diff options
| author | Peter Eisentraut <peter@eisentraut.org> | 2022-11-13 08:11:17 +0100 |
|---|---|---|
| committer | Peter Eisentraut <peter@eisentraut.org> | 2022-11-13 09:02:41 +0100 |
| commit | c727f511bd7bf3c58063737bcf7a8f331346f253 (patch) | |
| tree | f59a013d0e7fe8b086eab5810b941de27695fe2d /src/backend/commands/extension.c | |
| parent | afbfc02983f86c4d71825efa6befd547fe81a926 (diff) | |
| download | postgresql-c727f511bd7bf3c58063737bcf7a8f331346f253.tar.gz postgresql-c727f511bd7bf3c58063737bcf7a8f331346f253.zip | |
Refactor aclcheck functions
Instead of dozens of mostly-duplicate pg_foo_aclcheck() functions,
write one common function object_aclcheck() that can handle almost all
of them. We already have all the information we need, such as which
system catalog corresponds to which catalog table and which column is
the ACL column.
There are a few pg_foo_aclcheck() that don't work via the generic
function and have special APIs, so those stay as is.
I also changed most pg_foo_aclmask() functions to static functions,
since they are not used outside of aclchk.c.
Reviewed-by: Corey Huinker <corey.huinker@gmail.com>
Reviewed-by: Antonin Houska <ah@cybertec.at>
Discussion: https://www.postgresql.org/message-id/flat/95c30f96-4060-2f48-98b5-a4392d3b6066@enterprisedb.com
Diffstat (limited to 'src/backend/commands/extension.c')
| -rw-r--r-- | src/backend/commands/extension.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/backend/commands/extension.c b/src/backend/commands/extension.c index 722e94bbce0..806d6056ab6 100644 --- a/src/backend/commands/extension.c +++ b/src/backend/commands/extension.c @@ -42,6 +42,7 @@ #include "catalog/objectaccess.h" #include "catalog/pg_authid.h" #include "catalog/pg_collation.h" +#include "catalog/pg_database.h" #include "catalog/pg_depend.h" #include "catalog/pg_extension.h" #include "catalog/pg_namespace.h" @@ -832,7 +833,7 @@ extension_is_trusted(ExtensionControlFile *control) if (!control->trusted) return false; /* Allow if user has CREATE privilege on current database */ - aclresult = pg_database_aclcheck(MyDatabaseId, GetUserId(), ACL_CREATE); + aclresult = object_aclcheck(DatabaseRelationId, MyDatabaseId, GetUserId(), ACL_CREATE); if (aclresult == ACLCHECK_OK) return true; return false; @@ -2732,7 +2733,7 @@ AlterExtensionNamespace(const char *extensionName, const char *newschema, Oid *o extensionName); /* Permission check: must have creation rights in target namespace */ - aclresult = pg_namespace_aclcheck(nspOid, GetUserId(), ACL_CREATE); + aclresult = object_aclcheck(NamespaceRelationId, nspOid, GetUserId(), ACL_CREATE); if (aclresult != ACLCHECK_OK) aclcheck_error(aclresult, OBJECT_SCHEMA, newschema); |