More cleanup on roles patch. Allow admin option to be inherited through

role memberships; make superuser/createrole distinction do something
useful; fix some locking and CommandCounterIncrement issues; prevent
creation of loops in the membership graph.

1 files changed, 8 insertions, 4 deletions

diff --git a/src/backend/commands/dbcommands.c b/src/backend/commands/dbcommands.c
index 1dac14ead2e..96f964fb95f 100644
--- a/src/backend/commands/dbcommands.c
+++ b/src/backend/commands/dbcommands.c
@@ -15,7 +15,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/commands/dbcommands.c,v 1.162 2005/06/28 05:08:53 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/commands/dbcommands.c,v 1.163 2005/06/29 20:34:13 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -194,8 +194,8 @@ createdb(const CreatedbStmt *stmt)
 
 	if (is_member_of_role(GetUserId(), datdba))
 	{
-		/* creating database for self: can be superuser or createdb */
-		if (!superuser() && !have_createdb_privilege())
+		/* creating database for self: createdb is required */
+		if (!have_createdb_privilege())
 			ereport(ERROR,
 					(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
 					 errmsg("permission denied to create database")));
@@ -759,7 +759,7 @@ RenameDatabase(const char *oldname, const char *newname)
 					   oldname);
 
 	/* must have createdb rights */
-	if (!superuser() && !have_createdb_privilege())
+	if (!have_createdb_privilege())
 		ereport(ERROR,
 				(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
 				 errmsg("permission denied to rename database")));
@@ -1044,6 +1044,10 @@ have_createdb_privilege(void)
 	bool		result = false;
 	HeapTuple	utup;
 
+	/* Superusers can always do everything */
+	if (superuser())
+		return true;
+
 	utup = SearchSysCache(AUTHOID,
 						  ObjectIdGetDatum(GetUserId()),
 						  0, 0, 0);