[PATCHES] Extending grant insert on tables to sequences

Thu, 22 May 2008 11:18:39 -0700 

Hi,

The idea of this patch is to avoid the need to make explicit grants on
sequences owned by tables.

This patch make:
- GRANT INSERT ON TABLE  extend to GRANT USAGE ON SEQUENCE    (currval, nextval)
- GRANT UPDATE ON TABLE extend to GRANT UPDATE ON SEQUENCE (nextval, setval)
- GRANT SELECT ON TABLE extend to GRANT SELECT ON SEQUENCE  (currval)

comments?

-- 
regards,
Jaime Casanova
Soporte y capacitaciĆ³n de PostgreSQL
Guayaquil - Ecuador
Cel. (593) 087171157

? config.log
? config.status
Index: src/backend/catalog/aclchk.c
===================================================================
RCS file: /projects/cvsroot/pgsql/src/backend/catalog/aclchk.c,v
retrieving revision 1.146
diff -c -r1.146 aclchk.c
*** src/backend/catalog/aclchk.c        12 May 2008 00:00:46 -0000      1.146
--- src/backend/catalog/aclchk.c        22 May 2008 18:13:18 -0000
***************
*** 360,365 ****
--- 360,402 ----
        }
  
        ExecGrantStmt_oids(&istmt);
+ 
+       /*
+        * If the objtype is a relation and the privileges includes INSERT, 
UPDATE 
+      * or SELECT then extends the GRANT/REVOKE to the sequences owned by the 
+      * relation
+        */
+       if (istmt.objtype == ACL_OBJECT_RELATION) && 
+               (istmt.privileges & (ACL_INSERT | ACL_UPDATE | ACL_SELECT)) 
+       {
+               AclMode priv; 
+               foreach(cell, istmt.objects)
+               {
+                       InternalGrant istmt_seq;
+ 
+                       istmt_seq.is_grant = istmt.is_grant;
+                       istmt_seq.objtype = ACL_OBJECT_SEQUENCE;
+                       istmt_seq.grantees = istmt.grantees;
+                       istmt_seq.grant_option = istmt.grant_option;
+                       istmt_seq.behavior = istmt.behavior;
+ 
+                       istmt_seq.all_privs = false;
+                       istmt_seq.privileges = ACL_NO_RIGHTS;
+ 
+                       istmt_seq.objects = getOwnedSequences(lfirst_oid(cell));
+                       if (istmt_seq.objects != NIL)
+                       {
+                               if (istmt.privileges & (ACL_INSERT)) 
+                                       istmt_seq.privileges |= ACL_USAGE;
+                               else if (istmt.privileges & (ACL_UPDATE)) 
+                                       istmt_seq.privileges |= ACL_UPDATE;
+                               else if (istmt.privileges & (ACL_SELECT)) 
+                                       istmt_seq.privileges |= ACL_SELECT;
+ 
+                               ExecGrantStmt_oids(&istmt_seq);
+                       }
+               }
+       } 
  }
  
  /*

-- 
Sent via pgsql-patches mailing list (pgsql-patches@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-patches

Reply via email to