From 56c9b73c1d426c79a604df6d6f36293dd9f18754 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Thu, 21 Mar 2002 23:27:25 +0000 Subject: Change the aclchk.c routines to uniformly use OIDs to identify the objects to be privilege-checked. Some change in their APIs would be necessary no matter what in the schema environment, and simply getting rid of the name-based interface entirely seems like the best way. --- src/backend/rewrite/rewriteDefine.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) (limited to 'src/backend/rewrite/rewriteDefine.c') diff --git a/src/backend/rewrite/rewriteDefine.c b/src/backend/rewrite/rewriteDefine.c index 0b47aa9c924..7e9f0fcfbb3 100644 --- a/src/backend/rewrite/rewriteDefine.c +++ b/src/backend/rewrite/rewriteDefine.c @@ -8,11 +8,10 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/rewrite/rewriteDefine.c,v 1.64 2002/03/21 16:01:16 tgl Exp $ + * $Header: /cvsroot/pgsql/src/backend/rewrite/rewriteDefine.c,v 1.65 2002/03/21 23:27:23 tgl Exp $ * *------------------------------------------------------------------------- */ - #include "postgres.h" #include "access/heapam.h" @@ -27,6 +26,7 @@ #include "rewrite/rewriteManip.h" #include "rewrite/rewriteSupport.h" #include "storage/smgr.h" +#include "utils/acl.h" #include "utils/builtins.h" #include "utils/syscache.h" @@ -127,6 +127,7 @@ DefineQueryRewrite(RuleStmt *stmt) *event_qualP; List *l; Query *query; + int32 aclcheck_result; bool RelisBecomingView = false; /* @@ -140,6 +141,15 @@ DefineQueryRewrite(RuleStmt *stmt) event_relation = heap_openr(event_obj->relname, AccessExclusiveLock); ev_relid = RelationGetRelid(event_relation); + /* + * Check user has permission to apply rules to this relation. + */ + aclcheck_result = pg_class_aclcheck(ev_relid, GetUserId(), ACL_RULE); + if (aclcheck_result != ACLCHECK_OK) + elog(ERROR, "%s: %s", + RelationGetRelationName(event_relation), + aclcheck_error_strings[aclcheck_result]); + /* * No rule actions that modify OLD or NEW */ -- cgit v1.2.3