diff options
| author | Andres Freund <andres@anarazel.de> | 2015-05-08 00:20:46 +0200 |
|---|---|---|
| committer | Andres Freund <andres@anarazel.de> | 2015-05-08 00:20:46 +0200 |
| commit | 2c8f4836db058d0715bc30a30655d646287ba509 (patch) | |
| tree | 31576f5fc453bd2dbc5642c1281640b5eb959307 /src/include/nodes/parsenodes.h | |
| parent | db5f98ab4fa44bc563ec62d7b1aada4fc276d9b2 (diff) | |
| download | postgresql-2c8f4836db058d0715bc30a30655d646287ba509.tar.gz postgresql-2c8f4836db058d0715bc30a30655d646287ba509.zip | |
Represent columns requiring insert and update privileges indentently.
Previously, relation range table entries used a single Bitmapset field
representing which columns required either UPDATE or INSERT privileges,
despite the fact that INSERT and UPDATE privileges are separately
cataloged, and may be independently held. As statements so far required
either insert or update privileges but never both, that was
sufficient. The required permission could be inferred from the top level
statement run.
The upcoming INSERT ... ON CONFLICT UPDATE feature needs to
independently check for both privileges in one statement though, so that
is not sufficient anymore.
Bumps catversion as stored rules change.
Author: Peter Geoghegan
Reviewed-By: Andres Freund
Diffstat (limited to 'src/include/nodes/parsenodes.h')
| -rw-r--r-- | src/include/nodes/parsenodes.h | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/src/include/nodes/parsenodes.h b/src/include/nodes/parsenodes.h index 852eb4fbdc9..7d15ef2847b 100644 --- a/src/include/nodes/parsenodes.h +++ b/src/include/nodes/parsenodes.h @@ -735,11 +735,12 @@ typedef struct XmlSerialize * For SELECT/INSERT/UPDATE permissions, if the user doesn't have * table-wide permissions then it is sufficient to have the permissions * on all columns identified in selectedCols (for SELECT) and/or - * modifiedCols (for INSERT/UPDATE; we can tell which from the query type). - * selectedCols and modifiedCols are bitmapsets, which cannot have negative - * integer members, so we subtract FirstLowInvalidHeapAttributeNumber from - * column numbers before storing them in these fields. A whole-row Var - * reference is represented by setting the bit for InvalidAttrNumber. + * insertedCols and/or updatedCols (INSERT with ON CONFLICT UPDATE may + * have all 3). selectedCols, insertedCols and updatedCols are + * bitmapsets, which cannot have negative integer members, so we subtract + * FirstLowInvalidHeapAttributeNumber from column numbers before storing + * them in these fields. A whole-row Var reference is represented by + * setting the bit for InvalidAttrNumber. *-------------------- */ typedef enum RTEKind @@ -834,7 +835,8 @@ typedef struct RangeTblEntry AclMode requiredPerms; /* bitmask of required access permissions */ Oid checkAsUser; /* if valid, check access as this role */ Bitmapset *selectedCols; /* columns needing SELECT permission */ - Bitmapset *modifiedCols; /* columns needing INSERT/UPDATE permission */ + Bitmapset *insertedCols; /* columns needing INSERT permission */ + Bitmapset *updatedCols; /* columns needing UPDATE permission */ List *securityQuals; /* any security barrier quals to apply */ } RangeTblEntry; |