NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit4ab8e69

committed

has_table_privilege spawns scions has_database_privilege, has_function_privilege,

has_language_privilege, has_schema_privilege to let SQL queries testall the new privilege types in 7.3. Also, add functions pg_table_is_visible,pg_type_is_visible, pg_function_is_visible, pg_operator_is_visible,pg_opclass_is_visible to test whether objects contained in schemas arevisible in the current search path. Do some minor cleanup to centralizeaccesses to pg_database, as well.

1 parent65dc2e0 commit4ab8e69Copy full SHA for 4ab8e69

File tree

12 files changed

+1325

-282

lines changed

contrib/dbsize
- dbsize.c
doc/src/sgml
- func.sgml
src
- backend
  - catalog
    - namespace.c
  - commands
    - comment.c
    - dbcommands.c
  - utils
    - adt
      - acl.c
      - sets.c
    - misc
      - superuser.c
- include
  - catalog
    - catversion.h
    - pg_proc.h
  - commands
    - dbcommands.h
  - utils
    - builtins.h

12 files changed

+1325

-282

lines changed

`‎contrib/dbsize/dbsize.c`

Lines changed: 3 additions & 21 deletions

Original file line number	Diff line number	Diff line change
`@@ -8,12 +8,10 @@`
`8`	`8`
`9`	`9`	`#include"access/heapam.h"`
`10`	`10`	`#include"catalog/catalog.h"`
`11`		`-#include"catalog/catname.h"`
`12`	`11`	`#include"catalog/namespace.h"`
`13`		`-#include"catalog/pg_database.h"`
	`12`	`+#include"commands/dbcommands.h"`
`14`	`13`	`#include"fmgr.h"`
`15`	`14`	`#include"utils/builtins.h"`
`16`		`-#include"utils/fmgroids.h"`
`17`	`15`
`18`	`16`
`19`	`17`	`staticchar*`
`@@ -46,32 +44,16 @@ database_size(PG_FUNCTION_ARGS)`
`46`	`44`	`{`
`47`	`45`	`Namedbname=PG_GETARG_NAME(0);`
`48`	`46`
`49`		`-HeapTupletuple;`
`50`		`-Relationrelation;`
`51`		`-ScanKeyDatascanKey;`
`52`		`-HeapScanDescscan;`
`53`	`47`	`Oiddbid;`
`54`	`48`	`char*dbpath;`
`55`	`49`	`DIR*dirdesc;`
`56`	`50`	`structdirent*direntry;`
`57`	`51`	`int64totalsize;`
`58`	`52`
`59`		`-relation=heap_openr(DatabaseRelationName,AccessShareLock);`
`60`		`-ScanKeyEntryInitialize(&scanKey,0,Anum_pg_database_datname,`
`61`		`-F_NAMEEQ,NameGetDatum(dbname));`
`62`		`-scan=heap_beginscan(relation,SnapshotNow,1,&scanKey);`
`63`		`-tuple=heap_getnext(scan,ForwardScanDirection);`
`64`		`-`
`65`		`-if (!HeapTupleIsValid(tuple))`
	`53`	`+dbid=get_database_oid(NameStr(*dbname));`
	`54`	`+if (!OidIsValid(dbid))`
`66`	`55`	`elog(ERROR,"database %s does not exist",NameStr(*dbname));`
`67`	`56`
`68`		`-dbid=HeapTupleGetOid(tuple);`
`69`		`-if (dbid==InvalidOid)`
`70`		`-elog(ERROR,"invalid database id");`
`71`		`-`
`72`		`-heap_endscan(scan);`
`73`		`-heap_close(relation,NoLock);`
`74`		`-`
`75`	`57`	`dbpath=GetDatabasePath(dbid);`
`76`	`58`
`77`	`59`	`dirdesc=opendir(dbpath);`

`‎doc/src/sgml/func.sgml`

Lines changed: 208 additions & 48 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`<!--`
`2`		`-$Header: /cvsroot/pgsql/doc/src/sgml/func.sgml,v 1.109 2002/08/08 14:29:07 tgl Exp $`
	`2`	`+$Header: /cvsroot/pgsql/doc/src/sgml/func.sgml,v 1.110 2002/08/09 16:45:13 tgl Exp $`
`3`	`3`	`PostgreSQL documentation`
`4`	`4`	`-->`
`5`	`5`
`@@ -4925,57 +4925,11 @@ select current_setting('DateStyle');`
`4925`	`4925`	`<literal>false</literal> instead. It is the equivalent to the SQL`
`4926`	`4926`	`<command>SET</command> command. For example:`
`4927`	`4927`	`<programlisting>`
`4928`		`-SHOW show_query_stats;`
`4929`		`- show_query_stats`
`4930`		`-------------------`
`4931`		`- on`
`4932`		`-(1 row)`
`4933`		`-`
`4934`	`4928`	`select set_config('show_query_stats','off','f');`
`4935`	`4929`	`set_config`
`4936`	`4930`	`------------`
`4937`	`4931`	`off`
`4938`	`4932`	`(1 row)`
`4939`		`-`
`4940`		`-SHOW show_query_stats;`
`4941`		`- show_query_stats`
`4942`		`-------------------`
`4943`		`- off`
`4944`		`-(1 row)`
`4945`		`-`
`4946`		`-select set_config('show_query_stats','on','t');`
`4947`		`- set_config`
`4948`		`-------------`
`4949`		`- on`
`4950`		`-(1 row)`
`4951`		`-`
`4952`		`-SHOW show_query_stats;`
`4953`		`- show_query_stats`
`4954`		`-------------------`
`4955`		`- off`
`4956`		`-(1 row)`
`4957`		`-`
`4958`		`-BEGIN;`
`4959`		`-BEGIN`
`4960`		`-select set_config('show_query_stats','on','t');`
`4961`		`- set_config`
`4962`		`-------------`
`4963`		`- on`
`4964`		`-(1 row)`
`4965`		`-`
`4966`		`-SHOW show_query_stats;`
`4967`		`- show_query_stats`
`4968`		`-------------------`
`4969`		`- on`
`4970`		`-(1 row)`
`4971`		`-`
`4972`		`-COMMIT;`
`4973`		`-COMMIT`
`4974`		`-SHOW show_query_stats;`
`4975`		`- show_query_stats`
`4976`		`-------------------`
`4977`		`- off`
`4978`		`-(1 row)`
`4979`	`4933`	`</programlisting>`
`4980`	`4934`	`</para>`
`4981`	`4935`
`@@ -5002,16 +4956,88 @@ SHOW show_query_stats;`
`5002`	`4956`	`<entry><type>boolean</type></entry>`
`5003`	`4957`	`<entry>does current user have access to table</entry>`
`5004`	`4958`	`</row>`
	`4959`	`+ <row>`
	`4960`	`+ <entry><function>has_database_privilege</function>(<parameter>user</parameter>,`
	`4961`	`+ <parameter>database</parameter>,`
	`4962`	`+ <parameter>access</parameter>)`
	`4963`	`+ </entry>`
	`4964`	`+ <entry><type>boolean</type></entry>`
	`4965`	`+ <entry>does user have access to database</entry>`
	`4966`	`+ </row>`
	`4967`	`+ <row>`
	`4968`	`+ <entry><function>has_database_privilege</function>(<parameter>database</parameter>,`
	`4969`	`+ <parameter>access</parameter>)`
	`4970`	`+ </entry>`
	`4971`	`+ <entry><type>boolean</type></entry>`
	`4972`	`+ <entry>does current user have access to database</entry>`
	`4973`	`+ </row>`
	`4974`	`+ <row>`
	`4975`	`+ <entry><function>has_function_privilege</function>(<parameter>user</parameter>,`
	`4976`	`+ <parameter>function</parameter>,`
	`4977`	`+ <parameter>access</parameter>)`
	`4978`	`+ </entry>`
	`4979`	`+ <entry><type>boolean</type></entry>`
	`4980`	`+ <entry>does user have access to function</entry>`
	`4981`	`+ </row>`
	`4982`	`+ <row>`
	`4983`	`+ <entry><function>has_function_privilege</function>(<parameter>function</parameter>,`
	`4984`	`+ <parameter>access</parameter>)`
	`4985`	`+ </entry>`
	`4986`	`+ <entry><type>boolean</type></entry>`
	`4987`	`+ <entry>does current user have access to function</entry>`
	`4988`	`+ </row>`
	`4989`	`+ <row>`
	`4990`	`+ <entry><function>has_language_privilege</function>(<parameter>user</parameter>,`
	`4991`	`+ <parameter>language</parameter>,`
	`4992`	`+ <parameter>access</parameter>)`
	`4993`	`+ </entry>`
	`4994`	`+ <entry><type>boolean</type></entry>`
	`4995`	`+ <entry>does user have access to language</entry>`
	`4996`	`+ </row>`
	`4997`	`+ <row>`
	`4998`	`+ <entry><function>has_language_privilege</function>(<parameter>language</parameter>,`
	`4999`	`+ <parameter>access</parameter>)`
	`5000`	`+ </entry>`
	`5001`	`+ <entry><type>boolean</type></entry>`
	`5002`	`+ <entry>does current user have access to language</entry>`
	`5003`	`+ </row>`
	`5004`	`+ <row>`
	`5005`	`+ <entry><function>has_schema_privilege</function>(<parameter>user</parameter>,`
	`5006`	`+ <parameter>schema</parameter>,`
	`5007`	`+ <parameter>access</parameter>)`
	`5008`	`+ </entry>`
	`5009`	`+ <entry><type>boolean</type></entry>`
	`5010`	`+ <entry>does user have access to schema</entry>`
	`5011`	`+ </row>`
	`5012`	`+ <row>`
	`5013`	`+ <entry><function>has_schema_privilege</function>(<parameter>schema</parameter>,`
	`5014`	`+ <parameter>access</parameter>)`
	`5015`	`+ </entry>`
	`5016`	`+ <entry><type>boolean</type></entry>`
	`5017`	`+ <entry>does current user have access to schema</entry>`
	`5018`	`+ </row>`
`5005`	`5019`	`</tbody>`
`5006`	`5020`	`</tgroup>`
`5007`	`5021`	`</table>`
`5008`	`5022`
`5009`	`5023`	`<indexterm zone="functions-misc">`
`5010`	`5024`	`<primary>has_table_privilege</primary>`
`5011`	`5025`	`</indexterm>`
	`5026`	`+ <indexterm zone="functions-misc">`
	`5027`	`+ <primary>has_database_privilege</primary>`
	`5028`	`+ </indexterm>`
	`5029`	`+ <indexterm zone="functions-misc">`
	`5030`	`+ <primary>has_function_privilege</primary>`
	`5031`	`+ </indexterm>`
	`5032`	`+ <indexterm zone="functions-misc">`
	`5033`	`+ <primary>has_language_privilege</primary>`
	`5034`	`+ </indexterm>`
	`5035`	`+ <indexterm zone="functions-misc">`
	`5036`	`+ <primary>has_schema_privilege</primary>`
	`5037`	`+ </indexterm>`
`5012`	`5038`
`5013`	`5039`	`<para>`
`5014`		`- <function>has_table_privilege</function>determines whether a user`
	`5040`	`+ <function>has_table_privilege</function>checks whether a user`
`5015`	`5041`	`can access a table in a particular way. The user can be`
`5016`	`5042`	`specified by name or by ID`
`5017`	`5043`	`(<classname>pg_user</classname>.<structfield>usesysid</structfield>), or if the argument is`
`@@ -5032,6 +5058,140 @@ SELECT has_table_privilege('myschema.mytable', 'select');`
`5032`	`5058`	`</programlisting>`
`5033`	`5059`	`</para>`
`5034`	`5060`
	`5061`	`+ <para>`
	`5062`	`+ <function>has_database_privilege</function> checks whether a user`
	`5063`	`+ can access a database in a particular way. The possibilities for its`
	`5064`	`+ arguments are analogous to <function>has_table_privilege</function>.`
	`5065`	`+ The desired access type must evaluate to`
	`5066`	`+ <literal>CREATE</literal>,`
	`5067`	`+ <literal>TEMPORARY</literal>, or`
	`5068`	`+ <literal>TEMP</literal> (which is equivalent to`
	`5069`	`+ <literal>TEMPORARY</literal>).`
	`5070`	`+ </para>`
	`5071`	`+`
	`5072`	`+ <para>`
	`5073`	`+ <function>has_function_privilege</function> checks whether a user`
	`5074`	`+ can access a function in a particular way. The possibilities for its`
	`5075`	`+ arguments are analogous to <function>has_table_privilege</function>.`
	`5076`	`+ When specifying a function by a text string rather than by OID,`
	`5077`	`+ the allowed input is the same as for the <type>regprocedure</> datatype.`
	`5078`	`+ The desired access type must currently evaluate to`
	`5079`	`+ <literal>EXECUTE</literal>.`
	`5080`	`+ </para>`
	`5081`	`+`
	`5082`	`+ <para>`
	`5083`	`+ <function>has_language_privilege</function> checks whether a user`
	`5084`	`+ can access a procedural language in a particular way. The possibilities`
	`5085`	`+ for its arguments are analogous to <function>has_table_privilege</function>.`
	`5086`	`+ The desired access type must currently evaluate to`
	`5087`	`+ <literal>USAGE</literal>.`
	`5088`	`+ </para>`
	`5089`	`+`
	`5090`	`+ <para>`
	`5091`	`+ <function>has_schema_privilege</function> checks whether a user`
	`5092`	`+ can access a schema in a particular way. The possibilities for its`
	`5093`	`+ arguments are analogous to <function>has_table_privilege</function>.`
	`5094`	`+ The desired access type must evaluate to`
	`5095`	`+ <literal>CREATE</literal> or`
	`5096`	`+ <literal>USAGE</literal>.`
	`5097`	`+ </para>`
	`5098`	`+`
	`5099`	`+ <table>`
	`5100`	`+ <title>Schema Visibility Inquiry Functions</title>`
	`5101`	`+ <tgroup cols="3">`
	`5102`	`+ <thead>`
	`5103`	`+ <row><entry>Name</entry> <entry>Return Type</entry> <entry>Description</entry></row>`
	`5104`	`+ </thead>`
	`5105`	`+`
	`5106`	`+ <tbody>`
	`5107`	`+ <row>`
	`5108`	`+ <entry><function>pg_table_is_visible</function>(<parameter>tableOID</parameter>)`
	`5109`	`+ </entry>`
	`5110`	`+ <entry><type>boolean</type></entry>`
	`5111`	`+ <entry>is table visible in search path</entry>`
	`5112`	`+ </row>`
	`5113`	`+ <row>`
	`5114`	`+ <entry><function>pg_type_is_visible</function>(<parameter>typeOID</parameter>)`
	`5115`	`+ </entry>`
	`5116`	`+ <entry><type>boolean</type></entry>`
	`5117`	`+ <entry>is type visible in search path</entry>`
	`5118`	`+ </row>`
	`5119`	`+ <row>`
	`5120`	`+ <entry><function>pg_function_is_visible</function>(<parameter>functionOID</parameter>)`
	`5121`	`+ </entry>`
	`5122`	`+ <entry><type>boolean</type></entry>`
	`5123`	`+ <entry>is function visible in search path</entry>`
	`5124`	`+ </row>`
	`5125`	`+ <row>`
	`5126`	`+ <entry><function>pg_operator_is_visible</function>(<parameter>operatorOID</parameter>)`
	`5127`	`+ </entry>`
	`5128`	`+ <entry><type>boolean</type></entry>`
	`5129`	`+ <entry>is operator visible in search path</entry>`
	`5130`	`+ </row>`
	`5131`	`+ <row>`
	`5132`	`+ <entry><function>pg_opclass_is_visible</function>(<parameter>opclassOID</parameter>)`
	`5133`	`+ </entry>`
	`5134`	`+ <entry><type>boolean</type></entry>`
	`5135`	`+ <entry>is operator class visible in search path</entry>`
	`5136`	`+ </row>`
	`5137`	`+ </tbody>`
	`5138`	`+ </tgroup>`
	`5139`	`+ </table>`
	`5140`	`+`
	`5141`	`+ <indexterm zone="functions-misc">`
	`5142`	`+ <primary>pg_table_is_visible</primary>`
	`5143`	`+ </indexterm>`
	`5144`	`+ <indexterm zone="functions-misc">`
	`5145`	`+ <primary>pg_type_is_visible</primary>`
	`5146`	`+ </indexterm>`
	`5147`	`+ <indexterm zone="functions-misc">`
	`5148`	`+ <primary>pg_function_is_visible</primary>`
	`5149`	`+ </indexterm>`
	`5150`	`+ <indexterm zone="functions-misc">`
	`5151`	`+ <primary>pg_operator_is_visible</primary>`
	`5152`	`+ </indexterm>`
	`5153`	`+ <indexterm zone="functions-misc">`
	`5154`	`+ <primary>pg_opclass_is_visible</primary>`
	`5155`	`+ </indexterm>`
	`5156`	`+`
	`5157`	`+ <para>`
	`5158`	`+ <function>pg_table_is_visible</function> checks whether a table`
	`5159`	`+ (or view, or any other kind of <structname>pg_class</> entry) is`
	`5160`	`+ <firstterm>visible</> in the current schema search path. A table`
	`5161`	`+ is said to be visible if its containing schema is in the search path`
	`5162`	`+ and no table of the same name appears earlier in the search path.`
	`5163`	`+ This is equivalent to the statement that the table can be referenced`
	`5164`	`+ by name without explicit schema qualification.`
	`5165`	`+ For example, to list the names of all visible tables:`
	`5166`	`+<programlisting>`
	`5167`	`+SELECT relname FROM pg_class WHERE pg_table_is_visible(oid);`
	`5168`	`+</programlisting>`
	`5169`	`+ </para>`
	`5170`	`+`
	`5171`	`+ <para>`
	`5172`	`+ <function>pg_type_is_visible</function>,`
	`5173`	`+ <function>pg_function_is_visible</function>,`
	`5174`	`+ <function>pg_operator_is_visible</function>, and`
	`5175`	`+ <function>pg_opclass_is_visible</function> perform the same sort of`
	`5176`	`+ visibility check for types, functions, operators, and operator classes,`
	`5177`	`+ respectively. For functions and operators, an object in the search path`
	`5178`	`+ is visible if there is no object of the same name <emphasis>and argument`
	`5179`	`+ datatype(s)</> earlier in the path. For operator classes,`
	`5180`	`+ both name and associated index access method are considered.`
	`5181`	`+ </para>`
	`5182`	`+`
	`5183`	`+ <para>`
	`5184`	`+ All these functions require object OIDs to identify the object to be`
	`5185`	`+ checked. If you want to test an object by name, it is convenient to use`
	`5186`	`+ the OID alias types (<type>regclass</>, <type>regtype</>,`
	`5187`	`+ <type>regprocedure</>, or <type>regoperator</>), for example`
	`5188`	`+<programlisting>`
	`5189`	`+SELECT pg_type_is_visible('myschema.widget'::regtype);`
	`5190`	`+</programlisting>`
	`5191`	`+ Note that it would not make much sense to test an unqualified name in`
	`5192`	`+ this way --- if the name can be recognized at all, it must be visible.`
	`5193`	`+ </para>`
	`5194`	`+`
`5035`	`5195`	`<table>`
`5036`	`5196`	`<title>Catalog Information Functions</title>`
`5037`	`5197`	`<tgroup cols="3">`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit4ab8e69

File tree

12 files changed

12 files changed

`‎contrib/dbsize/dbsize.c`

`‎doc/src/sgml/func.sgml`

0 commit comments