sepgsql: Enforce db_schema:search permission.

KaiGai Kohei, with comment and doc wordsmithing by me
author: Robert Haas 2013-04-05 12:51:31 +0000
committer: Robert Haas 2013-04-05 12:51:31 +0000
commit: e965e6344cfaff0708a032721b56f61eea777bc5 (patch)
tree: 51f5e7f7c97fd7a27779407663130fcc29978022 /contrib/sepgsql/hooks.c
parent: 52f436b807b0d02203ea6be19bafa56e4e1381e8 (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/contrib/sepgsql/hooks.c b/contrib/sepgsql/hooks.c
index 0715aa8bc6e..5faa1ea797f 100644
--- a/contrib/sepgsql/hooks.c
+++ b/contrib/sepgsql/hooks.c
@@ -236,6 +236,25 @@ sepgsql_object_access(ObjectAccessType access,
 			}
 			break;
 
+		case OAT_NAMESPACE_SEARCH:
+			{
+				ObjectAccessNamespaceSearch   *ns_arg = arg;
+
+				/*
+				 * If stacked extension already decided not to allow users
+				 * to search this schema, we just stick with that decision.
+				 */
+				if (!ns_arg->result)
+					break;
+
+				Assert(classId == NamespaceRelationId);
+				Assert(ns_arg->result);
+				ns_arg->result
+					= sepgsql_schema_search(objectId,
+											ns_arg->ereport_on_violation);
+			}
+			break;
+
 		default:
 			elog(ERROR, "unexpected object access type: %d", (int) access);
 			break;
author	Robert Haas	2013-04-05 12:51:31 +0000
committer	Robert Haas	2013-04-05 12:51:31 +0000
commit	e965e6344cfaff0708a032721b56f61eea777bc5 (patch)
tree	51f5e7f7c97fd7a27779407663130fcc29978022 /contrib/sepgsql/hooks.c
parent	52f436b807b0d02203ea6be19bafa56e4e1381e8 (diff)