NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit2c8f483

committed

Represent columns requiring insert and update privileges indentently.

Previously, relation range table entries used a single Bitmapset fieldrepresenting which columns required either UPDATE or INSERT privileges,despite the fact that INSERT and UPDATE privileges are separatelycataloged, and may be independently held. As statements so far requiredeither insert or update privileges but never both, that wassufficient. The required permission could be inferred from the top levelstatement run.The upcoming INSERT ... ON CONFLICT UPDATE feature needs toindependently check for both privileges in one statement though, so thatis not sufficient anymore.Bumps catversion as stored rules change.Author: Peter GeogheganReviewed-By: Andres Freund

1 parentdb5f98a commit2c8f483Copy full SHA for 2c8f483

File tree

18 files changed

+192

-124

lines changed

contrib
- postgres_fdw
  - postgres_fdw.c
- sepgsql
  - dml.c
src
- backend
  - commands
  - executor
    - execMain.c
  - nodes
  - optimizer
    - plan
      - setrefs.c
    - prep
      - prepsecurity.c
      - prepunion.c
  - parser
    - analyze.c
    - parse_relation.c
  - rewrite
    - rewriteHandler.c
- include
  - catalog
    - catversion.h
  - nodes
    - parsenodes.h

18 files changed

+192

-124

lines changed

`‎contrib/postgres_fdw/postgres_fdw.c`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1205,7 +1205,7 @@ postgresPlanForeignModify(PlannerInfo *root,`
`1205`	`1205`	`intcol;`
`1206`	`1206`
`1207`	`1207`	`col=-1;`
`1208`		`-while ((col=bms_next_member(rte->modifiedCols,col)) >=0)`
	`1208`	`+while ((col=bms_next_member(rte->updatedCols,col)) >=0)`
`1209`	`1209`	`{`
`1210`	`1210`	`/* bit numbers are offset by FirstLowInvalidHeapAttributeNumber */`
`1211`	`1211`	`AttrNumberattno=col+FirstLowInvalidHeapAttributeNumber;`

`‎contrib/sepgsql/dml.c`

Lines changed: 20 additions & 11 deletions

Original file line number	Diff line number	Diff line change
`@@ -145,7 +145,8 @@ fixup_inherited_columns(Oid parentId, Oid childId, Bitmapset *columns)`
`145`	`145`	`staticbool`
`146`	`146`	`check_relation_privileges(OidrelOid,`
`147`	`147`	`Bitmapset*selected,`
`148`		`-Bitmapset*modified,`
	`148`	`+Bitmapset*inserted,`
	`149`	`+Bitmapset*updated,`
`149`	`150`	`uint32required,`
`150`	`151`	`boolabort_on_violation)`
`151`	`152`	`{`
`@@ -231,8 +232,9 @@ check_relation_privileges(Oid relOid,`
`231`	`232`	`* Check permissions on the columns`
`232`	`233`	`*/`
`233`	`234`	`selected=fixup_whole_row_references(relOid,selected);`
`234`		`-modified=fixup_whole_row_references(relOid,modified);`
`235`		`-columns=bms_union(selected,modified);`
	`235`	`+inserted=fixup_whole_row_references(relOid,inserted);`
	`236`	`+updated=fixup_whole_row_references(relOid,updated);`
	`237`	`+columns=bms_union(selected,bms_union(inserted,updated));`
`236`	`238`
`237`	`239`	`while ((index=bms_first_member(columns)) >=0)`
`238`	`240`	`{`
`@@ -241,13 +243,16 @@ check_relation_privileges(Oid relOid,`
`241`	`243`
`242`	`244`	`if (bms_is_member(index,selected))`
`243`	`245`	`column_perms \|=SEPG_DB_COLUMN__SELECT;`
`244`		`-if (bms_is_member(index,modified))`
	`246`	`+if (bms_is_member(index,inserted))`
`245`	`247`	`{`
`246`		`-if (required&SEPG_DB_TABLE__UPDATE)`
`247`		`-column_perms \|=SEPG_DB_COLUMN__UPDATE;`
`248`	`248`	`if (required&SEPG_DB_TABLE__INSERT)`
`249`	`249`	`column_perms \|=SEPG_DB_COLUMN__INSERT;`
`250`	`250`	`}`
	`251`	`+if (bms_is_member(index,updated))`
	`252`	`+{`
	`253`	`+if (required&SEPG_DB_TABLE__UPDATE)`
	`254`	`+column_perms \|=SEPG_DB_COLUMN__UPDATE;`
	`255`	`+}`
`251`	`256`	`if (column_perms==0)`
`252`	`257`	`continue;`
`253`	`258`
`@@ -304,7 +309,7 @@ sepgsql_dml_privileges(List *rangeTabls, bool abort_on_violation)`
`304`	`309`	`required \|=SEPG_DB_TABLE__INSERT;`
`305`	`310`	`if (rte->requiredPerms&ACL_UPDATE)`
`306`	`311`	`{`
`307`		`-if (!bms_is_empty(rte->modifiedCols))`
	`312`	`+if (!bms_is_empty(rte->updatedCols))`
`308`	`313`	`required \|=SEPG_DB_TABLE__UPDATE;`
`309`	`314`	`else`
`310`	`315`	`required \|=SEPG_DB_TABLE__LOCK;`
`@@ -333,23 +338,27 @@ sepgsql_dml_privileges(List *rangeTabls, bool abort_on_violation)`
`333`	`338`	`{`
`334`	`339`	`OidtableOid=lfirst_oid(li);`
`335`	`340`	`Bitmapset*selectedCols;`
`336`		`-Bitmapset*modifiedCols;`
	`341`	`+Bitmapset*insertedCols;`
	`342`	`+Bitmapset*updatedCols;`
`337`	`343`
`338`	`344`	`/*`
`339`	`345`	`* child table has different attribute numbers, so we need to fix`
`340`	`346`	`* up them.`
`341`	`347`	`*/`
`342`	`348`	`selectedCols=fixup_inherited_columns(rte->relid,tableOid,`
`343`	`349`	`rte->selectedCols);`
`344`		`-modifiedCols=fixup_inherited_columns(rte->relid,tableOid,`
`345`		`-rte->modifiedCols);`
	`350`	`+insertedCols=fixup_inherited_columns(rte->relid,tableOid,`
	`351`	`+rte->insertedCols);`
	`352`	`+updatedCols=fixup_inherited_columns(rte->relid,tableOid,`
	`353`	`+rte->updatedCols);`
`346`	`354`
`347`	`355`	`/*`
`348`	`356`	`* check permissions on individual tables`
`349`	`357`	`*/`
`350`	`358`	`if (!check_relation_privileges(tableOid,`
`351`	`359`	`selectedCols,`
`352`		`-modifiedCols,`
	`360`	`+insertedCols,`
	`361`	`+updatedCols,`
`353`	`362`	`required,abort_on_violation))`
`354`	`363`	`return false;`
`355`	`364`	`}`

`‎src/backend/commands/copy.c`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -847,7 +847,7 @@ DoCopy(const CopyStmt stmt, const char queryString, uint64 *processed)`
`847`	`847`	`FirstLowInvalidHeapAttributeNumber;`
`848`	`848`
`849`	`849`	`if (is_from)`
`850`		`-rte->modifiedCols=bms_add_member(rte->modifiedCols,attno);`
	`850`	`+rte->insertedCols=bms_add_member(rte->insertedCols,attno);`
`851`	`851`	`else`
`852`	`852`	`rte->selectedCols=bms_add_member(rte->selectedCols,attno);`
`853`	`853`	`}`

`‎src/backend/commands/createas.c`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -433,7 +433,7 @@ intorel_startup(DestReceiver *self, int operation, TupleDesc typeinfo)`
`433`	`433`	`rte->requiredPerms=ACL_INSERT;`
`434`	`434`
`435`	`435`	`for (attnum=1;attnum <=intoRelationDesc->rd_att->natts;attnum++)`
`436`		`-rte->modifiedCols=bms_add_member(rte->modifiedCols,`
	`436`	`+rte->insertedCols=bms_add_member(rte->insertedCols,`
`437`	`437`	`attnum-FirstLowInvalidHeapAttributeNumber);`
`438`	`438`
`439`	`439`	`ExecCheckRTPerms(list_make1(rte), true);`

`‎src/backend/commands/trigger.c`

Lines changed: 15 additions & 15 deletions

Original file line number	Diff line number	Diff line change
`@@ -66,13 +66,13 @@ intSessionReplicationRole = SESSION_REPLICATION_ROLE_ORIGIN;`
`66`	`66`	`staticintMyTriggerDepth=0;`
`67`	`67`
`68`	`68`	`/*`
`69`		`- * Note thatthis macro also exists in executor/execMain.c. There does not`
`70`		`- * appear to be any good header to put it into, given the structures that`
`71`		`- *ituses, so we let them be duplicated. Be sure to update both if one needs`
`72`		`- *tobe changed, however.`
	`69`	`+ * Note thatsimilar macros also exists in executor/execMain.c. There does not`
	`70`	`+ * appear to be any good header to put it into, given the structures that it`
	`71`	`+ * uses, so we let them be duplicated. Be sure to update both if one needs to`
	`72`	`+ * be changed, however.`
`73`	`73`	`*/`
`74`		`-#defineGetModifiedColumns(relinfo,estate) \`
`75`		`-(rt_fetch((relinfo)->ri_RangeTableIndex, (estate)->es_range_table)->modifiedCols)`
	`74`	`+#defineGetUpdatedColumns(relinfo,estate) \`
	`75`	`+(rt_fetch((relinfo)->ri_RangeTableIndex, (estate)->es_range_table)->updatedCols)`
`76`	`76`
`77`	`77`	`/* Local function prototypes */`
`78`	`78`	`staticvoidConvertTriggerToFK(CreateTrigStmt*stmt,Oidfuncoid);`
`@@ -2347,7 +2347,7 @@ ExecBSUpdateTriggers(EState estate, ResultRelInfo relinfo)`
`2347`	`2347`	`TriggerDesc*trigdesc;`
`2348`	`2348`	`inti;`
`2349`	`2349`	`TriggerDataLocTriggerData;`
`2350`		`-Bitmapset*modifiedCols;`
	`2350`	`+Bitmapset*updatedCols;`
`2351`	`2351`
`2352`	`2352`	`trigdesc=relinfo->ri_TrigDesc;`
`2353`	`2353`
`@@ -2356,7 +2356,7 @@ ExecBSUpdateTriggers(EState estate, ResultRelInfo relinfo)`
`2356`	`2356`	`if (!trigdesc->trig_update_before_statement)`
`2357`	`2357`	`return;`
`2358`	`2358`
`2359`		`-modifiedCols=GetModifiedColumns(relinfo,estate);`
	`2359`	`+updatedCols=GetUpdatedColumns(relinfo,estate);`
`2360`	`2360`
`2361`	`2361`	`LocTriggerData.type=T_TriggerData;`
`2362`	`2362`	`LocTriggerData.tg_event=TRIGGER_EVENT_UPDATE \|`
`@@ -2377,7 +2377,7 @@ ExecBSUpdateTriggers(EState estate, ResultRelInfo relinfo)`
`2377`	`2377`	`TRIGGER_TYPE_UPDATE))`
`2378`	`2378`	`continue;`
`2379`	`2379`	`if (!TriggerEnabled(estate,relinfo,trigger,LocTriggerData.tg_event,`
`2380`		`-modifiedCols,NULL,NULL))`
	`2380`	`+updatedCols,NULL,NULL))`
`2381`	`2381`	`continue;`
`2382`	`2382`
`2383`	`2383`	`LocTriggerData.tg_trigger=trigger;`
`@@ -2402,7 +2402,7 @@ ExecASUpdateTriggers(EState estate, ResultRelInfo relinfo)`
`2402`	`2402`	`if (trigdesc&&trigdesc->trig_update_after_statement)`
`2403`	`2403`	`AfterTriggerSaveEvent(estate,relinfo,TRIGGER_EVENT_UPDATE,`
`2404`	`2404`	`false,NULL,NULL,NIL,`
`2405`		`-GetModifiedColumns(relinfo,estate));`
	`2405`	`+GetUpdatedColumns(relinfo,estate));`
`2406`	`2406`	`}`
`2407`	`2407`
`2408`	`2408`	`TupleTableSlot*`
`@@ -2420,7 +2420,7 @@ ExecBRUpdateTriggers(EState estate, EPQState epqstate,`
`2420`	`2420`	`HeapTupleoldtuple;`
`2421`	`2421`	`TupleTableSlot*newSlot;`
`2422`	`2422`	`inti;`
`2423`		`-Bitmapset*modifiedCols;`
	`2423`	`+Bitmapset*updatedCols;`
`2424`	`2424`	`Bitmapset*keyCols;`
`2425`	`2425`	`LockTupleModelockmode;`
`2426`	`2426`
`@@ -2429,10 +2429,10 @@ ExecBRUpdateTriggers(EState estate, EPQState epqstate,`
`2429`	`2429`	`* been modified, then we can use a weaker lock, allowing for better`
`2430`	`2430`	`* concurrency.`
`2431`	`2431`	`*/`
`2432`		`-modifiedCols=GetModifiedColumns(relinfo,estate);`
	`2432`	`+updatedCols=GetUpdatedColumns(relinfo,estate);`
`2433`	`2433`	`keyCols=RelationGetIndexAttrBitmap(relinfo->ri_RelationDesc,`
`2434`	`2434`	`INDEX_ATTR_BITMAP_KEY);`
`2435`		`-if (bms_overlap(keyCols,modifiedCols))`
	`2435`	`+if (bms_overlap(keyCols,updatedCols))`
`2436`	`2436`	`lockmode=LockTupleExclusive;`
`2437`	`2437`	`else`
`2438`	`2438`	`lockmode=LockTupleNoKeyExclusive;`
`@@ -2486,7 +2486,7 @@ ExecBRUpdateTriggers(EState estate, EPQState epqstate,`
`2486`	`2486`	`TRIGGER_TYPE_UPDATE))`
`2487`	`2487`	`continue;`
`2488`	`2488`	`if (!TriggerEnabled(estate,relinfo,trigger,LocTriggerData.tg_event,`
`2489`		`-modifiedCols,trigtuple,newtuple))`
	`2489`	`+updatedCols,trigtuple,newtuple))`
`2490`	`2490`	`continue;`
`2491`	`2491`
`2492`	`2492`	`LocTriggerData.tg_trigtuple=trigtuple;`
`@@ -2556,7 +2556,7 @@ ExecARUpdateTriggers(EState estate, ResultRelInfo relinfo,`
`2556`	`2556`
`2557`	`2557`	`AfterTriggerSaveEvent(estate,relinfo,TRIGGER_EVENT_UPDATE,`
`2558`	`2558`	`true,trigtuple,newtuple,recheckIndexes,`
`2559`		`-GetModifiedColumns(relinfo,estate));`
	`2559`	`+GetUpdatedColumns(relinfo,estate));`
`2560`	`2560`	`if (trigtuple!=fdw_trigtuple)`
`2561`	`2561`	`heap_freetuple(trigtuple);`
`2562`	`2562`	`}`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit2c8f483

File tree

18 files changed

18 files changed

`‎contrib/postgres_fdw/postgres_fdw.c`

`‎contrib/sepgsql/dml.c`

`‎src/backend/commands/copy.c`

`‎src/backend/commands/createas.c`

`‎src/backend/commands/trigger.c`

0 commit comments