diff options
| author | Alvaro Herrera <alvherre@alvh.no-ip.org> | 2015-03-09 15:41:54 -0300 |
|---|---|---|
| committer | Alvaro Herrera <alvherre@alvh.no-ip.org> | 2015-03-09 15:41:54 -0300 |
| commit | 31eae6028eca4365e7165f5f33fee1ed0486aee0 (patch) | |
| tree | 388807d83f4aecda050e5f98f880752fbe773b16 /src/backend/commands/policy.c | |
| parent | fa83f809458a966dff225d3d266399d48e7b5e6e (diff) | |
| download | postgresql-31eae6028eca4365e7165f5f33fee1ed0486aee0.tar.gz postgresql-31eae6028eca4365e7165f5f33fee1ed0486aee0.zip | |
Allow CURRENT/SESSION_USER to be used in certain commands
Commands such as ALTER USER, ALTER GROUP, ALTER ROLE, GRANT, and the
various ALTER OBJECT / OWNER TO, as well as ad-hoc clauses related to
roles such as the AUTHORIZATION clause of CREATE SCHEMA, the FOR clause
of CREATE USER MAPPING, and the FOR ROLE clause of ALTER DEFAULT
PRIVILEGES can now take the keywords CURRENT_USER and SESSION_USER as
user specifiers in place of an explicit user name.
This commit also fixes some quite ugly handling of special standards-
mandated syntax in CREATE USER MAPPING, which in particular would fail
to work in presence of a role named "current_user".
The special role specifiers PUBLIC and NONE also have more consistent
handling now.
Also take the opportunity to add location tracking to user specifiers.
Authors: Kyotaro Horiguchi. Heavily reworked by Álvaro Herrera.
Reviewed by: Rushabh Lathia, Adam Brightwell, Marti Raudsepp.
Diffstat (limited to 'src/backend/commands/policy.c')
| -rw-r--r-- | src/backend/commands/policy.c | 18 |
1 files changed, 6 insertions, 12 deletions
diff --git a/src/backend/commands/policy.c b/src/backend/commands/policy.c index e86299781f9..a3d840da5cf 100644 --- a/src/backend/commands/policy.c +++ b/src/backend/commands/policy.c @@ -129,13 +129,7 @@ parse_policy_command(const char *cmd_name) /* * policy_role_list_to_array - * helper function to convert a list of role names in to an array of - * role ids. - * - * Note: If PUBLIC is provided as a role name, then ACL_ID_PUBLIC is - * used as the role id. - * - * roles - the list of role names to convert. + * helper function to convert a list of RoleSpecs to an array of role ids. */ static ArrayType * policy_role_list_to_array(List *roles) @@ -162,25 +156,25 @@ policy_role_list_to_array(List *roles) foreach(cell, roles) { - Oid roleid = get_role_oid_or_public(strVal(lfirst(cell))); + RoleSpec *spec = lfirst(cell); /* * PUBLIC covers all roles, so it only makes sense alone. */ - if (roleid == ACL_ID_PUBLIC) + if (spec->roletype == ROLESPEC_PUBLIC) { if (num_roles != 1) ereport(WARNING, (errcode(ERRCODE_INVALID_PARAMETER_VALUE), errmsg("ignoring roles specified other than public"), errhint("All roles are members of the public role."))); - - temp_array[0] = ObjectIdGetDatum(roleid); + temp_array[0] = ObjectIdGetDatum(ACL_ID_PUBLIC); num_roles = 1; break; } else - temp_array[i++] = ObjectIdGetDatum(roleid); + temp_array[i++] = + ObjectIdGetDatum(get_rolespec_oid((Node *) spec, false)); } role_ids = construct_array(temp_array, num_roles, OIDOID, sizeof(Oid), true, |