Reduce the permissions check needed to use pgrowlocks() to having

SELECT on the target table.  Per discussion.

diff --git a/contrib/pgrowlocks/pgrowlocks.c b/contrib/pgrowlocks/pgrowlocks.c
index 73dea0c4a56188f546dceec3bc0eb574fdc0a4fe..aaa132fbc4752a540bb94a687b675801c47b0dc5 100644 (file)
--- a/contrib/pgrowlocks/pgrowlocks.c
+++ b/contrib/pgrowlocks/pgrowlocks.c
@@ -1,5 +1,5 @@
 /*
- * $PostgreSQL: pgsql/contrib/pgrowlocks/pgrowlocks.c,v 1.6 2007/08/27 00:13:51 tgl Exp $
+ * $PostgreSQL: pgsql/contrib/pgrowlocks/pgrowlocks.c,v 1.7 2007/08/28 22:59:30 tgl Exp $
  *
  * Copyright (c) 2005-2006 Tatsuo Ishii
  *
@@ -31,6 +31,7 @@
 #include "funcapi.h"
 #include "miscadmin.h"
 #include "storage/procarray.h"
+#include "utils/acl.h"
 #include "utils/builtins.h"
 
 
@@ -67,16 +68,12 @@ pgrowlocks(PG_FUNCTION_ARGS)
    MyData     *mydata;
    Relation    rel;
 
-   if (!superuser())
-       ereport(ERROR,
-               (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
-                (errmsg("must be superuser to use pgrowlocks"))));
-
    if (SRF_IS_FIRSTCALL())
    {
        text       *relname;
        RangeVar   *relrv;
        MemoryContext oldcontext;
+       AclResult   aclresult;
 
        funcctx = SRF_FIRSTCALL_INIT();
        oldcontext = MemoryContextSwitchTo(funcctx->multi_call_memory_ctx);
@@ -92,6 +89,13 @@ pgrowlocks(PG_FUNCTION_ARGS)
        relrv = makeRangeVarFromNameList(textToQualifiedNameList(relname));
        rel = heap_openrv(relrv, AccessShareLock);
 
+       /* check permissions: must have SELECT on table */
+       aclresult = pg_class_aclcheck(RelationGetRelid(rel), GetUserId(),
+                                     ACL_SELECT);
+       if (aclresult != ACLCHECK_OK)
+           aclcheck_error(aclresult, ACL_KIND_CLASS,
+                          RelationGetRelationName(rel));
+
        scan = heap_beginscan(rel, SnapshotNow, 0, NULL);
        mydata = palloc(sizeof(*mydata));
        mydata->rel = rel;