mirror of
https://github.com/postgres/postgres.git
synced 2025-11-29 23:43:17 +03:00
Support column-level privileges, as required by SQL standard.
Stephen Frost, with help from KaiGai Kohei and others
This commit is contained in:
Tom Lane
@@ -8,7 +8,7 @@
|
||||
*
|
||||
*
|
||||
* IDENTIFICATION
|
||||
* $PostgreSQL: pgsql/src/backend/utils/adt/acl.c,v 1.145 2009/01/01 17:23:48 momjian Exp $
|
||||
* $PostgreSQL: pgsql/src/backend/utils/adt/acl.c,v 1.146 2009/01/22 20:16:06 tgl Exp $
|
||||
*
|
||||
*-------------------------------------------------------------------------
|
||||
*/
|
||||
@@ -366,6 +366,47 @@ allocacl(int n)
|
||||
return new_acl;
|
||||
}
|
||||
|
||||
/*
|
||||
* Copy an ACL
|
||||
*/
|
||||
Acl *
|
||||
aclcopy(const Acl *orig_acl)
|
||||
{
|
||||
Acl *result_acl;
|
||||
|
||||
result_acl = allocacl(ACL_NUM(orig_acl));
|
||||
|
||||
memcpy(ACL_DAT(result_acl),
|
||||
ACL_DAT(orig_acl),
|
||||
ACL_NUM(orig_acl) * sizeof(AclItem));
|
||||
|
||||
return result_acl;
|
||||
}
|
||||
|
||||
/*
|
||||
* Concatenate two ACLs
|
||||
*
|
||||
* This is a bit cheesy, since we may produce an ACL with redundant entries.
|
||||
* Be careful what the result is used for!
|
||||
*/
|
||||
Acl *
|
||||
aclconcat(const Acl *left_acl, const Acl *right_acl)
|
||||
{
|
||||
Acl *result_acl;
|
||||
|
||||
result_acl = allocacl(ACL_NUM(left_acl) + ACL_NUM(right_acl));
|
||||
|
||||
memcpy(ACL_DAT(result_acl),
|
||||
ACL_DAT(left_acl),
|
||||
ACL_NUM(left_acl) * sizeof(AclItem));
|
||||
|
||||
memcpy(ACL_DAT(result_acl) + ACL_NUM(left_acl),
|
||||
ACL_DAT(right_acl),
|
||||
ACL_NUM(right_acl) * sizeof(AclItem));
|
||||
|
||||
return result_acl;
|
||||
}
|
||||
|
||||
/*
|
||||
* Verify that an ACL array is acceptable (one-dimensional and has no nulls)
|
||||
*/
|
||||
@@ -542,11 +583,17 @@ acldefault(GrantObjectType objtype, Oid ownerId)
|
||||
{
|
||||
AclMode world_default;
|
||||
AclMode owner_default;
|
||||
int nacl;
|
||||
Acl *acl;
|
||||
AclItem *aip;
|
||||
|
||||
switch (objtype)
|
||||
{
|
||||
case ACL_OBJECT_COLUMN:
|
||||
/* by default, columns have no extra privileges */
|
||||
world_default = ACL_NO_RIGHTS;
|
||||
owner_default = ACL_NO_RIGHTS;
|
||||
break;
|
||||
case ACL_OBJECT_RELATION:
|
||||
world_default = ACL_NO_RIGHTS;
|
||||
owner_default = ACL_ALL_RIGHTS_RELATION;
|
||||
@@ -593,7 +640,13 @@ acldefault(GrantObjectType objtype, Oid ownerId)
|
||||
break;
|
||||
}
|
||||
|
||||
acl = allocacl((world_default != ACL_NO_RIGHTS) ? 2 : 1);
|
||||
nacl = 0;
|
||||
if (world_default != ACL_NO_RIGHTS)
|
||||
nacl++;
|
||||
if (owner_default != ACL_NO_RIGHTS)
|
||||
nacl++;
|
||||
|
||||
acl = allocacl(nacl);
|
||||
aip = ACL_DAT(acl);
|
||||
|
||||
if (world_default != ACL_NO_RIGHTS)
|
||||
@@ -614,9 +667,12 @@ acldefault(GrantObjectType objtype, Oid ownerId)
|
||||
* "_SYSTEM"-like ACL entry, by internally special-casing the owner
|
||||
* whereever we are testing grant options.
|
||||
*/
|
||||
aip->ai_grantee = ownerId;
|
||||
aip->ai_grantor = ownerId;
|
||||
ACLITEM_SET_PRIVS_GOPTIONS(*aip, owner_default, ACL_NO_RIGHTS);
|
||||
if (owner_default != ACL_NO_RIGHTS)
|
||||
{
|
||||
aip->ai_grantee = ownerId;
|
||||
aip->ai_grantor = ownerId;
|
||||
ACLITEM_SET_PRIVS_GOPTIONS(*aip, owner_default, ACL_NO_RIGHTS);
|
||||
}
|
||||
|
||||
return acl;
|
||||
}
|
||||
|
||||
12
src/backend/utils/cache/relcache.c
vendored
12
src/backend/utils/cache/relcache.c
vendored
@@ -8,7 +8,7 @@
|
||||
*
|
||||
*
|
||||
* IDENTIFICATION
|
||||
* $PostgreSQL: pgsql/src/backend/utils/cache/relcache.c,v 1.281 2009/01/22 17:27:54 petere Exp $
|
||||
* $PostgreSQL: pgsql/src/backend/utils/cache/relcache.c,v 1.282 2009/01/22 20:16:06 tgl Exp $
|
||||
*
|
||||
*-------------------------------------------------------------------------
|
||||
*/
|
||||
@@ -480,7 +480,7 @@ RelationBuildTupleDesc(Relation relation)
|
||||
|
||||
memcpy(relation->rd_att->attrs[attp->attnum - 1],
|
||||
attp,
|
||||
ATTRIBUTE_TUPLE_SIZE);
|
||||
ATTRIBUTE_FIXED_PART_SIZE);
|
||||
|
||||
/* Update constraint/default info */
|
||||
if (attp->attnotnull)
|
||||
@@ -1449,7 +1449,7 @@ formrdesc(const char *relationName, Oid relationReltype,
|
||||
{
|
||||
memcpy(relation->rd_att->attrs[i],
|
||||
&att[i],
|
||||
ATTRIBUTE_TUPLE_SIZE);
|
||||
ATTRIBUTE_FIXED_PART_SIZE);
|
||||
has_not_null |= att[i].attnotnull;
|
||||
/* make sure attcacheoff is valid */
|
||||
relation->rd_att->attrs[i]->attcacheoff = -1;
|
||||
@@ -2714,7 +2714,7 @@ BuildHardcodedDescriptor(int natts, Form_pg_attribute attrs, bool hasoids)
|
||||
|
||||
for (i = 0; i < natts; i++)
|
||||
{
|
||||
memcpy(result->attrs[i], &attrs[i], ATTRIBUTE_TUPLE_SIZE);
|
||||
memcpy(result->attrs[i], &attrs[i], ATTRIBUTE_FIXED_PART_SIZE);
|
||||
/* make sure attcacheoff is valid */
|
||||
result->attrs[i]->attcacheoff = -1;
|
||||
}
|
||||
@@ -3441,7 +3441,7 @@ load_relcache_init_file(void)
|
||||
{
|
||||
if ((nread = fread(&len, 1, sizeof(len), fp)) != sizeof(len))
|
||||
goto read_failed;
|
||||
if (len != ATTRIBUTE_TUPLE_SIZE)
|
||||
if (len != ATTRIBUTE_FIXED_PART_SIZE)
|
||||
goto read_failed;
|
||||
if ((nread = fread(rel->rd_att->attrs[i], 1, len, fp)) != len)
|
||||
goto read_failed;
|
||||
@@ -3751,7 +3751,7 @@ write_relcache_init_file(void)
|
||||
/* next, do all the attribute tuple form data entries */
|
||||
for (i = 0; i < relform->relnatts; i++)
|
||||
{
|
||||
write_item(rel->rd_att->attrs[i], ATTRIBUTE_TUPLE_SIZE, fp);
|
||||
write_item(rel->rd_att->attrs[i], ATTRIBUTE_FIXED_PART_SIZE, fp);
|
||||
}
|
||||
|
||||
/* next, do the access method specific field */
|
||||
|
||||
Reference in New Issue
Block a user