diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2010-03-06 23:10:50 +0000 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2010-03-06 23:10:50 +0000 |
| commit | f2c458ed011e55585ee3c8f335382c21e55db72f (patch) | |
| tree | cb09d0ff20f78f4dacea024643780575b70efd32 | |
| parent | d192b386072b19c7abbd692d99485be6b704a67d (diff) | |
Fix warning messages in restrict_and_check_grant() to include the column name
when warning about column-level privileges. This is more useful than before
and makes the apparent duplication complained of by Piyush Newe not so
duplicate. Also fix lack of quote marks in a related message text.
Back-patch to 8.4, where column-level privileges were introduced.
Stephen Frost
| -rw-r--r-- | src/backend/catalog/aclchk.c | 64 |
1 files changed, 50 insertions, 14 deletions
diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c index bb15e78d1c9..958172c8ef7 100644 --- a/src/backend/catalog/aclchk.c +++ b/src/backend/catalog/aclchk.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/catalog/aclchk.c,v 1.154 2009/06/11 14:48:54 momjian Exp $ + * $PostgreSQL: pgsql/src/backend/catalog/aclchk.c,v 1.154.2.1 2010/03/06 23:10:50 tgl Exp $ * * NOTES * See acl.h. @@ -247,24 +247,60 @@ restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs, if (is_grant) { if (this_privileges == 0) - ereport(WARNING, - (errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED), - errmsg("no privileges were granted for \"%s\"", objname))); + { + if (objkind == ACL_KIND_COLUMN && colname) + ereport(WARNING, + (errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED), + errmsg("no privileges were granted for column \"%s\" of relation \"%s\"", + colname, objname))); + else + ereport(WARNING, + (errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED), + errmsg("no privileges were granted for \"%s\"", + objname))); + } else if (!all_privs && this_privileges != privileges) - ereport(WARNING, - (errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED), - errmsg("not all privileges were granted for \"%s\"", objname))); + { + if (objkind == ACL_KIND_COLUMN && colname) + ereport(WARNING, + (errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED), + errmsg("not all privileges were granted for column \"%s\" of relation \"%s\"", + colname, objname))); + else + ereport(WARNING, + (errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED), + errmsg("not all privileges were granted for \"%s\"", + objname))); + } } else { if (this_privileges == 0) - ereport(WARNING, - (errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED), - errmsg("no privileges could be revoked for \"%s\"", objname))); + { + if (objkind == ACL_KIND_COLUMN && colname) + ereport(WARNING, + (errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED), + errmsg("no privileges could be revoked for column \"%s\" of relation \"%s\"", + colname, objname))); + else + ereport(WARNING, + (errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED), + errmsg("no privileges could be revoked for \"%s\"", + objname))); + } else if (!all_privs && this_privileges != privileges) - ereport(WARNING, - (errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED), - errmsg("not all privileges could be revoked for \"%s\"", objname))); + { + if (objkind == ACL_KIND_COLUMN && colname) + ereport(WARNING, + (errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED), + errmsg("not all privileges could be revoked for column \"%s\" of relation \"%s\"", + colname, objname))); + else + ereport(WARNING, + (errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED), + errmsg("not all privileges could be revoked for \"%s\"", + objname))); + } } return this_privileges; @@ -2182,7 +2218,7 @@ aclcheck_error_col(AclResult aclerr, AclObjectKind objectkind, case ACLCHECK_NO_PRIV: ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), - errmsg("permission denied for column %s of relation %s", + errmsg("permission denied for column \"%s\" of relation \"%s\"", colname, objectname))); break; case ACLCHECK_NOT_OWNER: |