aboutsummaryrefslogtreecommitdiff
path: root/src/backend/commands/alter.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/backend/commands/alter.c')
-rw-r--r--src/backend/commands/alter.c24
1 files changed, 24 insertions, 0 deletions
diff --git a/src/backend/commands/alter.c b/src/backend/commands/alter.c
index bea51b3af1f..10f28f94bca 100644
--- a/src/backend/commands/alter.c
+++ b/src/backend/commands/alter.c
@@ -24,6 +24,7 @@
#include "catalog/objectaccess.h"
#include "catalog/pg_collation.h"
#include "catalog/pg_conversion.h"
+#include "catalog/pg_database_d.h"
#include "catalog/pg_event_trigger.h"
#include "catalog/pg_foreign_data_wrapper.h"
#include "catalog/pg_foreign_server.h"
@@ -235,6 +236,29 @@ AlterObjectRename_internal(Relation rel, Oid objectId, const char *new_name)
aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(namespaceId));
}
+
+ if (classId == SubscriptionRelationId)
+ {
+ Form_pg_subscription form;
+
+ /* must have CREATE privilege on database */
+ aclresult = object_aclcheck(DatabaseRelationId, MyDatabaseId,
+ GetUserId(), ACL_CREATE);
+ if (aclresult != ACLCHECK_OK)
+ aclcheck_error(aclresult, OBJECT_DATABASE,
+ get_database_name(MyDatabaseId));
+
+ /*
+ * Don't allow non-superuser modification of a subscription with
+ * password_required=false.
+ */
+ form = (Form_pg_subscription) GETSTRUCT(oldtup);
+ if (!form->subpasswordrequired && !superuser())
+ ereport(ERROR,
+ (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+ errmsg("password_required=false is superuser-only"),
+ errhint("Subscriptions with the password_required option set to false may only be created or modified by the superuser.")));
+ }
}
/*
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-31 13:05:37 +0000