diff options
| author | Peter Eisentraut <peter_e@gmx.net> | 2011-12-20 00:05:19 +0200 |
|---|---|---|
| committer | Peter Eisentraut <peter_e@gmx.net> | 2011-12-20 00:05:19 +0200 |
| commit | 729205571e81b4767efc42ad7beb53663e08d1ff (patch) | |
| tree | 54081fe5cf5494bf77f0df20780b21288ba97411 /src/backend/commands/operatorcmds.c | |
| parent | 05e992e90e49aa5bca7e2b290ab736bfec97a7c1 (diff) | |
| download | postgresql-729205571e81b4767efc42ad7beb53663e08d1ff.tar.gz postgresql-729205571e81b4767efc42ad7beb53663e08d1ff.zip | |
Add support for privileges on types
This adds support for the more or less SQL-conforming USAGE privilege
on types and domains. The intent is to be able restrict which users
can create dependencies on types, which restricts the way in which
owners can alter types.
reviewed by Yeb Havinga
Diffstat (limited to 'src/backend/commands/operatorcmds.c')
| -rw-r--r-- | src/backend/commands/operatorcmds.c | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/src/backend/commands/operatorcmds.c b/src/backend/commands/operatorcmds.c index 1e6c5ce2ad7..0fdf0803134 100644 --- a/src/backend/commands/operatorcmds.c +++ b/src/backend/commands/operatorcmds.c @@ -45,6 +45,7 @@ #include "parser/parse_func.h" #include "parser/parse_oper.h" #include "parser/parse_type.h" +#include "utils/builtins.h" #include "utils/lsyscache.h" #include "utils/rel.h" #include "utils/syscache.h" @@ -73,6 +74,7 @@ DefineOperator(List *names, List *parameters) TypeName *typeName2 = NULL; /* second type name */ Oid typeId1 = InvalidOid; /* types converted to OID */ Oid typeId2 = InvalidOid; + Oid rettype; List *commutatorName = NIL; /* optional commutator operator name */ List *negatorName = NIL; /* optional negator operator name */ List *restrictionName = NIL; /* optional restrict. sel. procedure */ @@ -175,6 +177,22 @@ DefineOperator(List *names, List *parameters) (errcode(ERRCODE_INVALID_FUNCTION_DEFINITION), errmsg("at least one of leftarg or rightarg must be specified"))); + if (typeName1) + { + aclresult = pg_type_aclcheck(typeId1, GetUserId(), ACL_USAGE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, ACL_KIND_TYPE, + format_type_be(typeId1)); + } + + if (typeName2) + { + aclresult = pg_type_aclcheck(typeId2, GetUserId(), ACL_USAGE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, ACL_KIND_TYPE, + format_type_be(typeId2)); + } + /* * Look up the operator's underlying function. */ @@ -206,6 +224,12 @@ DefineOperator(List *names, List *parameters) aclcheck_error(aclresult, ACL_KIND_PROC, NameListToString(functionName)); + rettype = get_func_rettype(functionOid); + aclresult = pg_type_aclcheck(rettype, GetUserId(), ACL_USAGE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, ACL_KIND_TYPE, + format_type_be(rettype)); + /* * Look up restriction estimator if specified */ |