Restructure aclcheck error reporting to make permission-failure

messages more uniform and internationalizable: the global array
aclcheck_error_strings[] is gone in favor of a subroutine
aclcheck_error().  Partial implementation of namespace-related
permission checks --- not all done yet.

1 files changed, 14 insertions, 1 deletions

diff --git a/src/backend/commands/schemacmds.c b/src/backend/commands/schemacmds.c
index 191d5e329b8..30bc4077d38 100644
--- a/src/backend/commands/schemacmds.c
+++ b/src/backend/commands/schemacmds.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/commands/schemacmds.c,v 1.1 2002/04/15 05:22:03 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/commands/schemacmds.c,v 1.2 2002/04/27 03:45:01 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -20,6 +20,7 @@
 #include "miscadmin.h"
 #include "parser/analyze.h"
 #include "tcop/utility.h"
+#include "utils/acl.h"
 #include "utils/lsyscache.h"
 
 
@@ -36,9 +37,14 @@ CreateSchemaCommand(CreateSchemaStmt *stmt)
 	const char *owner_name;
 	Oid			owner_userid;
 	Oid			saved_userid;
+	AclResult	aclresult;
 
 	saved_userid = GetUserId();
 
+	/*
+	 * Figure out user identities.
+	 */
+
 	if (!authId)
 	{
 		owner_userid = saved_userid;
@@ -67,6 +73,13 @@ CreateSchemaCommand(CreateSchemaStmt *stmt)
 				 owner_name, authId);
 	}
 
+	/*
+	 * Permissions checks.
+	 */
+	aclresult = pg_database_aclcheck(MyDatabaseId, saved_userid, ACL_CREATE);
+	if (aclresult != ACLCHECK_OK)
+		aclcheck_error(aclresult, DatabaseName);
+
 	if (!allowSystemTableMods && IsReservedName(schemaName))
 		elog(ERROR, "CREATE SCHEMA: Illegal schema name: \"%s\" -- pg_ is reserved for system schemas",
 			 schemaName);