database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-28 23:42:10 +03:00
Code Activity

Fix permission-checking bug reported by Tim Burgess 10-Feb-03 (this time

Browse Source 
for sure...).  Rather than relying on the query context of a rangetable
entry to identify what permissions it wants checked, store a full AclMode
mask in each RTE, and check exactly those bits.  This allows an RTE
specifying, say, INSERT privilege on a view to be copied into a derived
UPDATE query without changing meaning.  Per recent discussion thread.
initdb forced due to change of stored rule representation.
This commit is contained in:
Tom Lane
2004-01-14 23:01:55 +00:00
parent 01d320d421
commit cfd7fb7ed4
18 changed files with 186 additions and 186 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/backend/rewrite/rewriteDefine.c
View File

@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $PostgreSQL: pgsql/src/backend/rewrite/rewriteDefine.c,v 1.91 2003/11/29 19:51:55 pgsql Exp $
* $PostgreSQL: pgsql/src/backend/rewrite/rewriteDefine.c,v 1.92 2004/01/14 23:01:55 tgl Exp $
*
*-------------------------------------------------------------------------
*/
@ -34,7 +34,7 @@
static void setRuleCheckAsUser(Query *qry, AclId userid);
static bool setRuleCheckAsUser_walker(Node *node, Oid *context);
static bool setRuleCheckAsUser_walker(Node *node, AclId *context);
/*
@ -494,8 +494,8 @@ DefineQueryRewrite(RuleStmt *stmt)
* Note: for a view (ON SELECT rule), the checkAsUser field of the *OLD*
* RTE entry will be overridden when the view rule is expanded, and the
* checkAsUser field of the *NEW* entry is irrelevant because that entry's
* checkFor bits will never be set. However, for other types of rules it's
* important to set these fields to match the rule owner. So we just set
* requiredPerms bits will always be zero. However, for other types of rules
* it's important to set these fields to match the rule owner. So we just set
* them always.
*/
static void
@ -528,7 +528,7 @@ setRuleCheckAsUser(Query *qry, AclId userid)
* Expression-tree walker to find sublink queries
*/
static bool
setRuleCheckAsUser_walker(Node *node, Oid *context)
setRuleCheckAsUser_walker(Node *node, AclId *context)
{
if (node == NULL)
return false;