summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTom Lane2007-08-28 22:59:30 +0000
committerTom Lane2007-08-28 22:59:30 +0000
commit87f5524e838c326505e3c38ff4ff39cf81ce8039 (patch)
tree7167c8889a81d4c25d214ea499cf747497e7300b
parent55582b6c8044b486579d40ab9a48caaa4820b6fe (diff)
Reduce the permissions check needed to use pgrowlocks() to having
SELECT on the target table. Per discussion.
Diffstat
-rw-r--r--contrib/pgrowlocks/pgrowlocks.c14
1 files changed, 9 insertions, 5 deletions
diff --git a/contrib/pgrowlocks/pgrowlocks.c b/contrib/pgrowlocks/pgrowlocks.c
index 8197379ec2..2e8c668a6c 100644
--- a/contrib/pgrowlocks/pgrowlocks.c
+++ b/contrib/pgrowlocks/pgrowlocks.c
@@ -31,6 +31,7 @@
#include "funcapi.h"
#include "miscadmin.h"
#include "storage/procarray.h"
+#include "utils/acl.h"
#include "utils/builtins.h"
@@ -67,16 +68,12 @@ pgrowlocks(PG_FUNCTION_ARGS)
MyData *mydata;
Relation rel;
- if (!superuser())
- ereport(ERROR,
- (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
- (errmsg("must be superuser to use pgrowlocks"))));
-
if (SRF_IS_FIRSTCALL())
{
text *relname;
RangeVar *relrv;
MemoryContext oldcontext;
+ AclResult aclresult;
funcctx = SRF_FIRSTCALL_INIT();
oldcontext = MemoryContextSwitchTo(funcctx->multi_call_memory_ctx);
@@ -92,6 +89,13 @@ pgrowlocks(PG_FUNCTION_ARGS)
relrv = makeRangeVarFromNameList(textToQualifiedNameList(relname));
rel = heap_openrv(relrv, AccessShareLock);
+ /* check permissions: must have SELECT on table */
+ aclresult = pg_class_aclcheck(RelationGetRelid(rel), GetUserId(),
+ ACL_SELECT);
+ if (aclresult != ACLCHECK_OK)
+ aclcheck_error(aclresult, ACL_KIND_CLASS,
+ RelationGetRelationName(rel));
+
scan = heap_beginscan(rel, SnapshotNow, 0, NULL);
mydata = palloc(sizeof(*mydata));
mydata->rel = rel;
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-11 04:42:50 +0000