Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit39cffe9

Browse files
committed
Pass down current user ID to AddRoleMems and DelRoleMems.
This is just refactoring; there should be no functonal change. Itmight have the effect of slightly reducing the number of calls toGetUserId(), but the real point is to facilitate future work inthis area.Patch by me, reviewed by Mark Dilger.Discussion:http://postgr.es/m/CA+TgmobFzTLkLwOquFrAcdsWBsOWDr-_H-jw+qBvfx-wSzMwDA@mail.gmail.com
1 parent25bb031 commit39cffe9

File tree

1 file changed

+22
-19
lines changed

1 file changed

+22
-19
lines changed

‎src/backend/commands/user.c

Lines changed: 22 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -87,10 +87,10 @@ intPassword_encryption = PASSWORD_TYPE_SCRAM_SHA_256;
8787
/* Hook to check passwords in CreateRole() and AlterRole() */
8888
check_password_hook_typecheck_password_hook=NULL;
8989

90-
staticvoidAddRoleMems(constchar*rolename,Oidroleid,
90+
staticvoidAddRoleMems(OidcurrentUserId,constchar*rolename,Oidroleid,
9191
List*memberSpecs,List*memberIds,
9292
OidgrantorId,GrantRoleOptions*popt);
93-
staticvoidDelRoleMems(constchar*rolename,Oidroleid,
93+
staticvoidDelRoleMems(OidcurrentUserId,constchar*rolename,Oidroleid,
9494
List*memberSpecs,List*memberIds,
9595
OidgrantorId,GrantRoleOptions*popt,
9696
DropBehaviorbehavior);
@@ -133,6 +133,7 @@ CreateRole(ParseState *pstate, CreateRoleStmt *stmt)
133133
HeapTupletuple;
134134
Datumnew_record[Natts_pg_authid]= {0};
135135
boolnew_record_nulls[Natts_pg_authid]= {0};
136+
OidcurrentUserId=GetUserId();
136137
Oidroleid;
137138
ListCell*item;
138139
ListCell*option;
@@ -508,8 +509,8 @@ CreateRole(ParseState *pstate, CreateRoleStmt *stmt)
508509
char*oldrolename=NameStr(oldroleform->rolname);
509510

510511
/* can only add this role to roles for which you have rights */
511-
check_role_membership_authorization(GetUserId(),oldroleid, true);
512-
AddRoleMems(oldrolename,oldroleid,
512+
check_role_membership_authorization(currentUserId,oldroleid, true);
513+
AddRoleMems(currentUserId,oldrolename,oldroleid,
513514
thisrole_list,
514515
thisrole_oidlist,
515516
InvalidOid,&popt);
@@ -525,12 +526,12 @@ CreateRole(ParseState *pstate, CreateRoleStmt *stmt)
525526
* NB: No permissions check is required here. If you have enough rights
526527
* to create a role, you can add any members you like.
527528
*/
528-
AddRoleMems(stmt->role,roleid,
529+
AddRoleMems(currentUserId,stmt->role,roleid,
529530
rolemembers,roleSpecsToIds(rolemembers),
530531
InvalidOid,&popt);
531532
popt.specified |=GRANT_ROLE_SPECIFIED_ADMIN;
532533
popt.admin= true;
533-
AddRoleMems(stmt->role,roleid,
534+
AddRoleMems(currentUserId,stmt->role,roleid,
534535
adminmembers,roleSpecsToIds(adminmembers),
535536
InvalidOid,&popt);
536537

@@ -583,6 +584,7 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt)
583584
DefElem*dvalidUntil=NULL;
584585
DefElem*dbypassRLS=NULL;
585586
Oidroleid;
587+
OidcurrentUserId=GetUserId();
586588
GrantRoleOptionspopt;
587589

588590
check_rolespec_name(stmt->role,
@@ -727,13 +729,13 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt)
727729
errmsg("permission denied")));
728730

729731
/* without CREATEROLE, can only change your own password */
730-
if (dpassword&&roleid!=GetUserId())
732+
if (dpassword&&roleid!=currentUserId)
731733
ereport(ERROR,
732734
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
733735
errmsg("must have CREATEROLE privilege to change another user's password")));
734736

735737
/* without CREATEROLE, can only add members to roles you admin */
736-
if (drolemembers&& !is_admin_of_role(GetUserId(),roleid))
738+
if (drolemembers&& !is_admin_of_role(currentUserId,roleid))
737739
ereport(ERROR,
738740
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
739741
errmsg("must have admin option on role \"%s\" to add members",
@@ -888,11 +890,11 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt)
888890
CommandCounterIncrement();
889891

890892
if (stmt->action==+1)/* add members to role */
891-
AddRoleMems(rolename,roleid,
893+
AddRoleMems(currentUserId,rolename,roleid,
892894
rolemembers,roleSpecsToIds(rolemembers),
893895
InvalidOid,&popt);
894896
elseif (stmt->action==-1)/* drop members from role */
895-
DelRoleMems(rolename,roleid,
897+
DelRoleMems(currentUserId,rolename,roleid,
896898
rolemembers,roleSpecsToIds(rolemembers),
897899
InvalidOid,&popt,DROP_RESTRICT);
898900
}
@@ -1378,6 +1380,7 @@ GrantRole(ParseState *pstate, GrantRoleStmt *stmt)
13781380
List*grantee_ids;
13791381
ListCell*item;
13801382
GrantRoleOptionspopt;
1383+
OidcurrentUserId=GetUserId();
13811384

13821385
/* Parse options list. */
13831386
InitGrantRoleOptions(&popt);
@@ -1449,14 +1452,14 @@ GrantRole(ParseState *pstate, GrantRoleStmt *stmt)
14491452
errmsg("column names cannot be included in GRANT/REVOKE ROLE")));
14501453

14511454
roleid=get_role_oid(rolename, false);
1452-
check_role_membership_authorization(GetUserId(),roleid,
1453-
stmt->is_grant);
1455+
check_role_membership_authorization(currentUserId,
1456+
roleid,stmt->is_grant);
14541457
if (stmt->is_grant)
1455-
AddRoleMems(rolename,roleid,
1458+
AddRoleMems(currentUserId,rolename,roleid,
14561459
stmt->grantee_roles,grantee_ids,
14571460
grantor,&popt);
14581461
else
1459-
DelRoleMems(rolename,roleid,
1462+
DelRoleMems(currentUserId,rolename,roleid,
14601463
stmt->grantee_roles,grantee_ids,
14611464
grantor,&popt,stmt->behavior);
14621465
}
@@ -1555,23 +1558,24 @@ roleSpecsToIds(List *memberNames)
15551558
/*
15561559
* AddRoleMems -- Add given members to the specified role
15571560
*
1561+
* currentUserId: OID of role performing the operation
15581562
* rolename: name of role to add to (used only for error messages)
15591563
* roleid: OID of role to add to
15601564
* memberSpecs: list of RoleSpec of roles to add (used only for error messages)
15611565
* memberIds: OIDs of roles to add
1562-
* grantorId: who is granting the membership (InvalidOid if not set explicitly)
1566+
* grantorId: OID that should be recorded as having granted the membership
1567+
* (InvalidOid if not set explicitly)
15631568
* popt: information about grant options
15641569
*/
15651570
staticvoid
1566-
AddRoleMems(constchar*rolename,Oidroleid,
1571+
AddRoleMems(OidcurrentUserId,constchar*rolename,Oidroleid,
15671572
List*memberSpecs,List*memberIds,
15681573
OidgrantorId,GrantRoleOptions*popt)
15691574
{
15701575
Relationpg_authmem_rel;
15711576
TupleDescpg_authmem_dsc;
15721577
ListCell*specitem;
15731578
ListCell*iditem;
1574-
OidcurrentUserId=GetUserId();
15751579

15761580
Assert(list_length(memberSpecs)==list_length(memberIds));
15771581

@@ -1859,15 +1863,14 @@ AddRoleMems(const char *rolename, Oid roleid,
18591863
* behavior: RESTRICT or CASCADE behavior for recursive removal
18601864
*/
18611865
staticvoid
1862-
DelRoleMems(constchar*rolename,Oidroleid,
1866+
DelRoleMems(OidcurrentUserId,constchar*rolename,Oidroleid,
18631867
List*memberSpecs,List*memberIds,
18641868
OidgrantorId,GrantRoleOptions*popt,DropBehaviorbehavior)
18651869
{
18661870
Relationpg_authmem_rel;
18671871
TupleDescpg_authmem_dsc;
18681872
ListCell*specitem;
18691873
ListCell*iditem;
1870-
OidcurrentUserId=GetUserId();
18711874
CatCList*memlist;
18721875
RevokeRoleGrantAction*actions;
18731876
inti;

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp