NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit4d43d5d

committed

Ignore tablespace ACLs when ignoring schema ACLs.

The ALTER TABLE ALTER TYPE implementation can issue DROP INDEX andCREATE INDEX to refit existing indexes for the new column type. Sincethis CREATE INDEX is an implementation detail of an index alteration,the ensuing DefineIndex() should skip ACL checks specific to indexcreation. It already skips the namespace ACL check. Make it skip thetablespace ACL check, too. Back-patch to 9.2 (all supported versions).Reviewed by Tom Lane.

1 parentfc96a5f commit4d43d5dCopy full SHA for 4d43d5d

File tree

3 files changed

+20

-5

lines changed

src
- backend/commands
  - indexcmds.c
- test/regress
  - input
    - tablespace.source
  - output
    - tablespace.source

3 files changed

+20

-5

lines changed

`‎src/backend/commands/indexcmds.c`

Lines changed: 5 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -292,8 +292,8 @@ CheckIndexCompatible(Oid oldId,`
`292`	`292`	`* 'indexRelationId': normally InvalidOid, but during bootstrap can be`
`293`	`293`	`*nonzero to specify a preselected OID for the index.`
`294`	`294`	`* 'is_alter_table': this is due to an ALTER rather than a CREATE operation.`
`295`		`- * 'check_rights': check for CREATE rights inthenamespace. (This should`
`296`		`- *be true except when ALTER is deleting/recreating an index.)`
	`295`	`+ * 'check_rights': check for CREATE rights in namespace and tablespace. (This`
	`296`	`+ *shouldbe true except when ALTER is deleting/recreating an index.)`
`297`	`297`	`* 'skip_build': make the catalog entries but leave the index file empty;`
`298`	`298`	`*it will be filled later.`
`299`	`299`	`* 'quiet': suppress the NOTICE chatter ordinarily provided for constraints.`
`@@ -429,8 +429,9 @@ DefineIndex(Oid relationId,`
`429`	`429`	`/* note InvalidOid is OK in this case */`
`430`	`430`	`}`
`431`	`431`
`432`		`-/* Check permissions except when using database's default */`
`433`		`-if (OidIsValid(tablespaceId)&&tablespaceId!=MyDatabaseTableSpace)`
	`432`	`+/* Check tablespace permissions */`
	`433`	`+if (check_rights&&`
	`434`	`+OidIsValid(tablespaceId)&&tablespaceId!=MyDatabaseTableSpace)`
`434`	`435`	`{`
`435`	`436`	`AclResultaclresult;`
`436`	`437`

`‎src/test/regress/input/tablespace.source`

Lines changed: 7 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -97,11 +97,18 @@ DROP TABLESPACE regress_tblspace;`
`97`	`97`
`98`	`98`	`CREATE ROLE regress_tablespace_user1 login;`
`99`	`99`	`CREATE ROLE regress_tablespace_user2 login;`
	`100`	`+GRANT USAGE ON SCHEMA testschema TO regress_tablespace_user2;`
`100`	`101`
`101`	`102`	`ALTER TABLESPACE regress_tblspace OWNER TO regress_tablespace_user1;`
`102`	`103`
	`104`	`+CREATE TABLE testschema.tablespace_acl (c int);`
	`105`	`+-- new owner lacks permission to create this index from scratch`
	`106`	`+CREATE INDEX k ON testschema.tablespace_acl (c) TABLESPACE regress_tblspace;`
	`107`	`+ALTER TABLE testschema.tablespace_acl OWNER TO regress_tablespace_user2;`
	`108`	`+`
`103`	`109`	`SET SESSION ROLE regress_tablespace_user2;`
`104`	`110`	`CREATE TABLE tablespace_table (i int) TABLESPACE regress_tblspace; -- fail`
	`111`	`+ALTER TABLE testschema.tablespace_acl ALTER c TYPE bigint;`
`105`	`112`	`RESET ROLE;`
`106`	`113`
`107`	`114`	`ALTER TABLESPACE regress_tblspace RENAME TO regress_tblspace_renamed;`

`‎src/test/regress/output/tablespace.source`

Lines changed: 8 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -192,10 +192,16 @@ DROP TABLESPACE regress_tblspace;`
`192`	`192`	`ERROR: tablespace "regress_tblspace" is not empty`
`193`	`193`	`CREATE ROLE regress_tablespace_user1 login;`
`194`	`194`	`CREATE ROLE regress_tablespace_user2 login;`
	`195`	`+GRANT USAGE ON SCHEMA testschema TO regress_tablespace_user2;`
`195`	`196`	`ALTER TABLESPACE regress_tblspace OWNER TO regress_tablespace_user1;`
	`197`	`+CREATE TABLE testschema.tablespace_acl (c int);`
	`198`	`+-- new owner lacks permission to create this index from scratch`
	`199`	`+CREATE INDEX k ON testschema.tablespace_acl (c) TABLESPACE regress_tblspace;`
	`200`	`+ALTER TABLE testschema.tablespace_acl OWNER TO regress_tablespace_user2;`
`196`	`201`	`SET SESSION ROLE regress_tablespace_user2;`
`197`	`202`	`CREATE TABLE tablespace_table (i int) TABLESPACE regress_tblspace; -- fail`
`198`	`203`	`ERROR: permission denied for tablespace regress_tblspace`
	`204`	`+ALTER TABLE testschema.tablespace_acl ALTER c TYPE bigint;`
`199`	`205`	`RESET ROLE;`
`200`	`206`	`ALTER TABLESPACE regress_tblspace RENAME TO regress_tblspace_renamed;`
`201`	`207`	`ALTER TABLE ALL IN TABLESPACE regress_tblspace_renamed SET TABLESPACE pg_default;`
`@@ -206,10 +212,11 @@ NOTICE: no matching relations in tablespace "regress_tblspace_renamed" found`
`206`	`212`	`-- Should succeed`
`207`	`213`	`DROP TABLESPACE regress_tblspace_renamed;`
`208`	`214`	`DROP SCHEMA testschema CASCADE;`
`209`		`-NOTICE: drop cascades to4 other objects`
	`215`	`+NOTICE: drop cascades to5 other objects`
`210`	`216`	`DETAIL: drop cascades to table testschema.foo`
`211`	`217`	`drop cascades to table testschema.asselect`
`212`	`218`	`drop cascades to table testschema.asexecute`
`213`	`219`	`drop cascades to table testschema.atable`
	`220`	`+drop cascades to table testschema.tablespace_acl`
`214`	`221`	`DROP ROLE regress_tablespace_user1;`
`215`	`222`	`DROP ROLE regress_tablespace_user2;`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit4d43d5d

File tree

3 files changed

3 files changed

`‎src/backend/commands/indexcmds.c`

`‎src/test/regress/input/tablespace.source`

`‎src/test/regress/output/tablespace.source`

0 commit comments