From 5ddbe904c0f6d0dc67597b43b7823cc54300b638 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Tue, 11 May 2004 17:36:13 +0000 Subject: Refactor low-level aclcheck code to provide useful interfaces for multi-bit permissions tests in about the same amount of code as before. Exactly what the GRANT/REVOKE code ought to be doing is still up for debate, but this should be helpful in any case, and it already solves an efficiency problem in executor startup. --- src/backend/executor/execMain.c | 29 +++++++---------------------- 1 file changed, 7 insertions(+), 22 deletions(-) (limited to 'src/backend/executor/execMain.c') diff --git a/src/backend/executor/execMain.c b/src/backend/executor/execMain.c index 13b38d37529..e8ed4ce5cc4 100644 --- a/src/backend/executor/execMain.c +++ b/src/backend/executor/execMain.c @@ -26,7 +26,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/executor/execMain.c,v 1.230 2004/03/23 19:35:16 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/executor/execMain.c,v 1.231 2004/05/11 17:36:12 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -412,28 +412,13 @@ ExecCheckRTEPerms(RangeTblEntry *rte) userid = rte->checkAsUser ? rte->checkAsUser : GetUserId(); /* - * For each bit in requiredPerms, apply the required check. (We can't - * do this in one aclcheck call because aclcheck treats multiple bits - * as OR semantics, when we want AND.) - * - * We use a well-known cute trick for isolating the rightmost one-bit - * in a nonzero word. See nodes/bitmapset.c for commentary. + * We must have *all* the requiredPerms bits, so use aclmask not + * aclcheck. */ -#define RIGHTMOST_ONE(x) ((int32) (x) & -((int32) (x))) - - while (requiredPerms != 0) - { - AclMode thisPerm; - AclResult aclcheck_result; - - thisPerm = RIGHTMOST_ONE(requiredPerms); - requiredPerms &= ~thisPerm; - - aclcheck_result = pg_class_aclcheck(relOid, userid, thisPerm); - if (aclcheck_result != ACLCHECK_OK) - aclcheck_error(aclcheck_result, ACL_KIND_CLASS, - get_rel_name(relOid)); - } + if (pg_class_aclmask(relOid, userid, requiredPerms, ACLMASK_ALL) + != requiredPerms) + aclcheck_error(ACLCHECK_NO_PRIV, ACL_KIND_CLASS, + get_rel_name(relOid)); } /* -- cgit v1.2.3