From 39c46c5f28b2e46f2b8ce7fe5fac3fa66f1f0abf Mon Sep 17 00:00:00 2001 From: Stephen Frost Date: Thu, 29 Jan 2015 21:59:51 -0500 Subject: [PATCH] Fix BuildIndexValueDescription for expressions In 804b6b6db4dcfc590a468e7be390738f9f7755fb we modified BuildIndexValueDescription to pay attention to which columns are visible to the user, but unfortunatley that commit neglected to consider indexes which are built on expressions. Handle error-reporting of violations of constraint indexes based on expressions by not returning any detail when the user does not have table-level SELECT rights. Backpatch to 9.0, as the prior commit was. Pointed out by Tom. --- src/backend/access/index/genam.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/backend/access/index/genam.c b/src/backend/access/index/genam.c index d18d465bff4..2c7a1d11929 100644 --- a/src/backend/access/index/genam.c +++ b/src/backend/access/index/genam.c @@ -209,10 +209,15 @@ BuildIndexValueDescription(Relation indexRelation, { AttrNumber attnum = idxrec->indkey.values[keyno]; - aclresult = pg_attribute_aclcheck(indrelid, attnum, GetUserId(), - ACL_SELECT); - - if (aclresult != ACLCHECK_OK) + /* + * Note that if attnum == InvalidAttrNumber, then this is an + * index based on an expression and we return no detail rather + * than try to figure out what column(s) the expression includes + * and if the user has SELECT rights on them. + */ + if (attnum == InvalidAttrNumber || + pg_attribute_aclcheck(indrelid, attnum, GetUserId(), + ACL_SELECT) != ACLCHECK_OK) { /* No access, so clean up and return */ ReleaseSysCache(ht_idx);