On 02/20/18 14:55, Roman Simakov wrote:
Hello!
I fixed several bugs related to GRANT operator and investigated a
couple of issues I'd like to discuss:
1) Replace RDB$TRIGGER_9 (trigger1 in trig.h) by code in DdlNodes.epp
with the same functions. I already did it in CORE-5747 to check grant
option.
Good way to go.
We can do it since we remove direct modifying system tables. It's more
obvious place and we can use at least assert to check that all object
types are verifyied. That could avoid errors like CORE-5747 in future.
BLR of trigger is hard for support IMO.
Also note I'm checking GRANT OPTION of roles which current user use.
Now he can have several such roles. RDB$TRIGGER_9 do not check them I
think.
2) We have no check of existance a subjects of privileges. I.e.
SQL> create table t(i integer);
SQL> grant select on t to wrong_func;
SQL> show function wrong_func;
There is no user-defined function WRONG_FUNC in this database
I tend to consider it as a bug to be fixed. Am I right?
Definitely yes.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
