diff options
Diffstat (limited to 'src/backend/utils')
| -rw-r--r-- | src/backend/utils/adt/acl.c | 22 | ||||
| -rw-r--r-- | src/backend/utils/cache/relcache.c | 19 |
2 files changed, 29 insertions, 12 deletions
diff --git a/src/backend/utils/adt/acl.c b/src/backend/utils/adt/acl.c index c3ac26dce4a..509c6dea92a 100644 --- a/src/backend/utils/adt/acl.c +++ b/src/backend/utils/adt/acl.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/utils/adt/acl.c,v 1.134 2006/07/14 14:52:23 momjian Exp $ + * $PostgreSQL: pgsql/src/backend/utils/adt/acl.c,v 1.135 2006/09/05 21:08:36 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -265,9 +265,6 @@ aclparse(const char *s, AclItem *aip) case ACL_DELETE_CHR: read = ACL_DELETE; break; - case ACL_RULE_CHR: - read = ACL_RULE; - break; case ACL_REFERENCES_CHR: read = ACL_REFERENCES; break; @@ -289,6 +286,9 @@ aclparse(const char *s, AclItem *aip) case ACL_CONNECT_CHR: read = ACL_CONNECT; break; + case 'R': /* ignore old RULE privileges */ + read = 0; + break; default: ereport(ERROR, (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION), @@ -1325,8 +1325,6 @@ convert_priv_string(text *priv_type_text) return ACL_UPDATE; if (pg_strcasecmp(priv_type, "DELETE") == 0) return ACL_DELETE; - if (pg_strcasecmp(priv_type, "RULE") == 0) - return ACL_RULE; if (pg_strcasecmp(priv_type, "REFERENCES") == 0) return ACL_REFERENCES; if (pg_strcasecmp(priv_type, "TRIGGER") == 0) @@ -1343,6 +1341,8 @@ convert_priv_string(text *priv_type_text) return ACL_CREATE_TEMP; if (pg_strcasecmp(priv_type, "CONNECT") == 0) return ACL_CONNECT; + if (pg_strcasecmp(priv_type, "RULE") == 0) + return 0; /* ignore old RULE privileges */ ereport(ERROR, (errcode(ERRCODE_INVALID_PARAMETER_VALUE), @@ -1553,11 +1553,6 @@ convert_table_priv_string(text *priv_type_text) if (pg_strcasecmp(priv_type, "DELETE WITH GRANT OPTION") == 0) return ACL_GRANT_OPTION_FOR(ACL_DELETE); - if (pg_strcasecmp(priv_type, "RULE") == 0) - return ACL_RULE; - if (pg_strcasecmp(priv_type, "RULE WITH GRANT OPTION") == 0) - return ACL_GRANT_OPTION_FOR(ACL_RULE); - if (pg_strcasecmp(priv_type, "REFERENCES") == 0) return ACL_REFERENCES; if (pg_strcasecmp(priv_type, "REFERENCES WITH GRANT OPTION") == 0) @@ -1568,6 +1563,11 @@ convert_table_priv_string(text *priv_type_text) if (pg_strcasecmp(priv_type, "TRIGGER WITH GRANT OPTION") == 0) return ACL_GRANT_OPTION_FOR(ACL_TRIGGER); + if (pg_strcasecmp(priv_type, "RULE") == 0) + return 0; /* ignore old RULE privileges */ + if (pg_strcasecmp(priv_type, "RULE WITH GRANT OPTION") == 0) + return 0; + ereport(ERROR, (errcode(ERRCODE_INVALID_PARAMETER_VALUE), errmsg("unrecognized privilege type: \"%s\"", priv_type))); diff --git a/src/backend/utils/cache/relcache.c b/src/backend/utils/cache/relcache.c index 08697d50366..190543e2bd7 100644 --- a/src/backend/utils/cache/relcache.c +++ b/src/backend/utils/cache/relcache.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/utils/cache/relcache.c,v 1.247 2006/07/31 20:09:05 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/utils/cache/relcache.c,v 1.248 2006/09/05 21:08:36 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -51,6 +51,7 @@ #include "optimizer/clauses.h" #include "optimizer/planmain.h" #include "optimizer/prep.h" +#include "rewrite/rewriteDefine.h" #include "storage/fd.h" #include "storage/smgr.h" #include "utils/builtins.h" @@ -683,6 +684,22 @@ RelationBuildRuleLock(Relation relation) if ((Pointer) rule_text != DatumGetPointer(rule_datum)) pfree(rule_text); + /* + * We want the rule's table references to be checked as though by the + * table owner, not the user referencing the rule. Therefore, scan + * through the rule's actions and set the checkAsUser field on all + * rtable entries. We have to look at the qual as well, in case it + * contains sublinks. + * + * The reason for doing this when the rule is loaded, rather than + * when it is stored, is that otherwise ALTER TABLE OWNER would have + * to grovel through stored rules to update checkAsUser fields. + * Scanning the rule tree during load is relatively cheap (compared + * to constructing it in the first place), so we do it here. + */ + setRuleCheckAsUser((Node *) rule->actions, relation->rd_rel->relowner); + setRuleCheckAsUser(rule->qual, relation->rd_rel->relowner); + if (numlocks >= maxlocks) { maxlocks *= 2; |