database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-06-23 14:01:44 +03:00
Code Activity

Restructure aclcheck error reporting to make permission-failure

Browse Source 
messages more uniform and internationalizable: the global array
aclcheck_error_strings[] is gone in favor of a subroutine
aclcheck_error().  Partial implementation of namespace-related
permission checks --- not all done yet.
This commit is contained in:
Tom Lane
2002-04-27 03:45:03 +00:00
parent aafe72efb2
commit 31c775adeb
26 changed files with 354 additions and 228 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/backend/commands/indexcmds.c
View File

@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/commands/indexcmds.c,v 1.71 2002/04/17 20:57:56 tgl Exp $
* $Header: /cvsroot/pgsql/src/backend/commands/indexcmds.c,v 1.72 2002/04/27 03:45:01 tgl Exp $
*
*-------------------------------------------------------------------------
*/
@ -30,6 +30,7 @@
#include "parser/parsetree.h"
#include "parser/parse_coerce.h"
#include "parser/parse_func.h"
#include "utils/acl.h"
#include "utils/builtins.h"
#include "utils/lsyscache.h"
#include "utils/syscache.h"
@ -73,6 +74,7 @@ DefineIndex(RangeVar *heapRelation,
Oid *classObjectId;
Oid accessMethodId;
Oid relationId;
Oid namespaceId;
Relation rel;
HeapTuple tuple;
Form_pg_am accessMethodForm;
@ -102,6 +104,7 @@ DefineIndex(RangeVar *heapRelation,
heapRelation->relname);
relationId = RelationGetRelid(rel);
namespaceId = RelationGetNamespace(rel);
if (!IsBootstrapProcessingMode() &&
IsSystemRelation(rel) &&
@ -110,6 +113,22 @@ DefineIndex(RangeVar *heapRelation,
heap_close(rel, NoLock);
/*
* Verify we (still) have CREATE rights in the rel's namespace.
* (Presumably we did when the rel was created, but maybe not anymore.)
* Skip check if bootstrapping, since permissions machinery may not
* be working yet; also, always allow if it's a temp table.
*/
if (!IsBootstrapProcessingMode() && !isTempNamespace(namespaceId))
{
AclResult aclresult;
aclresult = pg_namespace_aclcheck(namespaceId, GetUserId(),
ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, get_namespace_name(namespaceId));
}
/*
* look up the access method, verify it can handle the requested
* features