diff options
| author | Peter Eisentraut <peter_e@gmx.net> | 2011-12-20 00:05:19 +0200 |
|---|---|---|
| committer | Peter Eisentraut <peter_e@gmx.net> | 2011-12-20 00:05:19 +0200 |
| commit | 729205571e81b4767efc42ad7beb53663e08d1ff (patch) | |
| tree | 54081fe5cf5494bf77f0df20780b21288ba97411 /src/backend/commands/tablecmds.c | |
| parent | 05e992e90e49aa5bca7e2b290ab736bfec97a7c1 (diff) | |
| download | postgresql-729205571e81b4767efc42ad7beb53663e08d1ff.tar.gz postgresql-729205571e81b4767efc42ad7beb53663e08d1ff.zip | |
Add support for privileges on types
This adds support for the more or less SQL-conforming USAGE privilege
on types and domains. The intent is to be able restrict which users
can create dependencies on types, which restricts the way in which
owners can alter types.
reviewed by Yeb Havinga
Diffstat (limited to 'src/backend/commands/tablecmds.c')
| -rw-r--r-- | src/backend/commands/tablecmds.c | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/src/backend/commands/tablecmds.c b/src/backend/commands/tablecmds.c index 00b6cb9d50d..61689b13386 100644 --- a/src/backend/commands/tablecmds.c +++ b/src/backend/commands/tablecmds.c @@ -506,7 +506,16 @@ DefineRelation(CreateStmt *stmt, char relkind, Oid ownerId) (void) heap_reloptions(relkind, reloptions, true); if (stmt->ofTypename) + { + AclResult aclresult; + ofTypeId = typenameTypeId(NULL, stmt->ofTypename); + + aclresult = pg_type_aclcheck(ofTypeId, GetUserId(), ACL_USAGE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, ACL_KIND_TYPE, + format_type_be(ofTypeId)); + } else ofTypeId = InvalidOid; @@ -4326,6 +4335,7 @@ ATExecAddColumn(List **wqueue, AlteredTableInfo *tab, Relation rel, Expr *defval; List *children; ListCell *child; + AclResult aclresult; /* At top level, permission check was done in ATPrepCmd, else do it */ if (recursing) @@ -4429,6 +4439,12 @@ ATExecAddColumn(List **wqueue, AlteredTableInfo *tab, Relation rel, typeTuple = typenameType(NULL, colDef->typeName, &typmod); tform = (Form_pg_type) GETSTRUCT(typeTuple); typeOid = HeapTupleGetOid(typeTuple); + + aclresult = pg_type_aclcheck(typeOid, GetUserId(), ACL_USAGE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, ACL_KIND_TYPE, + format_type_be(typeOid)); + collOid = GetColumnDefCollation(NULL, colDef, typeOid); /* make sure datatype is legal for a column */ @@ -6973,6 +6989,7 @@ ATPrepAlterColumnType(List **wqueue, Oid targetcollid; NewColumnValue *newval; ParseState *pstate = make_parsestate(NULL); + AclResult aclresult; if (rel->rd_rel->reloftype && !recursing) ereport(ERROR, @@ -7006,6 +7023,11 @@ ATPrepAlterColumnType(List **wqueue, /* Look up the target type */ typenameTypeIdAndMod(NULL, typeName, &targettype, &targettypmod); + aclresult = pg_type_aclcheck(targettype, GetUserId(), ACL_USAGE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, ACL_KIND_TYPE, + format_type_be(targettype)); + /* And the collation */ targetcollid = GetColumnDefCollation(NULL, def, targettype); |