLICATION:	-
2755	-	msg = gettext_noop("permission denied for publication %s");	-
2756	-	break;	-
2757	-	case OBJECT_ROUTINE:	-
2758	-	msg = gettext_noop("permission denied for routine %s");	-
2759	-	break;	-
2760	-	case OBJECT_SCHEMA:	-
2761	-	msg = gettext_noop("permission denied for schema %s");	-
2762	-	break;	-
2763	-	case OBJECT_SEQUENCE:	-
2764	-	msg = gettext_noop("permission denied for sequence %s");	-
2765	-	break;	-
2766	-	case OBJECT_STATISTIC_EXT:	-
2767	-	msg = gettext_noop("permission denied for statistics object %s");	-
2768	-	break;	-
2769	-	case OBJECT_SUBSCRIPTION:	-
2770	-	msg = gettext_noop("permission denied for subscription %s");	-
2771	-	break;	-
2772	-	case OBJECT_TABLE:	-
2773	-	msg = gettext_noop("permission denied for table %s");	-
2774	-	break;	-
2775	-	case OBJECT_TABLESPACE:	-
2776	-	msg = gettext_noop("permission denied for tablespace %s");	-
2777	-	break;	-
2778	-	case OBJECT_TSCONFIGURATION:	-
2779	-	msg = gettext_noop("permission denied for text search configuration %s");	-
2780	-	break;	-
2781	-	case OBJECT_TSDICTIONARY:	-
2782	-	msg = gettext_noop("permission denied for text search dictionary %s");	-
2783	-	break;	-
2784	-	case OBJECT_TYPE:	-
2785	-	msg = gettext_noop("permission denied for type %s");	-
2786	-	break;	-
2787	-	case OBJECT_VIEW:	-
2788	-	msg = gettext_noop("permission denied for view %s");	-
2789	-	break;	-
2790	-	/* these currently aren't used */	-
2791	-	case OBJECT_ACCESS_METHOD:	-
2792	-	case OBJECT_AMOP:	-
2793	-	case OBJECT_AMPROC:	-
2794	-	case OBJECT_ATTRIBUTE:	-
2795	-	case OBJECT_CAST:	-
2796	-	case OBJECT_DEFAULT:	-
2797	-	case OBJECT_DEFACL:	-
2798	-	case OBJECT_DOMCONSTRAINT:	-
2799	-	case OBJECT_PUBLICATION_NAMESPACE:	-
2800	-	case OBJECT_PUBLICATION_REL:	-
2801	-	case OBJECT_ROLE:	-
2802	-	case OBJECT_RULE:	-
2803	-	case OBJECT_TABCONSTRAINT:	-
2804	-	case OBJECT_TRANSFORM:	-
2805	-	case OBJECT_TRIGGER:	-
2806	-	case OBJECT_TSPARSER:	-
2807	-	case OBJECT_TSTEMPLATE:	-
2808	-	case OBJECT_USER_MAPPING:	-
2809	-	elog(ERROR, "unsupported object type: %d", objtype);	-
2810	-	}	-
2811	-		-
2812	-	ereport(ERROR,	-
2813	-	(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),	-
2814	-	errmsg(msg, objectname)));	-
2815	-	break;	-
2816	-	}	-
2817	-	case ACLCHECK_NOT_OWNER:	-
2818	-	{	-
2819	-	const char *msg = "???";	-
2820	-		-
2821	-	switch (objtype)	-
2822	-	{	-
2823	-	case OBJECT_AGGREGATE:	-
2824	-	msg = gettext_noop("must be owner of aggregate %s");	-
2825	-	break;	-
2826	-	case OBJECT_COLLATION:	-
2827	-	msg = gettext_noop("must be owner of collation %s");	-
2828	-	break;	-
2829	-	case OBJECT_CONVERSION:	-
2830	-	msg = gettext_noop("must be owner of conversion %s");	-
2831	-	break;	-
2832	-	case OBJECT_DATABASE:	-
2833	-	msg = gettext_noop("must be owner of database %s");	-
2834	-	break;	-
2835	-	case OBJECT_DOMAIN:	-
2836	-	msg = gettext_noop("must be owner of domain %s");	-
2837	-	break;	-
2838	-	case OBJECT_EVENT_TRIGGER:	-
2839	-	msg = gettext_noop("must be owner of event trigger %s");	-
2840	-	break;	-
2841	-	case OBJECT_EXTENSION:	-
2842	-	msg = gettext_noop("must be owner of extension %s");	-
2843	-	break;	-
2844	-	case OBJECT_FDW:	-
2845	-	msg = gettext_noop("must be owner of foreign-data wrapper %s");	-
2846	-	break;	-
2847	-	case OBJECT_FOREIGN_SERVER:	-
2848	-	msg = gettext_noop("must be owner of foreign server %s");	-
2849	-	break;	-
2850	-	case OBJECT_FOREIGN_TABLE:	-
2851	-	msg = gettext_noop("must be owner of foreign table %s");	-
2852	-	break;	-
2853	-	case OBJECT_FUNCTION:	-
2854	-	msg = gettext_noop("must be owner of function %s");	-
2855	-	break;	-
2856	-	case OBJECT_INDEX:	-
2857	-	msg = gettext_noop("must be owner of index %s");	-
2858	-	break;	-
2859	-	case OBJECT_LANGUAGE:	-
2860	-	msg = gettext_noop("must be owner of language %s");	-
2861	-	break;	-
2862	-	case OBJECT_LARGEOBJECT:	-
2863	-	msg = gettext_noop("must be owner of large object %s");	-
2864	-	break;	-
2865	-	case OBJECT_MATVIEW:	-
2866	-	msg = gettext_noop("must be owner of materialized view %s");	-
2867	-	break;	-
2868	-	case OBJECT_OPCLASS:	-
2869	-	msg = gettext_noop("must be owner of operator class %s");	-
2870	-	break;	-
2871	-	case OBJECT_OPERATOR:	-
2872	-	msg = gettext_noop("must be owner of operator %s");	-
2873	-	break;	-
2874	-	case OBJECT_OPFAMILY:	-
2875	-	msg = gettext_noop("must be owner of operator family %s");	-
2876	-	break;	-
2877	-	case OBJECT_PROCEDURE:	-
2878	-	msg = gettext_noop("must be owner of procedure %s");	-
2879	-	break;	-
2880	9	case OBJECT_PROPGRAPH:	86c14eaWIP: SQL Property Graph Queries (SQL/PGQ)
2881	9	msg = gettext_noop("must be owner of property graph %s");	86c14eaWIP: SQL Property Graph Queries (SQL/PGQ)
2882	9	break;	86c14eaWIP: SQL Property Graph Queries (SQL/PGQ)
2883	-	case OBJECT_PUBLICATION:	-
2884	-	msg = gettext_noop("must be owner of publication %s");	-
2885	-	break;	-
2886	-	case OBJECT_ROUTINE:	-
2887	-	msg = gettext_noop("must be owner of routine %s");	-
2888	-	break;	-
2889	-	case OBJECT_SEQUENCE:	-
2890	-	msg = gettext_noop("must be owner of sequence %s");	-
2891	-	break;	-
2892	-	case OBJECT_SUBSCRIPTION:	-
2893	-	msg = gettext_noop("must be owner of subscription %s");	-
2894	-	break;	-
2895	-	case OBJECT_TABLE:	-
2896	-	msg = gettext_noop("must be owner of table %s");	-
2897	-	break;	-
2898	-	case OBJECT_TYPE:	-
2899	-	msg = gettext_noop("must be owner of type %s");	-
2900	-	break;	-
2901	-	case OBJECT_VIEW:	-
2902	-	msg = gettext_noop("must be owner of view %s");	-
2903	-	break;	-
2904	-	case OBJECT_SCHEMA:	-
2905	-	msg = gettext_noop("must be owner of schema %s");	-
2906	-	break;	-
2907	-	case OBJECT_STATISTIC_EXT:	-
2908	-	msg = gettext_noop("must be owner of statistics object %s");	-
2909	-	break;	-
2910	-	case OBJECT_TABLESPACE:	-
2911	-	msg = gettext_noop("must be owner of tablespace %s");	-
2912	-	break;	-
2913	-	case OBJECT_TSCONFIGURATION:	-
2914	-	msg = gettext_noop("must be owner of text search configuration %s");	-
2915	-	break;	-
2916	-	case OBJECT_TSDICTIONARY:	-
2917	-	msg = gettext_noop("must be owner of text search dictionary %s");	-
2918	-	break;	-
2919	-		-
2920	-	/*	-
2921	-	* Special cases: For these, the error message talks	-
2922	-	* about "relation", because that's where the	-
2923	-	* ownership is attached. See also	-
2924	-	* check_object_ownership().	-
2925	-	*/	-
2926	-	case OBJECT_COLUMN:	-
2927	-	case OBJECT_POLICY:	-
2928	-	case OBJECT_RULE:	-
2929	-	case OBJECT_TABCONSTRAINT:	-
2930	-	case OBJECT_TRIGGER:	-
2931	-	msg = gettext_noop("must be owner of relation %s");	-
2932	-	break;	-
2933	-	/* these currently aren't used */	-
2934	-	case OBJECT_ACCESS_METHOD:	-
2935	-	case OBJECT_AMOP:	-
2936	-	case OBJECT_AMPROC:	-
2937	-	case OBJECT_ATTRIBUTE:	-
2938	-	case OBJECT_CAST:	-
2939	-	case OBJECT_DEFAULT:	-
2940	-	case OBJECT_DEFACL:	-
2941	-	case OBJECT_DOMCONSTRAINT:	-
2942	-	case OBJECT_PARAMETER_ACL:	-
2943	-	case OBJECT_PUBLICATION_NAMESPACE:	-
2944	-	case OBJECT_PUBLICATION_REL:	-
2945	-	case OBJECT_ROLE:	-
2946	-	case OBJECT_TRANSFORM:	-
2947	-	case OBJECT_TSPARSER:	-
2948	-	case OBJECT_TSTEMPLATE:	-
2949	-	case OBJECT_USER_MAPPING:	-
2950	-	elog(ERROR, "unsupported object type: %d", objtype);	-
2951	-	}	-
2952	-		-
2953	-	ereport(ERROR,	-
2954	-	(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),	-
2955	-	errmsg(msg, objectname)));	-
2956	-	break;	-
2957	-	}	-
2958	-	default:	-
2959	-	elog(ERROR, "unrecognized AclResult: %d", (int) aclerr);	-
2960	-	break;	-
2961	-	}	-
2962	-	}	-

pg_aclmask() lines 3008-3056

Modified Lines Coverage: 0/0 lines (0.0%)

Line	Hits	Source	Commit
3008	-	pg_aclmask(ObjectType objtype, Oid object_oid, AttrNumber attnum, Oid roleid,	-
3009	-	AclMode mask, AclMaskHow how)	-
3010	-	{	-
3011	-	switch (objtype)	-
3012	-	{	-
3013	-	case OBJECT_COLUMN:	-
3014	-	return	-
3015	-	pg_class_aclmask(object_oid, roleid, mask, how) \|	-
3016	-	pg_attribute_aclmask(object_oid, attnum, roleid, mask, how);	-
3017	-	case OBJECT_TABLE:	-
3018	-	case OBJECT_SEQUENCE:	-
3019	-	case OBJECT_PROPGRAPH:	86c14eaWIP: SQL Property Graph Queries (SQL/PGQ)
3020	-	return pg_class_aclmask(object_oid, roleid, mask, how);	-
3021	-	case OBJECT_DATABASE:	-
3022	-	return object_aclmask(DatabaseRelationId, object_oid, roleid, mask, how);	-
3023	-	case OBJECT_FUNCTION:	-
3024	-	return object_aclmask(ProcedureRelationId, object_oid, roleid, mask, how);	-
3025	-	case OBJECT_LANGUAGE:	-
3026	-	return object_aclmask(LanguageRelationId, object_oid, roleid, mask, how);	-
3027	-	case OBJECT_LARGEOBJECT:	-
3028	-	return pg_largeobject_aclmask_snapshot(object_oid, roleid,	-
3029	-	mask, how, NULL);	-
3030	-	case OBJECT_PARAMETER_ACL:	-
3031	-	return pg_parameter_acl_aclmask(object_oid, roleid, mask, how);	-
3032	-	case OBJECT_SCHEMA:	-
3033	-	return object_aclmask(NamespaceRelationId, object_oid, roleid, mask, how);	-
3034	-	case OBJECT_STATISTIC_EXT:	-
3035	-	elog(ERROR, "grantable rights not supported for statistics objects");	-
3036	-	/* not reached, but keep compiler quiet */	-
3037	-	return ACL_NO_RIGHTS;	-
3038	-	case OBJECT_TABLESPACE:	-
3039	-	return object_aclmask(TableSpaceRelationId, object_oid, roleid, mask, how);	-
3040	-	case OBJECT_FDW:	-
3041	-	return object_aclmask(ForeignDataWrapperRelationId, object_oid, roleid, mask, how);	-
3042	-	case OBJECT_FOREIGN_SERVER:	-
3043	-	return object_aclmask(ForeignServerRelationId, object_oid, roleid, mask, how);	-
3044	-	case OBJECT_EVENT_TRIGGER:	-
3045	-	elog(ERROR, "grantable rights not supported for event triggers");	-
3046	-	/* not reached, but keep compiler quiet */	-
3047	-	return ACL_NO_RIGHTS;	-
3048	-	case OBJECT_TYPE:	-
3049	-	return object_aclmask(TypeRelationId, object_oid, roleid, mask, how);	-
3050	-	default:	-
3051	-	elog(ERROR, "unrecognized object type: %d",	-
3052	-	(int) objtype);	-
3053	-	/* not reached, but keep compiler quiet */	-
3054	-	return ACL_NO_RIGHTS;	-
3055	-	}	-
3056	-	}	-