Re: [HACKERS] [PATCH] Implement (and document, and test) has_sequence_privilege()
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Joe Conway wrote: If there are no objections, I'll commit in a day or two. Attached version committed. Only difference from the last is catversion. Joe -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iQIcBAEBCAAGBQJKd1MXAAoJEDfy90M199hlz6IP/RvNrU3CQ0wUvipvR3sJi3wV Bis3TqPiSzGlKHDkV67Mh+sR0oQLJ2UG5yEgmSPM8yus+zd6rRzSIpS1Z+npE1sg CKJtYTzDjVby9szhKk9znn37dY/dyIOzW7S9AXCjwF1bM+60Pyavue3J8br3TnU7 yCCVH1wow4D7Pg0pO/kKEiOLAO+Qx9NUA5AGdUh47c0NLvz7XbmhkrG2Kt1KKrha 2qVgKUEqsi8Q6vahx5qczCM6TuYx33WFfwCLWT0HB0igtfuEp5Pp8D0C/5sRNer/ J10JqdWp/XPEv69rLkLNkdHns0pA+J0uPJLZkEcwi38a7YThwSzraDSw73gslcRX UdAlSe06tOuxUky4IlHNFZZnzaAaXwGNjJARmjKK+PtMozatfO0lUKU5QCeQhRx1 QgtlDC4MQuFcVsdDy5jFWLviP0PiMtiWtkKhAp9e0FZa5CHQQby5AuTKNHSfS3To XhE+abZfbwFTQFrGFGKJnNWPepbLnl1gm2sm6id175m/8FKXNQo++jr0SasqkEzA d52C6/WI7Ll6Zlo9smnc3ogt9ggnQ866AOdy1SXpkEDjFdGDsMxgxjI8rObNxYEL ew9VAgFI5lwnABKlRv7y2xIMxOEgdO6gduURJhQ2U20yhq1W8QlsjE+IE7UYURBL VXj6LlvceXdDFF2uUjMz =gAqc -END PGP SIGNATURE- ? GNUmakefile ? config.log ? config.status ? src/Makefile.global ? src/backend/bootstrap/bootstrap_tokens.h ? src/backend/parser/parse.h ? src/backend/snowball/libdict_snowball.so.0.0 ? src/backend/utils/mb/conversion_procs/ascii_and_mic/libascii_and_mic.so.0.0 ? src/backend/utils/mb/conversion_procs/cyrillic_and_mic/libcyrillic_and_mic.so.0.0 ? src/backend/utils/mb/conversion_procs/euc_cn_and_mic/libeuc_cn_and_mic.so.0.0 ? src/backend/utils/mb/conversion_procs/euc_jis_2004_and_shift_jis_2004/libeuc_jis_2004_and_shift_jis_2004.so.0.0 ? src/backend/utils/mb/conversion_procs/euc_jp_and_sjis/libeuc_jp_and_sjis.so.0.0 ? src/backend/utils/mb/conversion_procs/euc_kr_and_mic/libeuc_kr_and_mic.so.0.0 ? src/backend/utils/mb/conversion_procs/euc_tw_and_big5/libeuc_tw_and_big5.so.0.0 ? src/backend/utils/mb/conversion_procs/latin2_and_win1250/liblatin2_and_win1250.so.0.0 ? src/backend/utils/mb/conversion_procs/latin_and_mic/liblatin_and_mic.so.0.0 ? src/backend/utils/mb/conversion_procs/utf8_and_ascii/libutf8_and_ascii.so.0.0 ? src/backend/utils/mb/conversion_procs/utf8_and_big5/libutf8_and_big5.so.0.0 ? src/backend/utils/mb/conversion_procs/utf8_and_cyrillic/libutf8_and_cyrillic.so.0.0 ? src/backend/utils/mb/conversion_procs/utf8_and_euc_cn/libutf8_and_euc_cn.so.0.0 ? src/backend/utils/mb/conversion_procs/utf8_and_euc_jis_2004/libutf8_and_euc_jis_2004.so.0.0 ? src/backend/utils/mb/conversion_procs/utf8_and_euc_jp/libutf8_and_euc_jp.so.0.0 ? src/backend/utils/mb/conversion_procs/utf8_and_euc_kr/libutf8_and_euc_kr.so.0.0 ? src/backend/utils/mb/conversion_procs/utf8_and_euc_tw/libutf8_and_euc_tw.so.0.0 ? src/backend/utils/mb/conversion_procs/utf8_and_gb18030/libutf8_and_gb18030.so.0.0 ? src/backend/utils/mb/conversion_procs/utf8_and_gbk/libutf8_and_gbk.so.0.0 ? src/backend/utils/mb/conversion_procs/utf8_and_iso8859/libutf8_and_iso8859.so.0.0 ? src/backend/utils/mb/conversion_procs/utf8_and_iso8859_1/libutf8_and_iso8859_1.so.0.0 ? src/backend/utils/mb/conversion_procs/utf8_and_johab/libutf8_and_johab.so.0.0 ? src/backend/utils/mb/conversion_procs/utf8_and_shift_jis_2004/libutf8_and_shift_jis_2004.so.0.0 ? src/backend/utils/mb/conversion_procs/utf8_and_sjis/libutf8_and_sjis.so.0.0 ? src/backend/utils/mb/conversion_procs/utf8_and_uhc/libutf8_and_uhc.so.0.0 ? src/backend/utils/mb/conversion_procs/utf8_and_win/libutf8_and_win.so.0.0 ? src/bin/ipcclean/ipcclean ? src/include/pg_config.h ? src/include/stamp-h ? src/interfaces/ecpg/compatlib/libecpg_compat.so.2.3 ? src/interfaces/ecpg/ecpglib/libecpg.so.6.0 ? src/interfaces/ecpg/include/ecpg_config.h ? src/interfaces/ecpg/include/stamp-h ? src/interfaces/ecpg/pgtypeslib/libpgtypes.so.2.3 ? src/interfaces/libpq/libpq.so.5.1 ? src/pl/plperl/libplperl.so.0.0 ? src/pl/plpgsql/src/libplpgsql.so.1.0 ? src/pl/plpgsql/src/pl.tab.h ? src/pl/tcl/libpltcl.so.2.0 ? src/test/regress/libregress.so.0.0 Index: doc/src/sgml/func.sgml === RCS file: /cvsroot/pgsql/doc/src/sgml/func.sgml,v retrieving revision 1.483 diff -c -r1.483 func.sgml *** doc/src/sgml/func.sgml 22 Jul 2009 18:07:26 - 1.483 --- doc/src/sgml/func.sgml 3 Aug 2009 21:10:21 - *** *** 11789,11794 --- 11789,11809 entrydoes current user have privilege for foreign server/entry /row row +entryliteralfunctionhas_sequence_privilege/function(parameteruser/parameter, + parametersequence/parameter, + parameterprivilege/parameter)/literal +/entry +entrytypeboolean/type/entry +entrydoes user have privilege for sequence/entry + /row + row +entryliteralfunctionhas_sequence_privilege/function(parametersequence/parameter, + parameterprivilege/parameter)/literal +/entry +
Re: [HACKERS] [PATCH] Implement (and document, and test) has_sequence_privilege()
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 In response to: http://archives.postgresql.org/message-id/1238394513-21474-1-git-send-email-...@oryx.com Review complete. Somewhat modified patch attached. I wasn't happy with creation of verify_sequence_oid() when it more-or-less duplicates the functionality of get_rel_relkind(). Also, the original patch was misleading in that the following comment: + * The result is a boolean value: true if user has the indicated + * privilege, false if not. The variants that take a relation OID + * return NULL if the OID doesn't exist (rather than failing, as + * they did before Postgres 8.4). implies that the relname variants should throw an ERROR for non-existing names (which they in fact do), but the code for these functions reads, e.g.: +Datum +has_sequence_privilege_name_name(PG_FUNCTION_ARGS) +{ + Namerolename = PG_GETARG_NAME(0); + text *sequencename = PG_GETARG_TEXT_P(1); snip + sequenceoid = convert_table_name(sequencename); + if (!verify_sequence_oid(sequenceoid)) + PG_RETURN_NULL(); Here, verify_sequence_oid() is never called for a non-existing relname, because the call to convert_table_name() will throw an ERROR first. And verify_sequence_oid() will throw an ERROR if the relation is not a sequence. Therefore verify_sequence_oid() will only return if TRUE, and PG_RETURN_NULL() is never reached. But if it were able to be reached, it would be in conflict with the comment. If there are no objections, I'll commit in a day or two. Joe -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iQIcBAEBCAAGBQJKdOwTAAoJEDfy90M199hlFpwP/0merKdY+czyozrFuEdiGsPA Ai7twjRNyNNiJlWfr7hU+RxsXlNxST7lxCI792b/ZKJe8Z1gx4u7qYlddKVCMgFn Qeqvo0sC2N2FUMWMuBOPpDCl2sR6N2YtCxHep1NrAxDK58nupeSZ9vZ69ywwWA8e xFhbTabJDSIECbN+FISfaR60LIrTd6dlV18maPOkWmDgM3Ff11GagtB9ngZngmdY 3eN/D6wOMqtAQOcCZNyTIf68rLvKrMDu1U+bses3JUZE0NcMa76H1jm2BE3KNY1A tp+5fXEuazk+NEzBND6eSksUOnemqCt+MsyC4eim2bGQX61+tmm8tKHjCt0CYucO ERTeOhX7vJcZILzzrU287SC880spGXUz74ivApLG7SNquZ8qr1YkdYLHJdKt4SYh pJc1T+b1ngYK1/SWWzoUzEiZa+3dBReRXXmXv2IP59RSaCzYMgQ+Ohqt6D8cTHnS gSdV2csd0nae2vRuSSOms4yviLzPzh2t8GxVo7eDHre8/kHsOw0eMPPVYeA6nE/l v5r42raBr++WT/VSS0/3nOGOCAZoYcPGCv7R6Cbz7QkIOTNXbZ9PA2IUaQ2znNcQ 9nF0/aRmgPOuJUtubxMN8Qs5UE5g7HqDU7EaJ3NfL5jWCrYC2f1HWnwxS17xszCs ropug1p5344+3GZRLQtS =1T1A -END PGP SIGNATURE- Index: doc/src/sgml/func.sgml === RCS file: /opt/src/cvs/pgsql/doc/src/sgml/func.sgml,v retrieving revision 1.483 diff -c -r1.483 func.sgml *** doc/src/sgml/func.sgml 22 Jul 2009 18:07:26 - 1.483 --- doc/src/sgml/func.sgml 1 Aug 2009 23:08:49 - *** *** 11789,11794 --- 11789,11809 entrydoes current user have privilege for foreign server/entry /row row +entryliteralfunctionhas_sequence_privilege/function(parameteruser/parameter, + parametersequence/parameter, + parameterprivilege/parameter)/literal +/entry +entrytypeboolean/type/entry +entrydoes user have privilege for sequence/entry + /row + row +entryliteralfunctionhas_sequence_privilege/function(parametersequence/parameter, + parameterprivilege/parameter)/literal +/entry +entrytypeboolean/type/entry +entrydoes current user have privilege for sequence/entry + /row + row entryliteralfunctionhas_table_privilege/function(parameteruser/parameter, parametertable/parameter, parameterprivilege/parameter)/literal *** *** 11862,11867 --- 11877,11885 primaryhas_server_privilege/primary /indexterm indexterm + primaryhas_sequence_privilege/primary +/indexterm +indexterm primaryhas_table_privilege/primary /indexterm indexterm *** *** 11901,11906 --- 11919,11934 /para para + functionhas_sequence_privilege/function checks whether a user + can access a sequence in a particular way. The possibilities for its + arguments are analogous to functionhas_table_privilege/function. + The desired access privilege type must evaluate to one of + literalUSAGE/literal, + literalSELECT/literal, or + literalUPDATE/literal. +/para + +para functionhas_any_column_privilege/function checks whether a user can access any column of a table in a particular way. Its argument possibilities Index: src/backend/utils/adt/acl.c === RCS file: /opt/src/cvs/pgsql/src/backend/utils/adt/acl.c,v retrieving revision 1.148 diff -c -r1.148 acl.c *** src/backend/utils/adt/acl.c 11
Re: [HACKERS] [PATCH] Implement (and document, and test) has_sequence_privilege()
Abhijit Menon-Sen escreveu: That this family of functions did not exist earlier was merely an oversight. Added to next commitfest. Thanks! -- Euler Taveira de Oliveira http://www.timbira.com/ -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers