From e914a144d3aaa0a09e0aab031d7e6f58389401ce Mon Sep 17 00:00:00 2001 From: Robert Haas Date: Fri, 9 Mar 2012 15:18:45 -0500 Subject: sepgsql DROP support. KaiGai Kohei --- contrib/sepgsql/sql/create.sql | 46 ------------------------ contrib/sepgsql/sql/ddl.sql | 81 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 81 insertions(+), 46 deletions(-) delete mode 100644 contrib/sepgsql/sql/create.sql create mode 100644 contrib/sepgsql/sql/ddl.sql (limited to 'contrib/sepgsql/sql') diff --git a/contrib/sepgsql/sql/create.sql b/contrib/sepgsql/sql/create.sql deleted file mode 100644 index b0695b41a94..00000000000 --- a/contrib/sepgsql/sql/create.sql +++ /dev/null @@ -1,46 +0,0 @@ --- --- Regression Test for Creation of Object Permission Checks --- - --- confirm required permissions using audit messages --- @SECURITY-CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0 -SET sepgsql.debug_audit = true; -SET client_min_messages = LOG; - -CREATE DATABASE regtest_sepgsql_test_database; - -CREATE SCHEMA regtest_schema; - -SET search_path = regtest_schema, public; - -CREATE TABLE regtest_table (x serial primary key, y text); - -ALTER TABLE regtest_table ADD COLUMN z int; - -CREATE TABLE regtest_table_2 (a int) WITH OIDS; - --- corresponding toast table should not have label and permission checks -ALTER TABLE regtest_table_2 ADD COLUMN b text; - --- VACUUM FULL internally create a new table and swap them later. -VACUUM FULL regtest_table; - -CREATE VIEW regtest_view AS SELECT * FROM regtest_table WHERE x < 100; - -CREATE SEQUENCE regtest_seq; - -CREATE TYPE regtest_comptype AS (a int, b text); - -CREATE FUNCTION regtest_func(text,int[]) RETURNS bool LANGUAGE plpgsql - AS 'BEGIN RAISE NOTICE ''regtest_func => %'', $1; RETURN true; END'; - -CREATE AGGREGATE regtest_agg ( - sfunc1 = int4pl, basetype = int4, stype1 = int4, initcond1 = '0' -); - --- --- clean-up --- -DROP DATABASE IF EXISTS regtest_sepgsql_test_database; - -DROP SCHEMA IF EXISTS regtest_schema CASCADE; diff --git a/contrib/sepgsql/sql/ddl.sql b/contrib/sepgsql/sql/ddl.sql new file mode 100644 index 00000000000..8dd57e0eaf4 --- /dev/null +++ b/contrib/sepgsql/sql/ddl.sql @@ -0,0 +1,81 @@ +-- +-- Regression Test for DDL of Object Permission Checks +-- + +-- confirm required permissions using audit messages +-- @SECURITY-CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0 +SET sepgsql.debug_audit = true; +SET client_min_messages = LOG; + +-- +-- CREATE Permission checks +-- +CREATE DATABASE regtest_sepgsql_test_database; + +CREATE USER regtest_sepgsql_test_user; + +CREATE SCHEMA regtest_schema; + +GRANT ALL ON SCHEMA regtest_schema TO regtest_sepgsql_test_user; + +SET search_path = regtest_schema, public; + +CREATE TABLE regtest_table (x serial primary key, y text); + +ALTER TABLE regtest_table ADD COLUMN z int; + +CREATE TABLE regtest_table_2 (a int) WITH OIDS; + +-- corresponding toast table should not have label and permission checks +ALTER TABLE regtest_table_2 ADD COLUMN b text; + +-- VACUUM FULL internally create a new table and swap them later. +VACUUM FULL regtest_table; + +CREATE VIEW regtest_view AS SELECT * FROM regtest_table WHERE x < 100; + +CREATE SEQUENCE regtest_seq; + +CREATE TYPE regtest_comptype AS (a int, b text); + +CREATE FUNCTION regtest_func(text,int[]) RETURNS bool LANGUAGE plpgsql + AS 'BEGIN RAISE NOTICE ''regtest_func => %'', $1; RETURN true; END'; + +CREATE AGGREGATE regtest_agg ( + sfunc1 = int4pl, basetype = int4, stype1 = int4, initcond1 = '0' +); + +-- CREATE objects owned by others +SET SESSION AUTHORIZATION regtest_sepgsql_test_user; + +SET search_path = regtest_schema, public; + +CREATE TABLE regtest_table_3 (x int, y serial); + +CREATE VIEW regtest_view_2 AS SELECT * FROM regtest_table_3 WHERE x < y; + +CREATE FUNCTION regtest_func_2(int) RETURNS bool LANGUAGE plpgsql + AS 'BEGIN RETURN $1 * $1 < 100; END'; + +RESET SESSION AUTHORIZATION; + +-- +-- DROP Permission checks (with clean-up) +-- + +DROP FUNCTION regtest_func(text,int[]); +DROP AGGREGATE regtest_agg(int); + +DROP SEQUENCE regtest_seq; +DROP VIEW regtest_view; + +ALTER TABLE regtest_table DROP COLUMN y; +ALTER TABLE regtest_table_2 SET WITHOUT OIDS; + +DROP TABLE regtest_table; + +DROP OWNED BY regtest_sepgsql_test_user; + +DROP DATABASE regtest_sepgsql_test_database; +DROP USER regtest_sepgsql_test_user; +DROP SCHEMA IF EXISTS regtest_schema CASCADE; -- cgit v1.2.3