diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2006-08-14 23:39:32 +0000 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2006-08-14 23:39:32 +0000 |
| commit | 58538a0ffc7259419d1ee82feed93a9bef4bf726 (patch) | |
| tree | 7e600a16059f12dc17b6de4ab152233e1d5ce6c7 /src | |
| parent | 65b2f93b587be67ea1d5e4d98a99599937aa7b19 (diff) | |
| download | postgresql-58538a0ffc7259419d1ee82feed93a9bef4bf726.tar.gz | |
Cause '*' and 'foo.*' notations to mark the referenced RTE(s) as
requiring read permissions. Up till now there was no possible case
in which the RTEs wouldn't already have ACL_SELECT set ... but now that
you can say something like 'INSERT INTO foo ... RETURNING *' this is
an essential step. With this commit, a RETURNING clause adds the
requirement for SELECT permissions on the target table if and only if
the clause actually reads the value of at least one target-table column.
Diffstat (limited to 'src')
| -rw-r--r-- | src/backend/parser/parse_clause.c | 7 | ||||
| -rw-r--r-- | src/backend/parser/parse_target.c | 8 |
2 files changed, 11 insertions, 4 deletions
diff --git a/src/backend/parser/parse_clause.c b/src/backend/parser/parse_clause.c index 021fb3fa55..70b6946d5f 100644 --- a/src/backend/parser/parse_clause.c +++ b/src/backend/parser/parse_clause.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/parser/parse_clause.c,v 1.156 2006/08/12 20:05:55 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/parser/parse_clause.c,v 1.157 2006/08/14 23:39:32 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -173,8 +173,9 @@ setTargetTable(ParseState *pstate, RangeVar *relation, * permissions. * * If we find an explicit reference to the rel later during parse - * analysis, scanRTEForColumn will add the ACL_SELECT bit back again. That - * can't happen for INSERT but it is possible for UPDATE and DELETE. + * analysis, we will add the ACL_SELECT bit back again; see + * scanRTEForColumn (for simple field references), ExpandColumnRefStar + * (for foo.*) and ExpandAllTables (for *). */ rte->requiredPerms = requiredPerms; diff --git a/src/backend/parser/parse_target.c b/src/backend/parser/parse_target.c index 9258acccfb..961e320543 100644 --- a/src/backend/parser/parse_target.c +++ b/src/backend/parser/parse_target.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/parser/parse_target.c,v 1.147 2006/08/02 01:59:47 joe Exp $ + * $PostgreSQL: pgsql/src/backend/parser/parse_target.c,v 1.148 2006/08/14 23:39:32 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -889,6 +889,9 @@ ExpandColumnRefStar(ParseState *pstate, ColumnRef *cref, rte = addImplicitRTE(pstate, makeRangeVar(schemaname, relname), cref->location); + /* Require read access --- see comments in setTargetTable() */ + rte->requiredPerms |= ACL_SELECT; + rtindex = RTERangeTablePosn(pstate, rte, &sublevels_up); if (targetlist) @@ -930,6 +933,9 @@ ExpandAllTables(ParseState *pstate) RangeTblEntry *rte = (RangeTblEntry *) lfirst(l); int rtindex = RTERangeTablePosn(pstate, rte, NULL); + /* Require read access --- see comments in setTargetTable() */ + rte->requiredPerms |= ACL_SELECT; + target = list_concat(target, expandRelAttrs(pstate, rte, rtindex, 0)); } |