Adjust permissions checking for ALTER OWNER commands: instead of

requiring superuserness always, allow an owner to reassign ownership
to any role he is a member of, if that role would have the right to
create a similar object.  These three requirements essentially state
that the would-be alterer has enough privilege to DROP the existing
object and then re-CREATE it as the new role; so we might as well
let him do it in one step.  The ALTER TABLESPACE case is a bit
squirrely, but the whole concept of non-superuser tablespace owners
is pretty dubious anyway.  Stephen Frost, code review by Tom Lane.

src/backend/utils/adt/acl.c

@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/utils/adt/acl.c,v 1.118 2005/07/07 20:39:58 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/utils/adt/acl.c,v 1.119 2005/07/14 21:46:30 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -2541,6 +2541,10 @@ is_member_of_role(Oid member, Oid role)
 	if (member == role)
 		return true;
 
+	/* Superusers have every privilege, so are part of every role */
+	if (superuser_arg(member))
+		return true;
+
 	/* If cache is already valid, just use the list */
 	if (OidIsValid(cached_role) && cached_role == member)
 		return list_member_oid(cached_memberships, role);
@@ -2604,6 +2608,20 @@ is_member_of_role(Oid member, Oid role)
 	return list_member_oid(cached_memberships, role);
 }
 
+/*
+ * check_is_member_of_role
+ *		is_member_of_role with a standard permission-violation error if not
+ */
+void
+check_is_member_of_role(Oid member, Oid role)
+{
+	if (!is_member_of_role(member, role))
+		ereport(ERROR,
+				(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+				 errmsg("must be member of role \"%s\"",
+						GetUserNameFromId(role))));
+}
+
 
 /*
  * Is member an admin of role (directly or indirectly)?  That is, is it