diff options
| author | Alvaro Herrera <alvherre@alvh.no-ip.org> | 2023-09-07 12:15:18 +0200 |
|---|---|---|
| committer | Alvaro Herrera <alvherre@alvh.no-ip.org> | 2023-09-07 12:15:18 +0200 |
| commit | ac22a9545ca906e70a819b54e76de38817c93aaf (patch) | |
| tree | b35b9daf142e921ab878a78f42b9776c7f368f10 /src/test | |
| parent | 3af7217942722369a6eb7629e0fb1cbbef889a9b (diff) | |
Move privilege check to the right place
Now that ATExecDropConstraint doesn't recurse anymore, so it's wrong to
test privileges "during recursion" there. Move the check to
dropconstraint_internal, which is the place where recursion occurs.
In passing, remove now-useless 'recursing' argument to
ATExecDropConstraint.
Discussion: https://postgr.es/m/202309051744.y4mndw5gwzhh@alvherre.pgsql
Diffstat (limited to 'src/test')
| -rw-r--r-- | src/test/regress/expected/inherit.out | 21 | ||||
| -rw-r--r-- | src/test/regress/sql/inherit.sql | 21 |
2 files changed, 42 insertions, 0 deletions
diff --git a/src/test/regress/expected/inherit.out b/src/test/regress/expected/inherit.out index 59583e1e417..08d93884d87 100644 --- a/src/test/regress/expected/inherit.out +++ b/src/test/regress/expected/inherit.out @@ -2430,6 +2430,27 @@ NOTICE: drop cascades to 2 other objects DETAIL: drop cascades to table inh_multiparent drop cascades to table inh_multiparent2 -- +-- Mixed ownership inheritance tree +-- +create role regress_alice; +create role regress_bob; +grant all on schema public to regress_alice, regress_bob; +grant regress_alice to regress_bob; +set session authorization regress_alice; +create table inh_parent (a int not null); +set session authorization regress_bob; +create table inh_child () inherits (inh_parent); +set session authorization regress_alice; +-- alice can't do this: she doesn't own inh_child +alter table inh_parent alter a drop not null; +ERROR: must be owner of table inh_child +set session authorization regress_bob; +alter table inh_parent alter a drop not null; +reset session authorization; +drop table inh_parent, inh_child; +revoke all on schema public from regress_alice, regress_bob; +drop role regress_alice, regress_bob; +-- -- Check use of temporary tables with inheritance trees -- create table inh_perm_parent (a1 int); diff --git a/src/test/regress/sql/inherit.sql b/src/test/regress/sql/inherit.sql index abe8602682c..3d57c7ee950 100644 --- a/src/test/regress/sql/inherit.sql +++ b/src/test/regress/sql/inherit.sql @@ -921,6 +921,27 @@ select conrelid::regclass, contype, conname, drop table inh_p1, inh_p2, inh_p3, inh_p4 cascade; -- +-- Mixed ownership inheritance tree +-- +create role regress_alice; +create role regress_bob; +grant all on schema public to regress_alice, regress_bob; +grant regress_alice to regress_bob; +set session authorization regress_alice; +create table inh_parent (a int not null); +set session authorization regress_bob; +create table inh_child () inherits (inh_parent); +set session authorization regress_alice; +-- alice can't do this: she doesn't own inh_child +alter table inh_parent alter a drop not null; +set session authorization regress_bob; +alter table inh_parent alter a drop not null; +reset session authorization; +drop table inh_parent, inh_child; +revoke all on schema public from regress_alice, regress_bob; +drop role regress_alice, regress_bob; + +-- -- Check use of temporary tables with inheritance trees -- create table inh_perm_parent (a1 int); |