Reduce the permissions check needed to use pgrowlocks() to having
SELECT on the target table. Per discussion.
This commit is contained in:
Tom Lane
parent
24d4517b3b
commit
89fefd9416
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* $PostgreSQL: pgsql/contrib/pgrowlocks/pgrowlocks.c,v 1.6 2007/08/27 00:13:51 tgl Exp $
|
||||
* $PostgreSQL: pgsql/contrib/pgrowlocks/pgrowlocks.c,v 1.7 2007/08/28 22:59:30 tgl Exp $
|
||||
*
|
||||
* Copyright (c) 2005-2006 Tatsuo Ishii
|
||||
*
|
||||
|
|
@ -31,6 +31,7 @@
|
|||
#include "funcapi.h"
|
||||
#include "miscadmin.h"
|
||||
#include "storage/procarray.h"
|
||||
#include "utils/acl.h"
|
||||
#include "utils/builtins.h"
|
||||
|
||||
|
||||
|
|
@ -67,16 +68,12 @@ pgrowlocks(PG_FUNCTION_ARGS)
|
|||
MyData *mydata;
|
||||
Relation rel;
|
||||
|
||||
if (!superuser())
|
||||
ereport(ERROR,
|
||||
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
||||
(errmsg("must be superuser to use pgrowlocks"))));
|
||||
|
||||
if (SRF_IS_FIRSTCALL())
|
||||
{
|
||||
text *relname;
|
||||
RangeVar *relrv;
|
||||
MemoryContext oldcontext;
|
||||
AclResult aclresult;
|
||||
|
||||
funcctx = SRF_FIRSTCALL_INIT();
|
||||
oldcontext = MemoryContextSwitchTo(funcctx->multi_call_memory_ctx);
|
||||
|
|
@ -92,6 +89,13 @@ pgrowlocks(PG_FUNCTION_ARGS)
|
|||
relrv = makeRangeVarFromNameList(textToQualifiedNameList(relname));
|
||||
rel = heap_openrv(relrv, AccessShareLock);
|
||||
|
||||
/* check permissions: must have SELECT on table */
|
||||
aclresult = pg_class_aclcheck(RelationGetRelid(rel), GetUserId(),
|
||||
ACL_SELECT);
|
||||
if (aclresult != ACLCHECK_OK)
|
||||
aclcheck_error(aclresult, ACL_KIND_CLASS,
|
||||
RelationGetRelationName(rel));
|
||||
|
||||
scan = heap_beginscan(rel, SnapshotNow, 0, NULL);
|
||||
mydata = palloc(sizeof(*mydata));
|
||||
mydata->rel = rel;
|
||||
|
|
|
|||
Loading…
Reference in New Issue