Change the aclchk.c routines to uniformly use OIDs to identify the

objects to be privilege-checked. Some change in their APIs would be necessary no matter what in the schema environment, and simply getting rid of the name-based interface entirely seems like the best way.
author: Tom Lane 2002-03-21 23:27:25 +0000
committer: Tom Lane 2002-03-21 23:27:25 +0000
commit: 56c9b73c1d426c79a604df6d6f36293dd9f18754 (patch)
tree: e381610845e8693ec025af08f4ddc405247461d9 /src/backend/rewrite
parent: 6137ed1b591920d919e437fbf6e2ea07de44a883 (diff)
2 files changed, 26 insertions, 38 deletions
diff --git a/src/backend/rewrite/rewriteDefine.c b/src/backend/rewrite/rewriteDefine.c
index 0b47aa9c924..7e9f0fcfbb3 100644
--- a/src/backend/rewrite/rewriteDefine.c
+++ b/src/backend/rewrite/rewriteDefine.c
@@ -8,11 +8,10 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/rewrite/rewriteDefine.c,v 1.64 2002/03/21 16:01:16 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/rewrite/rewriteDefine.c,v 1.65 2002/03/21 23:27:23 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
-
 #include "postgres.h"
 
 #include "access/heapam.h"
@@ -27,6 +26,7 @@
 #include "rewrite/rewriteManip.h"
 #include "rewrite/rewriteSupport.h"
 #include "storage/smgr.h"
+#include "utils/acl.h"
 #include "utils/builtins.h"
 #include "utils/syscache.h"
 
@@ -127,6 +127,7 @@ DefineQueryRewrite(RuleStmt *stmt)
 			   *event_qualP;
 	List	   *l;
 	Query	   *query;
+	int32		aclcheck_result;
 	bool		RelisBecomingView = false;
 
 	/*
@@ -141,6 +142,15 @@ DefineQueryRewrite(RuleStmt *stmt)
 	ev_relid = RelationGetRelid(event_relation);
 
 	/*
+	 * Check user has permission to apply rules to this relation.
+	 */
+	aclcheck_result = pg_class_aclcheck(ev_relid, GetUserId(), ACL_RULE);
+	if (aclcheck_result != ACLCHECK_OK)
+		elog(ERROR, "%s: %s",
+			 RelationGetRelationName(event_relation),
+			 aclcheck_error_strings[aclcheck_result]);
+
+	/*
 	 * No rule actions that modify OLD or NEW
 	 */
 	foreach(l, action)
diff --git a/src/backend/rewrite/rewriteRemove.c b/src/backend/rewrite/rewriteRemove.c
index 92326d93b6d..6d251b78343 100644
--- a/src/backend/rewrite/rewriteRemove.c
+++ b/src/backend/rewrite/rewriteRemove.c
@@ -8,12 +8,10 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/rewrite/rewriteRemove.c,v 1.45 2001/08/10 18:57:37 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/rewrite/rewriteRemove.c,v 1.46 2002/03/21 23:27:23 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
-
-
 #include "postgres.h"
 
 #include "utils/builtins.h"
@@ -21,41 +19,13 @@
 #include "catalog/catname.h"
 #include "catalog/pg_rewrite.h"
 #include "commands/comment.h"
+#include "miscadmin.h"
 #include "rewrite/rewriteRemove.h"
 #include "rewrite/rewriteSupport.h"
+#include "utils/acl.h"
 #include "utils/fmgroids.h"
 #include "utils/syscache.h"
 
-/*-----------------------------------------------------------------------
- * RewriteGetRuleEventRel
- *-----------------------------------------------------------------------
- */
-char *
-RewriteGetRuleEventRel(char *rulename)
-{
-	HeapTuple	htup;
-	Oid			eventrel;
-	char	   *result;
-
-	htup = SearchSysCache(RULENAME,
-						  PointerGetDatum(rulename),
-						  0, 0, 0);
-	if (!HeapTupleIsValid(htup))
-		elog(ERROR, "Rule or view \"%s\" not found",
-			 ((strncmp(rulename, "_RET", 4) == 0) ? (rulename + 4) : rulename));
-	eventrel = ((Form_pg_rewrite) GETSTRUCT(htup))->ev_class;
-	ReleaseSysCache(htup);
-
-	htup = SearchSysCache(RELOID,
-						  PointerGetDatum(eventrel),
-						  0, 0, 0);
-	if (!HeapTupleIsValid(htup))
-		elog(ERROR, "Relation %u not found", eventrel);
-
-	result = pstrdup(NameStr(((Form_pg_class) GETSTRUCT(htup))->relname));
-	ReleaseSysCache(htup);
-	return result;
-}
 
 /*
  * RemoveRewriteRule
@@ -71,6 +41,7 @@ RemoveRewriteRule(char *ruleName)
 	Oid			ruleId;
 	Oid			eventRelationOid;
 	bool		hasMoreRules;
+	int32		aclcheck_result;
 
 	/*
 	 * Open the pg_rewrite relation.
@@ -88,10 +59,7 @@ RemoveRewriteRule(char *ruleName)
 	 * complain if no rule with such name existed
 	 */
 	if (!HeapTupleIsValid(tuple))
-	{
-		heap_close(RewriteRelation, RowExclusiveLock);
 		elog(ERROR, "Rule \"%s\" not found", ruleName);
-	}
 
 	/*
 	 * Save the OID of the rule (i.e. the tuple's OID) and the event
@@ -108,6 +76,16 @@ RemoveRewriteRule(char *ruleName)
 	 */
 	event_relation = heap_open(eventRelationOid, AccessExclusiveLock);
 
+	/*
+	 * Verify user has appropriate permissions.
+	 */
+	aclcheck_result = pg_class_aclcheck(eventRelationOid, GetUserId(),
+										ACL_RULE);
+	if (aclcheck_result != ACLCHECK_OK)
+		elog(ERROR, "%s: %s",
+			 RelationGetRelationName(event_relation),
+			 aclcheck_error_strings[aclcheck_result]);
+
 	/* do not allow the removal of a view's SELECT rule */
 	if (event_relation->rd_rel->relkind == RELKIND_VIEW &&
 		((Form_pg_rewrite) GETSTRUCT(tuple))->ev_type == '1')
author	Tom Lane	2002-03-21 23:27:25 +0000
committer	Tom Lane	2002-03-21 23:27:25 +0000
commit	56c9b73c1d426c79a604df6d6f36293dd9f18754 (patch)
tree	e381610845e8693ec025af08f4ddc405247461d9 /src/backend/rewrite
parent	6137ed1b591920d919e437fbf6e2ea07de44a883 (diff)