database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-03 20:02:46 +03:00
Code Activity

Add object TRUNCATE hook

Browse Source 
All operations with acl permissions checks should have a corresponding hook
so that, for example, mandatory access control (MAC) may be enforced by an
extension. The command TRUNCATE is missing this hook, so add it. Patch by
Yuli Khodorkovskiy with some editorialization by me. Based on the discussion
not back-patched. A separate patch will exercise the hook in the sepgsql
extension.

Author: Yuli Khodorkovskiy
Reviewed-by: Joe Conway
Discussion: https://postgr.es/m/CAFL5wJcomybj1Xdw7qWmPJRpGuFukKgNrDb6uVBaCMgYS9dkaA%40mail.gmail.com
This commit is contained in:
Joe Conway
2019-11-23 10:39:20 -05:00
parent d1c866e57f
commit f7a2002e82
3 changed files with 32 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/backend/commands/tablecmds.c
View File

@ -1937,6 +1937,8 @@ truncate_check_rel(Oid relid, Form_pg_class reltuple)
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("permission denied: \"%s\" is a system catalog",
relname)));
InvokeObjectTruncateHook(relid);
}
/*