From 31c775adeb2251a9c66328cbc9016877e5e4f085 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Sat, 27 Apr 2002 03:45:03 +0000 Subject: Restructure aclcheck error reporting to make permission-failure messages more uniform and internationalizable: the global array aclcheck_error_strings[] is gone in favor of a subroutine aclcheck_error(). Partial implementation of namespace-related permission checks --- not all done yet. --- src/backend/commands/indexcmds.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) (limited to 'src/backend/commands/indexcmds.c') diff --git a/src/backend/commands/indexcmds.c b/src/backend/commands/indexcmds.c index 14889a4f0c3..df6f81cd1db 100644 --- a/src/backend/commands/indexcmds.c +++ b/src/backend/commands/indexcmds.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/commands/indexcmds.c,v 1.71 2002/04/17 20:57:56 tgl Exp $ + * $Header: /cvsroot/pgsql/src/backend/commands/indexcmds.c,v 1.72 2002/04/27 03:45:01 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -30,6 +30,7 @@ #include "parser/parsetree.h" #include "parser/parse_coerce.h" #include "parser/parse_func.h" +#include "utils/acl.h" #include "utils/builtins.h" #include "utils/lsyscache.h" #include "utils/syscache.h" @@ -73,6 +74,7 @@ DefineIndex(RangeVar *heapRelation, Oid *classObjectId; Oid accessMethodId; Oid relationId; + Oid namespaceId; Relation rel; HeapTuple tuple; Form_pg_am accessMethodForm; @@ -102,6 +104,7 @@ DefineIndex(RangeVar *heapRelation, heapRelation->relname); relationId = RelationGetRelid(rel); + namespaceId = RelationGetNamespace(rel); if (!IsBootstrapProcessingMode() && IsSystemRelation(rel) && @@ -110,6 +113,22 @@ DefineIndex(RangeVar *heapRelation, heap_close(rel, NoLock); + /* + * Verify we (still) have CREATE rights in the rel's namespace. + * (Presumably we did when the rel was created, but maybe not anymore.) + * Skip check if bootstrapping, since permissions machinery may not + * be working yet; also, always allow if it's a temp table. + */ + if (!IsBootstrapProcessingMode() && !isTempNamespace(namespaceId)) + { + AclResult aclresult; + + aclresult = pg_namespace_aclcheck(namespaceId, GetUserId(), + ACL_CREATE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, get_namespace_name(namespaceId)); + } + /* * look up the access method, verify it can handle the requested * features -- cgit v1.2.3