From cfd7fb7ed4b66da97f88338d991843fa7e2fe59d Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Wed, 14 Jan 2004 23:01:55 +0000 Subject: Fix permission-checking bug reported by Tim Burgess 10-Feb-03 (this time for sure...). Rather than relying on the query context of a rangetable entry to identify what permissions it wants checked, store a full AclMode mask in each RTE, and check exactly those bits. This allows an RTE specifying, say, INSERT privilege on a view to be copied into a derived UPDATE query without changing meaning. Per recent discussion thread. initdb forced due to change of stored rule representation. --- src/backend/parser/parse_clause.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) (limited to 'src/backend/parser/parse_clause.c') diff --git a/src/backend/parser/parse_clause.c b/src/backend/parser/parse_clause.c index d4e6747df6f..8b7be43af13 100644 --- a/src/backend/parser/parse_clause.c +++ b/src/backend/parser/parse_clause.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/parser/parse_clause.c,v 1.125 2003/11/29 19:51:51 pgsql Exp $ + * $PostgreSQL: pgsql/src/backend/parser/parse_clause.c,v 1.126 2004/01/14 23:01:55 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -116,11 +116,14 @@ transformFromClause(ParseState *pstate, List *frmList) * to check for namespace conflict; we assume that the namespace was * initially empty in these cases.) * + * Finally, we mark the relation as requiring the permissions specified + * by requiredPerms. + * * Returns the rangetable index of the target relation. */ int setTargetTable(ParseState *pstate, RangeVar *relation, - bool inh, bool alsoSource) + bool inh, bool alsoSource, AclMode requiredPerms) { RangeTblEntry *rte; int rtindex; @@ -149,16 +152,15 @@ setTargetTable(ParseState *pstate, RangeVar *relation, Assert(rte == rt_fetch(rtindex, pstate->p_rtable)); /* - * Override addRangeTableEntry's default checkForRead, and instead - * mark target table as requiring write access. + * Override addRangeTableEntry's default ACL_SELECT permissions check, + * and instead mark target table as requiring exactly the specified + * permissions. * * If we find an explicit reference to the rel later during parse - * analysis, scanRTEForColumn will change checkForRead to 'true' - * again. That can't happen for INSERT but it is possible for UPDATE - * and DELETE. + * analysis, scanRTEForColumn will add the ACL_SELECT bit back again. + * That can't happen for INSERT but it is possible for UPDATE and DELETE. */ - rte->checkForRead = false; - rte->checkForWrite = true; + rte->requiredPerms = requiredPerms; /* * If UPDATE/DELETE, add table to joinlist and namespace. -- cgit v1.2.3