Re: [HACKERS] [PATCH] Implement (and document, and test) has_sequence_privilege()

[Joe Conway]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Joe Conway wrote:
 If there are no objections, I'll commit in a day or two.

Attached version committed. Only difference from the last is catversion.

Joe
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iQIcBAEBCAAGBQJKd1MXAAoJEDfy90M199hlz6IP/RvNrU3CQ0wUvipvR3sJi3wV
Bis3TqPiSzGlKHDkV67Mh+sR0oQLJ2UG5yEgmSPM8yus+zd6rRzSIpS1Z+npE1sg
CKJtYTzDjVby9szhKk9znn37dY/dyIOzW7S9AXCjwF1bM+60Pyavue3J8br3TnU7
yCCVH1wow4D7Pg0pO/kKEiOLAO+Qx9NUA5AGdUh47c0NLvz7XbmhkrG2Kt1KKrha
2qVgKUEqsi8Q6vahx5qczCM6TuYx33WFfwCLWT0HB0igtfuEp5Pp8D0C/5sRNer/
J10JqdWp/XPEv69rLkLNkdHns0pA+J0uPJLZkEcwi38a7YThwSzraDSw73gslcRX
UdAlSe06tOuxUky4IlHNFZZnzaAaXwGNjJARmjKK+PtMozatfO0lUKU5QCeQhRx1
QgtlDC4MQuFcVsdDy5jFWLviP0PiMtiWtkKhAp9e0FZa5CHQQby5AuTKNHSfS3To
XhE+abZfbwFTQFrGFGKJnNWPepbLnl1gm2sm6id175m/8FKXNQo++jr0SasqkEzA
d52C6/WI7Ll6Zlo9smnc3ogt9ggnQ866AOdy1SXpkEDjFdGDsMxgxjI8rObNxYEL
ew9VAgFI5lwnABKlRv7y2xIMxOEgdO6gduURJhQ2U20yhq1W8QlsjE+IE7UYURBL
VXj6LlvceXdDFF2uUjMz
=gAqc
-END PGP SIGNATURE-
? GNUmakefile
? config.log
? config.status
? src/Makefile.global
? src/backend/bootstrap/bootstrap_tokens.h
? src/backend/parser/parse.h
? src/backend/snowball/libdict_snowball.so.0.0
? src/backend/utils/mb/conversion_procs/ascii_and_mic/libascii_and_mic.so.0.0
? src/backend/utils/mb/conversion_procs/cyrillic_and_mic/libcyrillic_and_mic.so.0.0
? src/backend/utils/mb/conversion_procs/euc_cn_and_mic/libeuc_cn_and_mic.so.0.0
? src/backend/utils/mb/conversion_procs/euc_jis_2004_and_shift_jis_2004/libeuc_jis_2004_and_shift_jis_2004.so.0.0
? src/backend/utils/mb/conversion_procs/euc_jp_and_sjis/libeuc_jp_and_sjis.so.0.0
? src/backend/utils/mb/conversion_procs/euc_kr_and_mic/libeuc_kr_and_mic.so.0.0
? src/backend/utils/mb/conversion_procs/euc_tw_and_big5/libeuc_tw_and_big5.so.0.0
? src/backend/utils/mb/conversion_procs/latin2_and_win1250/liblatin2_and_win1250.so.0.0
? src/backend/utils/mb/conversion_procs/latin_and_mic/liblatin_and_mic.so.0.0
? src/backend/utils/mb/conversion_procs/utf8_and_ascii/libutf8_and_ascii.so.0.0
? src/backend/utils/mb/conversion_procs/utf8_and_big5/libutf8_and_big5.so.0.0
? src/backend/utils/mb/conversion_procs/utf8_and_cyrillic/libutf8_and_cyrillic.so.0.0
? src/backend/utils/mb/conversion_procs/utf8_and_euc_cn/libutf8_and_euc_cn.so.0.0
? src/backend/utils/mb/conversion_procs/utf8_and_euc_jis_2004/libutf8_and_euc_jis_2004.so.0.0
? src/backend/utils/mb/conversion_procs/utf8_and_euc_jp/libutf8_and_euc_jp.so.0.0
? src/backend/utils/mb/conversion_procs/utf8_and_euc_kr/libutf8_and_euc_kr.so.0.0
? src/backend/utils/mb/conversion_procs/utf8_and_euc_tw/libutf8_and_euc_tw.so.0.0
? src/backend/utils/mb/conversion_procs/utf8_and_gb18030/libutf8_and_gb18030.so.0.0
? src/backend/utils/mb/conversion_procs/utf8_and_gbk/libutf8_and_gbk.so.0.0
? src/backend/utils/mb/conversion_procs/utf8_and_iso8859/libutf8_and_iso8859.so.0.0
? src/backend/utils/mb/conversion_procs/utf8_and_iso8859_1/libutf8_and_iso8859_1.so.0.0
? src/backend/utils/mb/conversion_procs/utf8_and_johab/libutf8_and_johab.so.0.0
? src/backend/utils/mb/conversion_procs/utf8_and_shift_jis_2004/libutf8_and_shift_jis_2004.so.0.0
? src/backend/utils/mb/conversion_procs/utf8_and_sjis/libutf8_and_sjis.so.0.0
? src/backend/utils/mb/conversion_procs/utf8_and_uhc/libutf8_and_uhc.so.0.0
? src/backend/utils/mb/conversion_procs/utf8_and_win/libutf8_and_win.so.0.0
? src/bin/ipcclean/ipcclean
? src/include/pg_config.h
? src/include/stamp-h
? src/interfaces/ecpg/compatlib/libecpg_compat.so.2.3
? src/interfaces/ecpg/ecpglib/libecpg.so.6.0
? src/interfaces/ecpg/include/ecpg_config.h
? src/interfaces/ecpg/include/stamp-h
? src/interfaces/ecpg/pgtypeslib/libpgtypes.so.2.3
? src/interfaces/libpq/libpq.so.5.1
? src/pl/plperl/libplperl.so.0.0
? src/pl/plpgsql/src/libplpgsql.so.1.0
? src/pl/plpgsql/src/pl.tab.h
? src/pl/tcl/libpltcl.so.2.0
? src/test/regress/libregress.so.0.0
Index: doc/src/sgml/func.sgml
===
RCS file: /cvsroot/pgsql/doc/src/sgml/func.sgml,v
retrieving revision 1.483
diff -c -r1.483 func.sgml
*** doc/src/sgml/func.sgml	22 Jul 2009 18:07:26 -	1.483
--- doc/src/sgml/func.sgml	3 Aug 2009 21:10:21 -
***
*** 11789,11794 
--- 11789,11809 
 entrydoes current user have privilege for foreign server/entry
/row
row
+entryliteralfunctionhas_sequence_privilege/function(parameteruser/parameter,
+   parametersequence/parameter,
+   parameterprivilege/parameter)/literal
+/entry
+entrytypeboolean/type/entry
+entrydoes user have privilege for sequence/entry
+   /row
+   row
+entryliteralfunctionhas_sequence_privilege/function(parametersequence/parameter,
+   parameterprivilege/parameter)/literal
+/entry
+

Re: [HACKERS] [PATCH] Implement (and document, and test) has_sequence_privilege()

[Joe Conway]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

In response to:
http://archives.postgresql.org/message-id/1238394513-21474-1-git-send-email-...@oryx.com

Review complete. Somewhat modified patch attached. I wasn't happy with
creation of verify_sequence_oid() when it more-or-less duplicates the
functionality of get_rel_relkind(). Also, the original patch was
misleading in that the following comment:

+ * The result is a boolean value: true if user has the indicated
+ * privilege, false if not.  The variants that take a relation OID
+ * return NULL if the OID doesn't exist (rather than failing, as
+ * they did before Postgres 8.4).

implies that the relname variants should throw an ERROR for non-existing
names (which they in fact do), but the code for these functions reads, e.g.:

+Datum
+has_sequence_privilege_name_name(PG_FUNCTION_ARGS)
+{
+   Namerolename = PG_GETARG_NAME(0);
+   text   *sequencename = PG_GETARG_TEXT_P(1);
snip
+   sequenceoid = convert_table_name(sequencename);
+   if (!verify_sequence_oid(sequenceoid))
+   PG_RETURN_NULL();

Here, verify_sequence_oid() is never called for a non-existing relname,
because the call to convert_table_name() will throw an ERROR first. And
verify_sequence_oid() will throw an ERROR if the relation is not a
sequence. Therefore verify_sequence_oid() will only return if TRUE, and
PG_RETURN_NULL() is never reached. But if it were able to be reached, it
would be in conflict with the comment.

If there are no objections, I'll commit in a day or two.

Joe
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iQIcBAEBCAAGBQJKdOwTAAoJEDfy90M199hlFpwP/0merKdY+czyozrFuEdiGsPA
Ai7twjRNyNNiJlWfr7hU+RxsXlNxST7lxCI792b/ZKJe8Z1gx4u7qYlddKVCMgFn
Qeqvo0sC2N2FUMWMuBOPpDCl2sR6N2YtCxHep1NrAxDK58nupeSZ9vZ69ywwWA8e
xFhbTabJDSIECbN+FISfaR60LIrTd6dlV18maPOkWmDgM3Ff11GagtB9ngZngmdY
3eN/D6wOMqtAQOcCZNyTIf68rLvKrMDu1U+bses3JUZE0NcMa76H1jm2BE3KNY1A
tp+5fXEuazk+NEzBND6eSksUOnemqCt+MsyC4eim2bGQX61+tmm8tKHjCt0CYucO
ERTeOhX7vJcZILzzrU287SC880spGXUz74ivApLG7SNquZ8qr1YkdYLHJdKt4SYh
pJc1T+b1ngYK1/SWWzoUzEiZa+3dBReRXXmXv2IP59RSaCzYMgQ+Ohqt6D8cTHnS
gSdV2csd0nae2vRuSSOms4yviLzPzh2t8GxVo7eDHre8/kHsOw0eMPPVYeA6nE/l
v5r42raBr++WT/VSS0/3nOGOCAZoYcPGCv7R6Cbz7QkIOTNXbZ9PA2IUaQ2znNcQ
9nF0/aRmgPOuJUtubxMN8Qs5UE5g7HqDU7EaJ3NfL5jWCrYC2f1HWnwxS17xszCs
ropug1p5344+3GZRLQtS
=1T1A
-END PGP SIGNATURE-
Index: doc/src/sgml/func.sgml
===
RCS file: /opt/src/cvs/pgsql/doc/src/sgml/func.sgml,v
retrieving revision 1.483
diff -c -r1.483 func.sgml
*** doc/src/sgml/func.sgml	22 Jul 2009 18:07:26 -	1.483
--- doc/src/sgml/func.sgml	1 Aug 2009 23:08:49 -
***
*** 11789,11794 
--- 11789,11809 
 entrydoes current user have privilege for foreign server/entry
/row
row
+entryliteralfunctionhas_sequence_privilege/function(parameteruser/parameter,
+   parametersequence/parameter,
+   parameterprivilege/parameter)/literal
+/entry
+entrytypeboolean/type/entry
+entrydoes user have privilege for sequence/entry
+   /row
+   row
+entryliteralfunctionhas_sequence_privilege/function(parametersequence/parameter,
+   parameterprivilege/parameter)/literal
+/entry
+entrytypeboolean/type/entry
+entrydoes current user have privilege for sequence/entry
+   /row
+   row
 entryliteralfunctionhas_table_privilege/function(parameteruser/parameter,
parametertable/parameter,
parameterprivilege/parameter)/literal
***
*** 11862,11867 
--- 11877,11885 
  primaryhas_server_privilege/primary
 /indexterm
 indexterm
+ primaryhas_sequence_privilege/primary
+/indexterm
+indexterm
  primaryhas_table_privilege/primary
 /indexterm
 indexterm
***
*** 11901,11906 
--- 11919,11934 
 /para
  
 para
+ functionhas_sequence_privilege/function checks whether a user
+ can access a sequence in a particular way.  The possibilities for its
+ arguments are analogous to functionhas_table_privilege/function.
+ The desired access privilege type must evaluate to one of
+ literalUSAGE/literal,
+ literalSELECT/literal, or
+ literalUPDATE/literal.
+/para
+ 
+para
  functionhas_any_column_privilege/function checks whether a user can
  access any column of a table in a particular way.
  Its argument possibilities
Index: src/backend/utils/adt/acl.c
===
RCS file: /opt/src/cvs/pgsql/src/backend/utils/adt/acl.c,v
retrieving revision 1.148
diff -c -r1.148 acl.c
*** src/backend/utils/adt/acl.c	11 

Re: [HACKERS] [PATCH] Implement (and document, and test) has_sequence_privilege()

[Euler Taveira de Oliveira]

Abhijit Menon-Sen escreveu:
 That this family of functions did not exist earlier was merely an
 oversight.
 
Added to next commitfest. Thanks!


-- 
  Euler Taveira de Oliveira
  http://www.timbira.com/

-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers