diff options
| author | Noah Misch | 2017-02-12 21:03:41 +0000 |
|---|---|---|
| committer | Noah Misch | 2017-02-12 21:03:41 +0000 |
| commit | f30f34e5897b64e0fb6616154c11dc9765866046 (patch) | |
| tree | a45690274d5f30ac229b36809ef16bb3ad27f7be /src/test | |
| parent | 2ea5b06c7a7056dca0af1610aadebe608fbcca08 (diff) | |
Ignore tablespace ACLs when ignoring schema ACLs.
The ALTER TABLE ALTER TYPE implementation can issue DROP INDEX and
CREATE INDEX to refit existing indexes for the new column type. Since
this CREATE INDEX is an implementation detail of an index alteration,
the ensuing DefineIndex() should skip ACL checks specific to index
creation. It already skips the namespace ACL check. Make it skip the
tablespace ACL check, too. Back-patch to 9.2 (all supported versions).
Reviewed by Tom Lane.
Diffstat (limited to 'src/test')
| -rw-r--r-- | src/test/regress/input/tablespace.source | 7 | ||||
| -rw-r--r-- | src/test/regress/output/tablespace.source | 9 |
2 files changed, 15 insertions, 1 deletions
diff --git a/src/test/regress/input/tablespace.source b/src/test/regress/input/tablespace.source index 743c4b982c..03a62bd760 100644 --- a/src/test/regress/input/tablespace.source +++ b/src/test/regress/input/tablespace.source @@ -109,11 +109,18 @@ DROP TABLESPACE regress_tblspace; CREATE ROLE regress_tablespace_user1 login; CREATE ROLE regress_tablespace_user2 login; +GRANT USAGE ON SCHEMA testschema TO regress_tablespace_user2; ALTER TABLESPACE regress_tblspace OWNER TO regress_tablespace_user1; +CREATE TABLE testschema.tablespace_acl (c int); +-- new owner lacks permission to create this index from scratch +CREATE INDEX k ON testschema.tablespace_acl (c) TABLESPACE regress_tblspace; +ALTER TABLE testschema.tablespace_acl OWNER TO regress_tablespace_user2; + SET SESSION ROLE regress_tablespace_user2; CREATE TABLE tablespace_table (i int) TABLESPACE regress_tblspace; -- fail +ALTER TABLE testschema.tablespace_acl ALTER c TYPE bigint; RESET ROLE; ALTER TABLESPACE regress_tblspace RENAME TO regress_tblspace_renamed; diff --git a/src/test/regress/output/tablespace.source b/src/test/regress/output/tablespace.source index 31f2ac0ebd..aaedf5f248 100644 --- a/src/test/regress/output/tablespace.source +++ b/src/test/regress/output/tablespace.source @@ -221,10 +221,16 @@ DROP TABLESPACE regress_tblspace; ERROR: tablespace "regress_tblspace" is not empty CREATE ROLE regress_tablespace_user1 login; CREATE ROLE regress_tablespace_user2 login; +GRANT USAGE ON SCHEMA testschema TO regress_tablespace_user2; ALTER TABLESPACE regress_tblspace OWNER TO regress_tablespace_user1; +CREATE TABLE testschema.tablespace_acl (c int); +-- new owner lacks permission to create this index from scratch +CREATE INDEX k ON testschema.tablespace_acl (c) TABLESPACE regress_tblspace; +ALTER TABLE testschema.tablespace_acl OWNER TO regress_tablespace_user2; SET SESSION ROLE regress_tablespace_user2; CREATE TABLE tablespace_table (i int) TABLESPACE regress_tblspace; -- fail ERROR: permission denied for tablespace regress_tblspace +ALTER TABLE testschema.tablespace_acl ALTER c TYPE bigint; RESET ROLE; ALTER TABLESPACE regress_tblspace RENAME TO regress_tblspace_renamed; ALTER TABLE ALL IN TABLESPACE regress_tblspace_renamed SET TABLESPACE pg_default; @@ -235,10 +241,11 @@ NOTICE: no matching relations in tablespace "regress_tblspace_renamed" found -- Should succeed DROP TABLESPACE regress_tblspace_renamed; DROP SCHEMA testschema CASCADE; -NOTICE: drop cascades to 4 other objects +NOTICE: drop cascades to 5 other objects DETAIL: drop cascades to table testschema.foo drop cascades to table testschema.asselect drop cascades to table testschema.asexecute drop cascades to table testschema.atable +drop cascades to table testschema.tablespace_acl DROP ROLE regress_tablespace_user1; DROP ROLE regress_tablespace_user2; |