database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-11-06 07:49:08 +03:00
Code Activity

Represent columns requiring insert and update privileges indentently.

Browse Source 
Previously, relation range table entries used a single Bitmapset field
representing which columns required either UPDATE or INSERT privileges,
despite the fact that INSERT and UPDATE privileges are separately
cataloged, and may be independently held.  As statements so far required
either insert or update privileges but never both, that was
sufficient. The required permission could be inferred from the top level
statement run.

The upcoming INSERT ... ON CONFLICT UPDATE feature needs to
independently check for both privileges in one statement though, so that
is not sufficient anymore.

Bumps catversion as stored rules change.

Author: Peter Geoghegan
Reviewed-By: Andres Freund
This commit is contained in:
Andres Freund
2015-05-08 00:20:46 +02:00
parent db5f98ab4f
commit 2c8f4836db
18 changed files with 193 additions and 125 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/include/nodes/parsenodes.h
View File

@@ -735,11 +735,12 @@ typedef struct XmlSerialize
* For SELECT/INSERT/UPDATE permissions, if the user doesn't have
* table-wide permissions then it is sufficient to have the permissions
* on all columns identified in selectedCols (for SELECT) and/or
* modifiedCols (for INSERT/UPDATE; we can tell which from the query type).
* selectedCols and modifiedCols are bitmapsets, which cannot have negative
* integer members, so we subtract FirstLowInvalidHeapAttributeNumber from
* column numbers before storing them in these fields. A whole-row Var
* reference is represented by setting the bit for InvalidAttrNumber.
* insertedCols and/or updatedCols (INSERT with ON CONFLICT UPDATE may
* have all 3). selectedCols, insertedCols and updatedCols are
* bitmapsets, which cannot have negative integer members, so we subtract
* FirstLowInvalidHeapAttributeNumber from column numbers before storing
* them in these fields. A whole-row Var reference is represented by
* setting the bit for InvalidAttrNumber.
*--------------------
*/
typedef enum RTEKind
@@ -834,7 +835,8 @@ typedef struct RangeTblEntry
AclMode requiredPerms; /* bitmask of required access permissions */
Oid checkAsUser; /* if valid, check access as this role */
Bitmapset *selectedCols; /* columns needing SELECT permission */
Bitmapset *modifiedCols; /* columns needing INSERT/UPDATE permission */
Bitmapset *insertedCols; /* columns needing INSERT permission */
Bitmapset *updatedCols; /* columns needing UPDATE permission */
List *securityQuals; /* any security barrier quals to apply */
} RangeTblEntry;