diff options
| -rw-r--r-- | doc/src/sgml/ref/create_opclass.sgml | 9 | ||||
| -rw-r--r-- | src/backend/commands/opclasscmds.c | 15 |
2 files changed, 19 insertions, 5 deletions
diff --git a/doc/src/sgml/ref/create_opclass.sgml b/doc/src/sgml/ref/create_opclass.sgml index 74ac1a8d202..48f21435da5 100644 --- a/doc/src/sgml/ref/create_opclass.sgml +++ b/doc/src/sgml/ref/create_opclass.sgml @@ -1,5 +1,5 @@ <!-- -$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_opclass.sgml,v 1.3 2002/09/21 18:32:54 petere Exp $ +$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_opclass.sgml,v 1.4 2002/10/04 22:19:29 tgl Exp $ PostgreSQL documentation --> @@ -209,9 +209,10 @@ CREATE OPERATOR CLASS are for different index access methods. </para> <para> - The user who defines an operator class becomes its owner. The user - must own the data type for which the operator class is being defined, - and must have execute permission for all referenced operators and functions. + The user who defines an operator class becomes its owner. Presently, + the creating user must be a superuser. (This restriction is made because + an erroneous operator class definition could confuse or even crash the + server.) </para> <para> diff --git a/src/backend/commands/opclasscmds.c b/src/backend/commands/opclasscmds.c index 277394626a8..4ec30f93aa3 100644 --- a/src/backend/commands/opclasscmds.c +++ b/src/backend/commands/opclasscmds.c @@ -9,7 +9,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/commands/opclasscmds.c,v 1.5 2002/09/04 20:31:15 momjian Exp $ + * $Header: /cvsroot/pgsql/src/backend/commands/opclasscmds.c,v 1.6 2002/10/04 22:19:29 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -96,12 +96,25 @@ DefineOpClass(CreateOpClassStmt *stmt) ReleaseSysCache(tup); + /* + * Currently, we require superuser privileges to create an opclass. + * This seems necessary because we have no way to validate that the + * offered set of operators and functions are consistent with the AM's + * expectations. It would be nice to provide such a check someday, + * if it can be done without solving the halting problem :-( + */ + if (!superuser()) + elog(ERROR, "Must be superuser to create an operator class"); + /* Look up the datatype */ typeoid = typenameTypeId(stmt->datatype); +#ifdef NOT_USED + /* XXX this is unnecessary given the superuser check above */ /* Check we have ownership of the datatype */ if (!pg_type_ownercheck(typeoid, GetUserId())) aclcheck_error(ACLCHECK_NOT_OWNER, format_type_be(typeoid)); +#endif /* Storage datatype is optional */ storageoid = InvalidOid; |