diff options
| author | Peter Eisentraut <peter_e@gmx.net> | 2002-02-18 23:11:58 +0000 |
|---|---|---|
| committer | Peter Eisentraut <peter_e@gmx.net> | 2002-02-18 23:11:58 +0000 |
| commit | 8adf56f77aa0cc8cf4af7a19f0d235fc56fbabc7 (patch) | |
| tree | cab3054a1a1fba1fe1722bb75a1fc3c06eda964d /src/test | |
| parent | 5e035031265aef8608fd32a31897240a3aff3d8d (diff) | |
Privileges on functions and procedural languages
Diffstat (limited to 'src/test')
| -rw-r--r-- | src/test/regress/expected/privileges.out | 45 | ||||
| -rw-r--r-- | src/test/regress/sql/privileges.sql | 38 |
2 files changed, 81 insertions, 2 deletions
diff --git a/src/test/regress/expected/privileges.out b/src/test/regress/expected/privileges.out index 4ada312755b..82021b7941a 100644 --- a/src/test/regress/expected/privileges.out +++ b/src/test/regress/expected/privileges.out @@ -188,6 +188,49 @@ SELECT * FROM atestv3; -- ok -----+-----+------- (0 rows) +-- privileges on functions, languages +-- switch to superuser +\c - +REVOKE ALL PRIVILEGES ON LANGUAGE sql FROM PUBLIC; +GRANT USAGE ON LANGUAGE sql TO regressuser1; -- ok +GRANT USAGE ON LANGUAGE c TO PUBLIC; -- fail +ERROR: language "c" is not trusted +SET SESSION AUTHORIZATION regressuser1; +GRANT USAGE ON LANGUAGE sql TO regressuser2; -- fail +ERROR: permission denied +CREATE FUNCTION testfunc1(int) RETURNS int AS 'select 2 * $1;' LANGUAGE sql; +CREATE FUNCTION testfunc2(int) RETURNS int AS 'select 3 * $1;' LANGUAGE sql; +GRANT EXECUTE ON FUNCTION testfunc1(int), testfunc2(int) TO regressuser2; +GRANT USAGE ON FUNCTION testfunc1(int) TO regressuser3; -- semantic error +ERROR: invalid privilege type USAGE for function object +GRANT ALL PRIVILEGES ON FUNCTION testfunc1(int) TO regressuser4; +GRANT ALL PRIVILEGES ON FUNCTION testfunc_nosuch(int) TO regressuser4; +ERROR: Function 'testfunc_nosuch(int4)' does not exist +SET SESSION AUTHORIZATION regressuser2; +SELECT testfunc1(5), testfunc2(5); -- ok + testfunc1 | testfunc2 +-----------+----------- + 10 | 15 +(1 row) + +CREATE FUNCTION testfunc3(int) RETURNS int AS 'select 2 * $1;' LANGUAGE sql; -- fail +ERROR: permission denied +SET SESSION AUTHORIZATION regressuser3; +SELECT testfunc1(5); -- fail +ERROR: permission denied +SET SESSION AUTHORIZATION regressuser4; +SELECT testfunc1(5); -- ok + testfunc1 +----------- + 10 +(1 row) + +DROP FUNCTION testfunc1(int); -- fail +ERROR: RemoveFunction: function 'testfunc1': permission denied +\c - +DROP FUNCTION testfunc1(int); -- ok +-- restore to sanity +GRANT ALL PRIVILEGES ON LANGUAGE sql TO PUBLIC; -- has_table_privilege function -- bad-input checks select has_table_privilege(NULL,'pg_shadow','select'); @@ -207,7 +250,7 @@ ERROR: pg_aclcheck: invalid user id 4293967297 select has_table_privilege(1,'rule'); ERROR: has_table_privilege: invalid relation oid 1 -- superuser -\c regression +\c - select has_table_privilege(current_user,'pg_shadow','select'); has_table_privilege --------------------- diff --git a/src/test/regress/sql/privileges.sql b/src/test/regress/sql/privileges.sql index 95e7b604d3b..61e9e31f36c 100644 --- a/src/test/regress/sql/privileges.sql +++ b/src/test/regress/sql/privileges.sql @@ -126,6 +126,42 @@ SELECT * FROM atestv1; -- ok SELECT * FROM atestv3; -- ok +-- privileges on functions, languages + +-- switch to superuser +\c - +REVOKE ALL PRIVILEGES ON LANGUAGE sql FROM PUBLIC; +GRANT USAGE ON LANGUAGE sql TO regressuser1; -- ok +GRANT USAGE ON LANGUAGE c TO PUBLIC; -- fail + +SET SESSION AUTHORIZATION regressuser1; +GRANT USAGE ON LANGUAGE sql TO regressuser2; -- fail +CREATE FUNCTION testfunc1(int) RETURNS int AS 'select 2 * $1;' LANGUAGE sql; +CREATE FUNCTION testfunc2(int) RETURNS int AS 'select 3 * $1;' LANGUAGE sql; + +GRANT EXECUTE ON FUNCTION testfunc1(int), testfunc2(int) TO regressuser2; +GRANT USAGE ON FUNCTION testfunc1(int) TO regressuser3; -- semantic error +GRANT ALL PRIVILEGES ON FUNCTION testfunc1(int) TO regressuser4; +GRANT ALL PRIVILEGES ON FUNCTION testfunc_nosuch(int) TO regressuser4; + +SET SESSION AUTHORIZATION regressuser2; +SELECT testfunc1(5), testfunc2(5); -- ok +CREATE FUNCTION testfunc3(int) RETURNS int AS 'select 2 * $1;' LANGUAGE sql; -- fail + +SET SESSION AUTHORIZATION regressuser3; +SELECT testfunc1(5); -- fail + +SET SESSION AUTHORIZATION regressuser4; +SELECT testfunc1(5); -- ok + +DROP FUNCTION testfunc1(int); -- fail + +\c - +DROP FUNCTION testfunc1(int); -- ok +-- restore to sanity +GRANT ALL PRIVILEGES ON LANGUAGE sql TO PUBLIC; + + -- has_table_privilege function -- bad-input checks @@ -137,7 +173,7 @@ select has_table_privilege(-999999,'pg_shadow','update'); select has_table_privilege(1,'rule'); -- superuser -\c regression +\c - select has_table_privilege(current_user,'pg_shadow','select'); select has_table_privilege(current_user,'pg_shadow','insert'); |