mirror of
				https://github.com/postgres/postgres.git
				synced 2025-10-25 13:17:41 +03:00 
			
		
		
		
	More cleanups for the recent large object permissions patch.
Rewrite or adjust various comments for clarity. Remove one bogus comment that doesn't reflect what the code actually does. Improve the description of the lo_compat_privileges option.
This commit is contained in:
		| @@ -8,7 +8,7 @@ | |||||||
|  * |  * | ||||||
|  * |  * | ||||||
|  * IDENTIFICATION |  * IDENTIFICATION | ||||||
|  *	  $PostgreSQL: pgsql/src/backend/catalog/aclchk.c,v 1.157 2009/12/11 03:34:55 itagaki Exp $ |  *	  $PostgreSQL: pgsql/src/backend/catalog/aclchk.c,v 1.158 2009/12/21 01:34:10 rhaas Exp $ | ||||||
|  * |  * | ||||||
|  * NOTES |  * NOTES | ||||||
|  *	  See acl.h. |  *	  See acl.h. | ||||||
| @@ -4261,9 +4261,8 @@ pg_language_ownercheck(Oid lan_oid, Oid roleid) | |||||||
| /* | /* | ||||||
|  * Ownership check for a largeobject (specified by OID) |  * Ownership check for a largeobject (specified by OID) | ||||||
|  * |  * | ||||||
|  * Note that we have no candidate to call this routine with a certain |  * This is only used for operations like ALTER LARGE OBJECT that are always | ||||||
|  * snapshot except for SnapshotNow, so we don't provide an interface |  * relative to SnapshotNow. | ||||||
|  * with _snapshot() version now. |  | ||||||
|  */ |  */ | ||||||
| bool | bool | ||||||
| pg_largeobject_ownercheck(Oid lobj_oid, Oid roleid) | pg_largeobject_ownercheck(Oid lobj_oid, Oid roleid) | ||||||
|   | |||||||
| @@ -8,7 +8,7 @@ | |||||||
|  * |  * | ||||||
|  * |  * | ||||||
|  * IDENTIFICATION |  * IDENTIFICATION | ||||||
|  *	  $PostgreSQL: pgsql/src/backend/catalog/pg_largeobject.c,v 1.34 2009/12/11 03:34:55 itagaki Exp $ |  *	  $PostgreSQL: pgsql/src/backend/catalog/pg_largeobject.c,v 1.35 2009/12/21 01:34:10 rhaas Exp $ | ||||||
|  * |  * | ||||||
|  *------------------------------------------------------------------------- |  *------------------------------------------------------------------------- | ||||||
|  */ |  */ | ||||||
| @@ -79,10 +79,8 @@ LargeObjectCreate(Oid loid) | |||||||
| } | } | ||||||
|  |  | ||||||
| /* | /* | ||||||
|  * Drop a large object having the given LO identifier. |  * Drop a large object having the given LO identifier.  Both the data pages | ||||||
|  * |  * and metadata must be dropped. | ||||||
|  * When we drop a large object, it is necessary to drop both of metadata |  | ||||||
|  * and data pages in same time. |  | ||||||
|  */ |  */ | ||||||
| void | void | ||||||
| LargeObjectDrop(Oid loid) | LargeObjectDrop(Oid loid) | ||||||
| @@ -191,13 +189,12 @@ LargeObjectAlterOwner(Oid loid, Oid newOwnerId) | |||||||
| 		if (!superuser()) | 		if (!superuser()) | ||||||
| 		{ | 		{ | ||||||
| 			/* | 			/* | ||||||
| 			 * The 'lo_compat_privileges' is not checked here, because we | 			 * lo_compat_privileges is not checked here, because ALTER | ||||||
| 			 * don't have any access control features in the 8.4.x series | 			 * LARGE OBJECT ... OWNER did not exist at all prior to | ||||||
| 			 * or earlier release. | 			 * PostgreSQL 8.5. | ||||||
| 			 * So, it is not a place we can define a compatible behavior. | 			 * | ||||||
|  | 			 * We must be the owner of the existing object. | ||||||
| 			 */ | 			 */ | ||||||
|  |  | ||||||
| 			/* Otherwise, must be owner of the existing object */ |  | ||||||
| 			if (!pg_largeobject_ownercheck(loid, GetUserId())) | 			if (!pg_largeobject_ownercheck(loid, GetUserId())) | ||||||
| 				ereport(ERROR, | 				ereport(ERROR, | ||||||
| 						(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), | 						(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), | ||||||
| @@ -251,9 +248,8 @@ LargeObjectAlterOwner(Oid loid, Oid newOwnerId) | |||||||
| /* | /* | ||||||
|  * LargeObjectExists |  * LargeObjectExists | ||||||
|  * |  * | ||||||
|  * Currently, we don't use system cache to contain metadata of |  * We don't use the system cache to for large object metadata, for fear of | ||||||
|  * large objects, because massive number of large objects can |  * using too much local memory. | ||||||
|  * consume not a small amount of process local memory. |  | ||||||
|  * |  * | ||||||
|  * Note that LargeObjectExists always scans the system catalog |  * Note that LargeObjectExists always scans the system catalog | ||||||
|  * with SnapshotNow, so it is unavailable to use to check |  * with SnapshotNow, so it is unavailable to use to check | ||||||
|   | |||||||
| @@ -7,7 +7,7 @@ | |||||||
|  * Copyright (c) 1996-2009, PostgreSQL Global Development Group |  * Copyright (c) 1996-2009, PostgreSQL Global Development Group | ||||||
|  * |  * | ||||||
|  * IDENTIFICATION |  * IDENTIFICATION | ||||||
|  *	  $PostgreSQL: pgsql/src/backend/commands/comment.c,v 1.109 2009/12/11 03:34:55 itagaki Exp $ |  *	  $PostgreSQL: pgsql/src/backend/commands/comment.c,v 1.110 2009/12/21 01:34:11 rhaas Exp $ | ||||||
|  * |  * | ||||||
|  *------------------------------------------------------------------------- |  *------------------------------------------------------------------------- | ||||||
|  */ |  */ | ||||||
| @@ -1449,7 +1449,7 @@ CommentLargeObject(List *qualname, char *comment) | |||||||
| 	 * | 	 * | ||||||
| 	 * See the comment in the inv_create() which describes | 	 * See the comment in the inv_create() which describes | ||||||
| 	 * the reason why LargeObjectRelationId is used instead | 	 * the reason why LargeObjectRelationId is used instead | ||||||
| 	 * of the LargeObjectMetadataRelationId. | 	 * of LargeObjectMetadataRelationId. | ||||||
| 	 */ | 	 */ | ||||||
| 	CreateComments(loid, LargeObjectRelationId, 0, comment); | 	CreateComments(loid, LargeObjectRelationId, 0, comment); | ||||||
| } | } | ||||||
|   | |||||||
| @@ -8,7 +8,7 @@ | |||||||
|  * |  * | ||||||
|  * |  * | ||||||
|  * IDENTIFICATION |  * IDENTIFICATION | ||||||
|  *	  $PostgreSQL: pgsql/src/backend/utils/adt/acl.c,v 1.152 2009/12/11 03:34:55 itagaki Exp $ |  *	  $PostgreSQL: pgsql/src/backend/utils/adt/acl.c,v 1.153 2009/12/21 01:34:11 rhaas Exp $ | ||||||
|  * |  * | ||||||
|  *------------------------------------------------------------------------- |  *------------------------------------------------------------------------- | ||||||
|  */ |  */ | ||||||
| @@ -765,7 +765,6 @@ acldefault(GrantObjectType objtype, Oid ownerId) | |||||||
| 			owner_default = ACL_ALL_RIGHTS_LANGUAGE; | 			owner_default = ACL_ALL_RIGHTS_LANGUAGE; | ||||||
| 			break; | 			break; | ||||||
| 		case ACL_OBJECT_LARGEOBJECT: | 		case ACL_OBJECT_LARGEOBJECT: | ||||||
| 			/* Grant SELECT,UPDATE by default, for now */ |  | ||||||
| 			world_default = ACL_NO_RIGHTS; | 			world_default = ACL_NO_RIGHTS; | ||||||
| 			owner_default = ACL_ALL_RIGHTS_LARGEOBJECT; | 			owner_default = ACL_ALL_RIGHTS_LARGEOBJECT; | ||||||
| 			break; | 			break; | ||||||
|   | |||||||
| @@ -10,7 +10,7 @@ | |||||||
|  * Written by Peter Eisentraut <peter_e@gmx.net>. |  * Written by Peter Eisentraut <peter_e@gmx.net>. | ||||||
|  * |  * | ||||||
|  * IDENTIFICATION |  * IDENTIFICATION | ||||||
|  *	  $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.528 2009/12/19 01:32:37 sriggs Exp $ |  *	  $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.529 2009/12/21 01:34:11 rhaas Exp $ | ||||||
|  * |  * | ||||||
|  *-------------------------------------------------------------------- |  *-------------------------------------------------------------------- | ||||||
|  */ |  */ | ||||||
| @@ -1243,9 +1243,9 @@ static struct config_bool ConfigureNamesBool[] = | |||||||
|  |  | ||||||
| 	{ | 	{ | ||||||
| 		{"lo_compat_privileges", PGC_SUSET, COMPAT_OPTIONS_PREVIOUS, | 		{"lo_compat_privileges", PGC_SUSET, COMPAT_OPTIONS_PREVIOUS, | ||||||
| 			gettext_noop("Enables backward compatibility in privilege checks on large objects"), | 			gettext_noop("Enables backward compatibility mode for privilege checks on large objects"), | ||||||
| 			gettext_noop("When turned on, privilege checks on large objects perform " | 			gettext_noop("Skips privilege checks when reading or modifying large objects, " | ||||||
| 						 "with backward compatibility as 8.4.x or earlier releases.") | 						 "for compatibility with PostgreSQL releases prior to 8.5.") | ||||||
| 		}, | 		}, | ||||||
| 		&lo_compat_privileges, | 		&lo_compat_privileges, | ||||||
| 		false, NULL, NULL | 		false, NULL, NULL | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user