diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2002-04-27 03:45:03 +0000 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2002-04-27 03:45:03 +0000 |
| commit | 31c775adeb2251a9c66328cbc9016877e5e4f085 (patch) | |
| tree | 065014ccecaae449f8a1c977319e823d54364c4b /src/backend/commands/operatorcmds.c | |
| parent | aafe72efb2d9a01db77bacf94b9b103042b5eb60 (diff) | |
| download | postgresql-31c775adeb2251a9c66328cbc9016877e5e4f085.tar.gz postgresql-31c775adeb2251a9c66328cbc9016877e5e4f085.zip | |
Restructure aclcheck error reporting to make permission-failure
messages more uniform and internationalizable: the global array
aclcheck_error_strings[] is gone in favor of a subroutine
aclcheck_error(). Partial implementation of namespace-related
permission checks --- not all done yet.
Diffstat (limited to 'src/backend/commands/operatorcmds.c')
| -rw-r--r-- | src/backend/commands/operatorcmds.c | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/src/backend/commands/operatorcmds.c b/src/backend/commands/operatorcmds.c index ffc35ea1ae9..de8ec06acbf 100644 --- a/src/backend/commands/operatorcmds.c +++ b/src/backend/commands/operatorcmds.c @@ -9,7 +9,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/commands/operatorcmds.c,v 1.2 2002/04/16 23:08:10 tgl Exp $ + * $Header: /cvsroot/pgsql/src/backend/commands/operatorcmds.c,v 1.3 2002/04/27 03:45:01 tgl Exp $ * * DESCRIPTION * The "DefineFoo" routines take the parse tree and pick out the @@ -44,6 +44,7 @@ #include "parser/parse_oper.h" #include "parser/parse_type.h" #include "utils/acl.h" +#include "utils/lsyscache.h" #include "utils/syscache.h" @@ -60,6 +61,7 @@ DefineOperator(List *names, List *parameters) { char *oprName; Oid oprNamespace; + AclResult aclresult; uint16 precedence = 0; /* operator precedence */ bool canHash = false; /* operator hashes */ bool canMerge = false; /* operator merges */ @@ -85,6 +87,11 @@ DefineOperator(List *names, List *parameters) /* Convert list of names to a name and namespace */ oprNamespace = QualifiedNameGetCreationNamespace(names, &oprName); + /* Check we have creation rights in target namespace */ + aclresult = pg_namespace_aclcheck(oprNamespace, GetUserId(), ACL_CREATE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, get_namespace_name(oprNamespace)); + /* * loop over the definition list and extract the information we need. */ @@ -226,14 +233,15 @@ RemoveOperator(List *operatorName, /* operator name */ tup = SearchSysCacheCopy(OPEROID, ObjectIdGetDatum(operOid), 0, 0, 0); - if (!HeapTupleIsValid(tup)) /* should not happen */ elog(ERROR, "RemoveOperator: failed to find tuple for operator '%s'", NameListToString(operatorName)); - if (!pg_oper_ownercheck(operOid, GetUserId())) - elog(ERROR, "RemoveOperator: operator '%s': permission denied", - NameListToString(operatorName)); + /* Permission check: must own operator or its namespace */ + if (!pg_oper_ownercheck(operOid, GetUserId()) && + !pg_namespace_ownercheck(((Form_pg_operator) GETSTRUCT(tup))->oprnamespace, + GetUserId())) + aclcheck_error(ACLCHECK_NOT_OWNER, NameListToString(operatorName)); /* Delete any comments associated with this operator */ DeleteComments(operOid, RelationGetRelid(relation)); |