HAWQ-1076. Fixed privileg check for sequence function in column DEFAULT statement
Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-hawq/commit/8928e88e Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq/tree/8928e88e Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq/diff/8928e88e Branch: refs/heads/master Commit: 8928e88ea8426950bbfda3c4b6c75b70599704cb Parents: 8837934 Author: Ming LI <[email protected]> Authored: Mon Sep 26 14:58:23 2016 +0800 Committer: Ming LI <[email protected]> Committed: Sat Oct 8 10:19:18 2016 +0800 ---------------------------------------------------------------------- src/backend/cdb/cdbquerycontextdispatching.c | 12 +++++++++--- src/backend/utils/cache/relcache.c | 2 +- 2 files changed, 10 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8928e88e/src/backend/cdb/cdbquerycontextdispatching.c ---------------------------------------------------------------------- diff --git a/src/backend/cdb/cdbquerycontextdispatching.c b/src/backend/cdb/cdbquerycontextdispatching.c index efc6079..88d4f44 100644 --- a/src/backend/cdb/cdbquerycontextdispatching.c +++ b/src/backend/cdb/cdbquerycontextdispatching.c @@ -1499,8 +1499,10 @@ prepareDispatchedCatalogSingleRelation(QueryContextInfo *cxt, Oid relid, prepareDispatchedCatalogAttribute(cxt, relid); /* collect pg_attrdef info */ - prepareDispatchedCatalogAttributeDefault(cxt, relid); - + /* Only INSERT statement will use column default value*/ + if(forInsert){ + prepareDispatchedCatalogAttributeDefault(cxt, relid); + } /* collect pg_attribute_encoding info */ prepareDispatchedCatalogAttributeEncoding(cxt, relid); @@ -1854,9 +1856,13 @@ static bool collect_func_walker(Node *node, QueryContextInfo *context) if (IsA(node, FuncExpr)) { FuncExpr *func = (FuncExpr *) node; + AclMode needAcl = ACL_NO_RIGHTS; switch (func->funcid) { + case SETVAL_FUNC_OID: + needAcl = ACL_UPDATE; case NEXTVAL_FUNC_OID: + needAcl |= ACL_USAGE; { Const *arg; Oid seqoid; @@ -1872,7 +1878,7 @@ static bool collect_func_walker(Node *node, QueryContextInfo *context) * aclchecks on segments defeats the purpose. Do the aclchecks * on the master, prior to dispatch */ - if (pg_class_aclcheck(seqoid, GetUserId(), ACL_UPDATE) != ACLCHECK_OK) + if (pg_class_aclcheck(seqoid, GetUserId(), needAcl) != ACLCHECK_OK) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), errmsg("permission denied for sequence %s", http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8928e88e/src/backend/utils/cache/relcache.c ---------------------------------------------------------------------- diff --git a/src/backend/utils/cache/relcache.c b/src/backend/utils/cache/relcache.c index 1a41090..95865fc 100644 --- a/src/backend/utils/cache/relcache.c +++ b/src/backend/utils/cache/relcache.c @@ -3265,7 +3265,7 @@ AttrDefaultFetch(Relation relation) caql_endscan(pcqCtx); heap_close(adrel, AccessShareLock); - if (found != ndef) + if (found != ndef && AmIMaster()) elog(WARNING, "%d attrdef record(s) missing for rel %s", ndef - found, RelationGetRelationName(relation)); }
