Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit2ad0cf0

Browse files
committed
change default value of column 'enable_parent', small refactoring of function check_security_policy(), check_security_policy_internal() now takes role as parameter
1 parentf4e71de commit2ad0cf0

File tree

5 files changed

+31
-15
lines changed

5 files changed

+31
-15
lines changed

‎expected/pathman_permissions.out

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,8 @@ INSERT INTO permissions.user1_table SELECT g, g FROM generate_series(1, 20) as g
1717
SET ROLE user2;
1818
SELECT create_range_partitions('permissions.user1_table', 'id', 1, 10, 2);
1919
NOTICE: sequence "user1_table_seq" does not exist, skipping
20-
ERROR: only the owner or superuser can change partitioning configuration of table "user1_table"
20+
WARNING: only the owner or superuser can change partitioning configuration of table "user1_table"
21+
ERROR: new row violates row-level security policy for table "pathman_config"
2122
/* Should be ok */
2223
SET ROLE user1;
2324
SELECT create_range_partitions('permissions.user1_table', 'id', 1, 10, 2);
@@ -44,14 +45,16 @@ SELECT * FROM pathman_config_params;
4445
/* Should fail */
4546
SET ROLE user2;
4647
SELECT set_enable_parent('permissions.user1_table', true);
47-
ERROR: only the owner or superuser can change partitioning configuration of table "user1_table"
48+
WARNING: only the owner or superuser can change partitioning configuration of table "user1_table"
49+
ERROR: new row violates row-level security policy for table "pathman_config_params"
4850
SELECT set_auto('permissions.user1_table', false);
49-
ERROR: only the owner or superuser can change partitioning configuration of table "user1_table"
51+
WARNING: only the owner or superuser can change partitioning configuration of table "user1_table"
52+
ERROR: new row violates row-level security policy for table "pathman_config_params"
5053
/* Should fail */
5154
SET ROLE user2;
5255
DELETE FROM pathman_config
5356
WHERE partrel = 'permissions.user1_table'::regclass;
54-
ERROR: only the owner or superuser can change partitioning configuration of table "user1_table"
57+
WARNING: only the owner or superuser can change partitioning configuration of table "user1_table"
5558
/* No rights to insert, should fail */
5659
SET ROLE user2;
5760
INSERT INTO permissions.user1_table (id, a) VALUES (35, 0);

‎init.sql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ CREATE TABLE IF NOT EXISTS @extschema@.pathman_config (
3535
*/
3636
CREATETABLEIF NOT EXISTS @extschema@.pathman_config_params (
3737
partrelREGCLASSNOT NULLPRIMARY KEY,
38-
enable_parentBOOLEANNOT NULL DEFAULTTRUE,
38+
enable_parentBOOLEANNOT NULL DEFAULTFALSE,
3939
autoBOOLEANNOT NULL DEFAULT TRUE,
4040
init_callbackREGPROCEDURENOT NULL DEFAULT0
4141
);

‎src/pl_funcs.c

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -538,7 +538,7 @@ build_check_constraint_name_attname(PG_FUNCTION_ARGS)
538538
elog(ERROR,"Invalid relation %u",relid);
539539

540540
if (attnum==InvalidAttrNumber)
541-
elog(ERROR,"Relation \"%s\" has no column'%s'",
541+
elog(ERROR,"relation \"%s\" has no column\"%s\"",
542542
get_rel_name_or_relid(relid),text_to_cstring(attname));
543543

544544
result=build_check_constraint_name_internal(relid,attnum);
@@ -870,7 +870,19 @@ invoke_on_partition_created_callback(PG_FUNCTION_ARGS)
870870
Datum
871871
check_security_policy(PG_FUNCTION_ARGS)
872872
{
873-
PG_RETURN_BOOL(check_security_policy_internal(PG_GETARG_OID(0)));
873+
Oidrelid=PG_GETARG_OID(0);
874+
875+
if (!check_security_policy_internal(relid,GetUserId()))
876+
{
877+
elog(WARNING,"only the owner or superuser can change "
878+
"partitioning configuration of table \"%s\"",
879+
get_rel_name_or_relid(relid));
880+
881+
PG_RETURN_BOOL(false);
882+
}
883+
884+
/* Else return TRUE */
885+
PG_RETURN_BOOL(true);
874886
}
875887

876888

‎src/utils.c

Lines changed: 8 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -759,27 +759,28 @@ validate_on_part_init_cb(Oid procid, bool emit_error)
759759
* better to check user permissions in order to let other users participate.
760760
*/
761761
bool
762-
check_security_policy_internal(Oidrelid)
762+
check_security_policy_internal(Oidrelid,Oidrole)
763763
{
764-
Oidowner;
764+
Oidowner;
765765

766766
/* Superuser is allowed to do anything */
767767
if (superuser())
768768
return true;
769769

770+
/* Fetch the owner */
771+
owner=get_rel_owner(relid);
772+
770773
/*
771774
* Sometimes the relation doesn't exist anymore but there is still
772775
* a record in config. For instance, it happens in DDL event trigger.
773776
* Still we should be able to remove this record.
774777
*/
775-
if ((owner=get_rel_owner(relid))==InvalidOid)
778+
if (owner==InvalidOid)
776779
return true;
777780

778781
/* Check if current user is the owner of the relation */
779-
if (owner!=GetUserId())
780-
elog(ERROR,"only the owner or superuser can change "
781-
"partitioning configuration of table \"%s\"",
782-
get_rel_name_or_relid(relid));
782+
if (owner!=role)
783+
return false;
783784

784785
return true;
785786
}

‎src/utils.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -50,7 +50,7 @@ bool clause_contains_params(Node *clause);
5050
boolis_date_type_internal(Oidtypid);
5151
boolis_string_type_internal(Oidtypid);
5252
boolvalidate_on_part_init_cb(Oidprocid,boolemit_error);
53-
boolcheck_security_policy_internal(Oidrelid);
53+
boolcheck_security_policy_internal(Oidrelid,Oidrole);
5454

5555
/*
5656
* Misc.

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp