diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2004-05-11 17:36:13 +0000 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2004-05-11 17:36:13 +0000 |
| commit | 5ddbe904c0f6d0dc67597b43b7823cc54300b638 (patch) | |
| tree | e7e292be13bda61ebec0deee0e8ee4d4b2f85580 /src/backend/executor/execMain.c | |
| parent | f739deb50fbcc4c275f2d90daa2bd997ff9d0c7c (diff) | |
| download | postgresql-5ddbe904c0f6d0dc67597b43b7823cc54300b638.tar.gz postgresql-5ddbe904c0f6d0dc67597b43b7823cc54300b638.zip | |
Refactor low-level aclcheck code to provide useful interfaces for multi-bit
permissions tests in about the same amount of code as before. Exactly what
the GRANT/REVOKE code ought to be doing is still up for debate, but this
should be helpful in any case, and it already solves an efficiency problem
in executor startup.
Diffstat (limited to 'src/backend/executor/execMain.c')
| -rw-r--r-- | src/backend/executor/execMain.c | 29 |
1 files changed, 7 insertions, 22 deletions
diff --git a/src/backend/executor/execMain.c b/src/backend/executor/execMain.c index 13b38d37529..e8ed4ce5cc4 100644 --- a/src/backend/executor/execMain.c +++ b/src/backend/executor/execMain.c @@ -26,7 +26,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/executor/execMain.c,v 1.230 2004/03/23 19:35:16 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/executor/execMain.c,v 1.231 2004/05/11 17:36:12 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -412,28 +412,13 @@ ExecCheckRTEPerms(RangeTblEntry *rte) userid = rte->checkAsUser ? rte->checkAsUser : GetUserId(); /* - * For each bit in requiredPerms, apply the required check. (We can't - * do this in one aclcheck call because aclcheck treats multiple bits - * as OR semantics, when we want AND.) - * - * We use a well-known cute trick for isolating the rightmost one-bit - * in a nonzero word. See nodes/bitmapset.c for commentary. + * We must have *all* the requiredPerms bits, so use aclmask not + * aclcheck. */ -#define RIGHTMOST_ONE(x) ((int32) (x) & -((int32) (x))) - - while (requiredPerms != 0) - { - AclMode thisPerm; - AclResult aclcheck_result; - - thisPerm = RIGHTMOST_ONE(requiredPerms); - requiredPerms &= ~thisPerm; - - aclcheck_result = pg_class_aclcheck(relOid, userid, thisPerm); - if (aclcheck_result != ACLCHECK_OK) - aclcheck_error(aclcheck_result, ACL_KIND_CLASS, - get_rel_name(relOid)); - } + if (pg_class_aclmask(relOid, userid, requiredPerms, ACLMASK_ALL) + != requiredPerms) + aclcheck_error(ACLCHECK_NO_PRIV, ACL_KIND_CLASS, + get_rel_name(relOid)); } /* |