diff options
author | Tom Lane | 2007-08-28 22:59:30 +0000 |
---|---|---|
committer | Tom Lane | 2007-08-28 22:59:30 +0000 |
commit | 87f5524e838c326505e3c38ff4ff39cf81ce8039 (patch) | |
tree | 7167c8889a81d4c25d214ea499cf747497e7300b | |
parent | 55582b6c8044b486579d40ab9a48caaa4820b6fe (diff) |
Reduce the permissions check needed to use pgrowlocks() to having
SELECT on the target table. Per discussion.
-rw-r--r-- | contrib/pgrowlocks/pgrowlocks.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/contrib/pgrowlocks/pgrowlocks.c b/contrib/pgrowlocks/pgrowlocks.c index 8197379ec2..2e8c668a6c 100644 --- a/contrib/pgrowlocks/pgrowlocks.c +++ b/contrib/pgrowlocks/pgrowlocks.c @@ -31,6 +31,7 @@ #include "funcapi.h" #include "miscadmin.h" #include "storage/procarray.h" +#include "utils/acl.h" #include "utils/builtins.h" @@ -67,16 +68,12 @@ pgrowlocks(PG_FUNCTION_ARGS) MyData *mydata; Relation rel; - if (!superuser()) - ereport(ERROR, - (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), - (errmsg("must be superuser to use pgrowlocks")))); - if (SRF_IS_FIRSTCALL()) { text *relname; RangeVar *relrv; MemoryContext oldcontext; + AclResult aclresult; funcctx = SRF_FIRSTCALL_INIT(); oldcontext = MemoryContextSwitchTo(funcctx->multi_call_memory_ctx); @@ -92,6 +89,13 @@ pgrowlocks(PG_FUNCTION_ARGS) relrv = makeRangeVarFromNameList(textToQualifiedNameList(relname)); rel = heap_openrv(relrv, AccessShareLock); + /* check permissions: must have SELECT on table */ + aclresult = pg_class_aclcheck(RelationGetRelid(rel), GetUserId(), + ACL_SELECT); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, ACL_KIND_CLASS, + RelationGetRelationName(rel)); + scan = heap_beginscan(rel, SnapshotNow, 0, NULL); mydata = palloc(sizeof(*mydata)); mydata->rel = rel; |