diff options
| author | Peter Eisentraut <peter_e@gmx.net> | 2011-12-20 00:05:19 +0200 |
|---|---|---|
| committer | Peter Eisentraut <peter_e@gmx.net> | 2011-12-20 00:05:19 +0200 |
| commit | 729205571e81b4767efc42ad7beb53663e08d1ff (patch) | |
| tree | 54081fe5cf5494bf77f0df20780b21288ba97411 /src/backend/commands/functioncmds.c | |
| parent | 05e992e90e49aa5bca7e2b290ab736bfec97a7c1 (diff) | |
Add support for privileges on types
This adds support for the more or less SQL-conforming USAGE privilege
on types and domains. The intent is to be able restrict which users
can create dependencies on types, which restricts the way in which
owners can alter types.
reviewed by Yeb Havinga
Diffstat (limited to 'src/backend/commands/functioncmds.c')
| -rw-r--r-- | src/backend/commands/functioncmds.c | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/src/backend/commands/functioncmds.c b/src/backend/commands/functioncmds.c index 45fdfee2175..cc4ddc6006c 100644 --- a/src/backend/commands/functioncmds.c +++ b/src/backend/commands/functioncmds.c @@ -87,9 +87,11 @@ compute_return_type(TypeName *returnType, Oid languageOid, { Oid rettype; Type typtup; + AclResult aclresult; typtup = LookupTypeName(NULL, returnType, NULL); + if (typtup) { if (!((Form_pg_type) GETSTRUCT(typtup))->typisdefined) @@ -150,6 +152,11 @@ compute_return_type(TypeName *returnType, Oid languageOid, Assert(OidIsValid(rettype)); } + aclresult = pg_type_aclcheck(rettype, GetUserId(), ACL_USAGE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, ACL_KIND_TYPE, + format_type_be(rettype)); + *prorettype_p = rettype; *returnsSet_p = returnType->setof; } @@ -207,6 +214,7 @@ examine_parameter_list(List *parameters, Oid languageOid, bool isinput = false; Oid toid; Type typtup; + AclResult aclresult; typtup = LookupTypeName(NULL, t, NULL); if (typtup) @@ -237,6 +245,11 @@ examine_parameter_list(List *parameters, Oid languageOid, toid = InvalidOid; /* keep compiler quiet */ } + aclresult = pg_type_aclcheck(toid, GetUserId(), ACL_USAGE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, ACL_KIND_TYPE, + format_type_be(toid)); + if (t->setof) ereport(ERROR, (errcode(ERRCODE_INVALID_FUNCTION_DEFINITION), @@ -1429,6 +1442,7 @@ CreateCast(CreateCastStmt *stmt) bool nulls[Natts_pg_cast]; ObjectAddress myself, referenced; + AclResult aclresult; sourcetypeid = typenameTypeId(NULL, stmt->sourcetype); targettypeid = typenameTypeId(NULL, stmt->targettype); @@ -1457,6 +1471,16 @@ CreateCast(CreateCastStmt *stmt) format_type_be(sourcetypeid), format_type_be(targettypeid)))); + aclresult = pg_type_aclcheck(sourcetypeid, GetUserId(), ACL_USAGE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, ACL_KIND_TYPE, + format_type_be(sourcetypeid)); + + aclresult = pg_type_aclcheck(targettypeid, GetUserId(), ACL_USAGE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, ACL_KIND_TYPE, + format_type_be(targettypeid)); + /* Detemine the cast method */ if (stmt->func != NULL) castmethod = COERCION_METHOD_FUNCTION; |