| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| |
|
|
|
|
|
| |
existing ones for object privileges. Update the information_schema for
roles --- pg_has_role() makes this a whole lot easier, removing the need
for most of the explicit joins with pg_user. The views should be a tad
faster now, too. Stephen Frost and Tom Lane.
|
| |
|
|
|
| |
Add spaces where needed.
Reference time interval variables as tinterval.
|
| |
|
|
|
|
|
|
|
|
|
| |
requiring superuserness always, allow an owner to reassign ownership
to any role he is a member of, if that role would have the right to
create a similar object. These three requirements essentially state
that the would-be alterer has enough privilege to DROP the existing
object and then re-CREATE it as the new role; so we might as well
let him do it in one step. The ALTER TABLESPACE case is a bit
squirrely, but the whole concept of non-superuser tablespace owners
is pretty dubious anyway. Stephen Frost, code review by Tom Lane.
|
| |
|
|
|
|
|
| |
have adequate mechanisms for tracking the contents of databases and
tablespaces). This solves the longstanding problem that you can drop a
user who still owns objects and/or has access permissions.
Alvaro Herrera, with some kibitzing from Tom Lane.
|
| |
|
|
|
|
| |
role memberships; make superuser/createrole distinction do something
useful; fix some locking and CommandCounterIncrement issues; prevent
creation of loops in the membership graph.
|
| |
|
|
|
|
|
|
|
| |
syntactic conflicts, both privilege and role GRANT/REVOKE commands have
to use the same production for scanning the list of tokens that might
eventually turn out to be privileges or role names. So, change the
existing GRANT/REVOKE code to expect a list of strings not pre-reduced
AclMode values. Fix a couple other minor issues while at it, such as
InitializeAcl function name conflicting with a Windows system function.
|
| |
|
|
|
|
|
|
| |
and pg_auth_members. There are still many loose ends to finish in this
patch (no documentation, no regression tests, no pg_dump support for
instance). But I'm going to commit it now anyway so that Alvaro can
make some progress on shared dependencies. The catalog changes should
be pretty much done.
|
| |
|
|
| |
used. From Jaime Casanova.
|
| |
|
|
|
|
|
|
| |
Also performed an initial run through of upgrading our Copyright date to
extend to 2005 ... first run here was very simple ... change everything
where: grep 1996-2004 && the word 'Copyright' ... scanned through the
generated list with 'less' first, and after, to make sure that I only
picked up the right entries ...
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
This avoids changing the displayed appearance of ACL columns now that
array_out decorates its output with bounds information when the lower
bound isn't one. Per gripe from Gaetano Mendola. Note that I did not
force initdb for this, although any database initdb'd in the last
couple of days is going to have some problems.
|
| |
|
|
|
|
| |
to the old owner with the new owner. This is not necessarily right, but
it's sure a lot more likely to be what the user wants than doing nothing.
Christopher Kings-Lynne, some rework by Tom Lane.
|
| |
|
|
| |
Christopher Kings-Lynne
|
| |
|
|
|
|
|
|
|
| |
There are various things left to do: contrib dbsize and oid2name modules
need work, and so does the documentation. Also someone should think about
COMMENT ON TABLESPACE and maybe RENAME TABLESPACE. Also initlocation is
dead, it just doesn't know it yet.
Gavin Sherry and Tom Lane.
|
| |
|
|
|
|
|
|
|
|
| |
of bug report #1150. Also, arrange that the object owner's irrevocable
grant-option permissions are handled implicitly by the system rather than
being listed in the ACL as self-granted rights (which was wrong anyway).
I did not take the further step of showing these permissions in an
explicit 'granted by _SYSTEM' ACL entry, as that seemed more likely to
bollix up existing clients than to do anything really useful. It's still
a possible future direction, though.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
conversion of basic ASCII letters. Remove all uses of strcasecmp and
strncasecmp in favor of new functions pg_strcasecmp and pg_strncasecmp;
remove most but not all direct uses of toupper and tolower in favor of
pg_toupper and pg_tolower. These functions use the same notions of
case folding already developed for identifier case conversion. I left
the straight locale-based folding in place for situations where we are
just manipulating user data and not trying to match it to built-in
strings --- for example, the SQL upper() function is still locale
dependent. Perhaps this will prove not to be what's wanted, but at
the moment we can initdb and pass regression tests in Turkish locale.
|
| |
|
|
|
|
|
|
|
|
|
| |
> Please find a attached a small patch that adds accessor functions
> for "aclitem" so that it is not an opaque datatype.
>
> I needed these functions to browse aclitems from user land. I can load
> them when necessary, but it seems to me that these accessors for a
> backend type belong to the backend, so I submit them.
>
> Fabien Coelho
|
| |
|
|
|
|
|
|
|
|
| |
for "aclitem" so that it is not an opaque datatype.
I needed these functions to browse aclitems from user land. I can load
them when necessary, but it seems to me that these accessors for a
backend type belong to the backend, so I submit them.
Fabien Coelho
|
| | |
|
| |
|
|
|
|
| |
ACL array, and force languages to be treated as owned by the bootstrap
user ID. (pg_language should have a lanowner column, but until it does
this will have to do as a workaround.)
|
| |
|
|
|
| |
terms, add some clarifications, fix some untranslatable attempts at dynamic
message building.
|
| | |
|
| |
|
|
|
| |
feature they complain about isn't a feature or cannot be implemented without
definitional changes.
|
| |
|
|
|
|
|
|
|
|
|
| |
datatype by array_eq and array_cmp; use this to solve problems with memory
leaks in array indexing support. The parser's equality_oper and ordering_oper
routines also use the cache. Change the operator search algorithms to look
for appropriate btree or hash index opclasses, instead of assuming operators
named '<' or '=' have the right semantics. (ORDER BY ASC/DESC now also look
at opclasses, instead of assuming '<' and '>' are the right things.) Add
several more index opclasses so that there is no regression in functionality
for base datatypes. initdb forced due to catalog additions.
|
| |
|
|
| |
Christopher Kings-Lynne
|
| | |
|
| | |
|
| |
|
|
| |
the bulk of the heavy lifting ...
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
comparison functions), replacing the highly bogus bitwise array_eq. Create
a btree index opclass for ANYARRAY --- it is now possible to create indexes
on array columns.
Arrange to cache the results of catalog lookups across multiple array
operations, instead of repeating the lookups on every call.
Add string_to_array and array_to_string functions.
Remove singleton_array, array_accum, array_assign, and array_subscript
functions, since these were for proof-of-concept and not intended to become
supported functions.
Minor adjustments to behavior in some corner cases with empty or
zero-dimensional arrays.
Joe Conway (with some editorializing by Tom Lane).
|
| |
|
|
| |
Joe Conway
|
| |
|
|
| |
Joe Conway
|
| | |
|
| |
|
|
| |
Per recent gripe.
|
| | |
|
| |
|
|
|
| |
users right now, not groups. Extension of has_foo_privileges functions to
query the grant options. Extension of aclitem type to store grantor.
|
| | |
|
| | |
|
| |
|
|
| |
to MemSet is a performance boost.
|
| | |
|
| |
|
|
|
| |
and PUBLIC EXECUTE, respectively. Per discussion about easing updates
from prior versions.
|
| | |
|
| |
|
|
|
|
|
| |
creation to world, but disallow temp table creation in template1. Per
latest round of pghackers discussion.
I did not force initdb, but the permissions lockdown on template1 will
not take effect unless you do one (or manually REVOKE TEMP ON DATABASE template1 FROM public).
|
| |
|
|
|
|
|
|
| |
copying into a fixed-size buffer (in this case, a buffer of
NAMEDATALEN bytes). AFAICT nothing to worry about here, but worth
fixing anyway...
Neil Conway
|
| |
|
|
|
|
|
|
|
|
| |
array header, and to compute sizing and alignment of array elements
the same way normal tuple access operations do --- viz, using the
tupmacs.h macros att_addlength and att_align. This makes the world
safe for arrays of cstrings or intervals, and should make it much
easier to write array-type-polymorphic functions; as examples see
the cleanups of array_out and contrib/array_iterator. By Joe Conway
and Tom Lane.
|
| |
|
|
|
|
|
|
|
|
|
| |
has_function_privilege,
has_language_privilege, has_schema_privilege to let SQL queries test
all the new privilege types in 7.3. Also, add functions pg_table_is_visible,
pg_type_is_visible, pg_function_is_visible, pg_operator_is_visible,
pg_opclass_is_visible to test whether objects contained in schemas are
visible in the current search path. Do some minor cleanup to centralize
accesses to pg_database, as well.
|
| | |
|
| |
|
|
|
|
|
| |
messages more uniform and internationalizable: the global array
aclcheck_error_strings[] is gone in favor of a subroutine
aclcheck_error(). Partial implementation of namespace-related
permission checks --- not all done yet.
|
| |
|
|
|
| |
Update has_table_privilege functions to cope with schema-qualified
names in the same way as nextval() and others.
|
