* Tom Lane ([EMAIL PROTECTED]) wrote: > Stephen Frost <[EMAIL PROTECTED]> writes: > > Attached please find a patch to change how the permissions checking > > for alter-owner is done. With roles there can be more than one > > 'owner' of an object and therefore it becomes sensible to allow > > specific cases of ownership change for non-superusers. > > Applied with minor revisions. The patch as submitted suffered a certain > amount of copy-and-paste-itis (eg, trying to use pg_type_ownercheck on > an opclass), and I really disliked using ACLCHECK_NOT_OWNER as the way > to report "you can't assign ownership to that role because you are not > a member of it". So I made a separate error message for that case.
Great, thanks! Sorry about the copy-and-paste-itis... Must have been a case I wasn't sure about. The different error message makes perfect sense. I see you also did the superuser-in-every-role change that I had included, thanks. When writing this patch it occurred to me that we nuke our member-of-role cache for one-off lookups on occation. I don't particularly like that, especially when we *know* it's a one-off lookup, so I was considering adding a function for the one-off lookup case but I couldn't come up with a way to avoid a fair bit of mostly-the-same code as the current cache-regen code, without making the cache-regen code alot slower which would negate the point. Just some thoughts. Thanks again, Stephen
signature.asc
Description: Digital signature