Grant options, and cascading revoke. Grant options are allowed only for

users right now, not groups.  Extension of has_foo_privileges functions to
query the grant options.  Extension of aclitem type to store grantor.

4 files changed, 33 insertions, 26 deletions

diff --git a/src/include/catalog/catversion.h b/src/include/catalog/catversion.h
index 9e62bd4793c..b679fdb5ddc 100644
--- a/src/include/catalog/catversion.h
+++ b/src/include/catalog/catversion.h
@@ -1,10 +1,10 @@
 /*-------------------------------------------------------------------------
  *
  * catversion.h
- *	  "Catalog version number" for Postgres.
+ *	  "Catalog version number" for PostgreSQL.
  *
  * The catalog version number is used to flag incompatible changes in
- * the Postgres system catalogs.  Whenever anyone changes the format of
+ * the PostgreSQL system catalogs.  Whenever anyone changes the format of
  * a system catalog relation, or adds, deletes, or modifies standard
  * catalog entries in such a way that an updated backend wouldn't work
  * with an old database (or vice versa), the catalog version number
@@ -37,7 +37,7 @@
  * Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Id: catversion.h,v 1.172 2003/01/10 21:08:15 tgl Exp $
+ * $Id: catversion.h,v 1.173 2003/01/23 23:39:04 petere Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -53,6 +53,6 @@
  */
 
 /*							yyyymmddN */
-#define CATALOG_VERSION_NO	200301101
+#define CATALOG_VERSION_NO	200301241
 
 #endif
diff --git a/src/include/catalog/pg_type.h b/src/include/catalog/pg_type.h
index fa19d84508a..886cc8b095c 100644
--- a/src/include/catalog/pg_type.h
+++ b/src/include/catalog/pg_type.h
@@ -8,7 +8,7 @@
  * Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Id: pg_type.h,v 1.138 2003/01/08 21:40:39 tgl Exp $
+ * $Id: pg_type.h,v 1.139 2003/01/23 23:39:06 petere Exp $
  *
  * NOTES
  *	  the genbki.sh script reads this file and generates .bki
@@ -412,7 +412,7 @@ DATA(insert OID = 1023 (  _abstime	 PGNSP PGUID -1 f b t \054 0 702 array_in arr
 DATA(insert OID = 1024 (  _reltime	 PGNSP PGUID -1 f b t \054 0 703 array_in array_out i x f 0 -1 0 _null_ _null_ ));
 DATA(insert OID = 1025 (  _tinterval PGNSP PGUID -1 f b t \054 0 704 array_in array_out i x f 0 -1 0 _null_ _null_ ));
 DATA(insert OID = 1027 (  _polygon	 PGNSP PGUID -1 f b t \054 0 604 array_in array_out d x f 0 -1 0 _null_ _null_ ));
-DATA(insert OID = 1033 (  aclitem	 PGNSP PGUID  8 f b t \054 0 0 aclitemin aclitemout i p f 0 -1 0 _null_ _null_ ));
+DATA(insert OID = 1033 (  aclitem	 PGNSP PGUID 12 f b t \054 0 0 aclitemin aclitemout i p f 0 -1 0 _null_ _null_ ));
 DESCR("access control list");
 #define ACLITEMOID		1033
 DATA(insert OID = 1034 (  _aclitem	 PGNSP PGUID -1 f b t \054 0 1033 array_in array_out i x f 0 -1 0 _null_ _null_ ));
diff --git a/src/include/nodes/parsenodes.h b/src/include/nodes/parsenodes.h
index 9bbee593bf4..f6709737d6e 100644
--- a/src/include/nodes/parsenodes.h
+++ b/src/include/nodes/parsenodes.h
@@ -7,7 +7,7 @@
  * Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Id: parsenodes.h,v 1.226 2003/01/20 18:55:00 tgl Exp $
+ * $Id: parsenodes.h,v 1.227 2003/01/23 23:39:07 petere Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -750,7 +750,7 @@ typedef enum GrantObjectType
 
 /*
  * Grantable rights are encoded so that we can OR them together in a bitmask.
- * The present representation of AclItem limits us to 30 distinct rights.
+ * The present representation of AclItem limits us to 15 distinct rights.
  * Caution: changing these codes breaks stored ACLs, hence forces initdb.
  */
 #define ACL_INSERT		(1<<0)	/* for relations */
@@ -778,6 +778,8 @@ typedef struct GrantStmt
 								 * strings) */
 	List	   *privileges;		/* integer list of privilege codes */
 	List	   *grantees;		/* list of PrivGrantee nodes */
+	bool		grant_option;	/* grant or revoke grant option */
+	DropBehavior behavior;		/* drop behavior (for REVOKE) */
 } GrantStmt;
 
 typedef struct PrivGrantee
diff --git a/src/include/utils/acl.h b/src/include/utils/acl.h
index ac86a86855d..871ed680f50 100644
--- a/src/include/utils/acl.h
+++ b/src/include/utils/acl.h
@@ -7,7 +7,7 @@
  * Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Id: acl.h,v 1.50 2003/01/09 18:00:24 tgl Exp $
+ * $Id: acl.h,v 1.51 2003/01/23 23:39:07 petere Exp $
  *
  * NOTES
  *	  For backward-compatibility purposes we have to allow there
@@ -50,27 +50,37 @@ typedef uint32 AclMode;
  */
 typedef struct AclItem
 {
-	AclId		ai_id;			/* ID that this item applies to */
+	AclId		ai_grantee;		/* ID that this item applies to */
+	AclId		ai_grantor;
 	AclMode		ai_privs;		/* AclIdType plus privilege bits */
 } AclItem;
 
 /*
- * The AclIdType is stored in the top two bits of the ai_privs field of an
- * AclItem, leaving us with thirty usable privilege bits.
+ * The AclIdType is stored in the top two bits of the ai_privs field
+ * of an AclItem.  The middle 15 bits are the grant option markers,
+ * and the lower 15 bits are the actual privileges.
  */
-#define ACLITEM_GET_PRIVS(item)   ((item).ai_privs & 0x3FFFFFFF)
-#define ACLITEM_GET_IDTYPE(item)  ((item).ai_privs >> 30)
-#define ACLITEM_SET_PRIVS_IDTYPE(item,privs,idtype) \
-  ((item).ai_privs = ((privs) & 0x3FFFFFFF) | ((idtype) << 30))
+#define ACLITEM_GET_PRIVS(item)    ((item).ai_privs & 0x7FFF)
+#define ACLITEM_GET_GOPTIONS(item) (((item).ai_privs >> 15)  & 0x7FFF) 
+#define ACLITEM_GET_IDTYPE(item)   ((item).ai_privs >> 30)
+
+#define ACL_GRANT_OPTION_FOR(privs) (((privs) & 0x7FFF) << 15)
+
+#define ACLITEM_SET_PRIVS(item,privs) \
+  ((item).ai_privs = (ACLITEM_GET_IDTYPE(item)<<30) | (ACLITEM_GET_GOPTIONS(item)<<15) | ((privs) & 0x7FFF))
+#define ACLITEM_SET_GOPTIONS(item,goptions) \
+  ((item).ai_privs = (ACLITEM_GET_IDTYPE(item)<<30) | (((goptions) & 0x7FFF) << 15) | ACLITEM_GET_PRIVS(item))
+#define ACLITEM_SET_PRIVS_IDTYPE(item,privs,goption,idtype) \
+  ((item).ai_privs = ((privs) & 0x7FFF) |(((goption) & 0x7FFF) << 15) | ((idtype) << 30))
 
 
 /*
  * Definitions for convenient access to Acl (array of AclItem) and IdList
- * (array of AclId).  These are standard Postgres arrays, but are restricted
+ * (array of AclId).  These are standard PostgreSQL arrays, but are restricted
  * to have one dimension.  We also ignore the lower bound when reading,
  * and set it to zero when writing.
  *
- * CAUTION: as of Postgres 7.1, these arrays are toastable (just like all
+ * CAUTION: as of PostgreSQL 7.1, these arrays are toastable (just like all
  * other array types).	Therefore, be careful to detoast them with the
  * macros provided, unless you know for certain that a particular array
  * can't have been toasted.  Presently, we do not provide toast tables for
@@ -80,7 +90,7 @@ typedef struct AclItem
 
 
 /*
- * Acl			a one-dimensional POSTGRES array of AclItem
+ * Acl			a one-dimensional array of AclItem
  */
 typedef ArrayType Acl;
 
@@ -90,7 +100,7 @@ typedef ArrayType Acl;
 #define ACL_SIZE(ACL)			ARR_SIZE(ACL)
 
 /*
- * IdList		a one-dimensional POSTGRES array of AclId
+ * IdList		a one-dimensional array of AclId
  */
 typedef ArrayType IdList;
 
@@ -126,11 +136,6 @@ typedef ArrayType IdList;
 #define ACL_MODECHG_DEL			2
 #define ACL_MODECHG_EQL			3
 
-/* external representation of mode indicators for I/O */
-#define ACL_MODECHG_ADD_CHR		'+'
-#define ACL_MODECHG_DEL_CHR		'-'
-#define ACL_MODECHG_EQL_CHR		'='
-
 /*
  * External representations of the privilege bits --- aclitemin/aclitemout
  * represent each possible privilege bit with a distinct 1-character code
@@ -173,7 +178,7 @@ typedef enum
  */
 extern Acl *acldefault(GrantObjectType objtype, AclId ownerid);
 extern Acl *aclinsert3(const Acl *old_acl, const AclItem *mod_aip,
-		   unsigned modechg);
+					   unsigned modechg, DropBehavior behavior);
 
 /*
  * SQL functions (from acl.c)