diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2005-07-14 21:46:30 +0000 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2005-07-14 21:46:30 +0000 |
| commit | aa1110624c08298393dfce996f7b21809d98d3fd (patch) | |
| tree | b698817242cc44d7ad14cbd68cb0b96e751e4e13 /src/backend/commands/conversioncmds.c | |
| parent | bd157821649ae203b9c8ce8daf4ec027a0003351 (diff) | |
| download | postgresql-aa1110624c08298393dfce996f7b21809d98d3fd.tar.gz | |
Adjust permissions checking for ALTER OWNER commands: instead of
requiring superuserness always, allow an owner to reassign ownership
to any role he is a member of, if that role would have the right to
create a similar object. These three requirements essentially state
that the would-be alterer has enough privilege to DROP the existing
object and then re-CREATE it as the new role; so we might as well
let him do it in one step. The ALTER TABLESPACE case is a bit
squirrely, but the whole concept of non-superuser tablespace owners
is pretty dubious anyway. Stephen Frost, code review by Tom Lane.
Diffstat (limited to 'src/backend/commands/conversioncmds.c')
| -rw-r--r-- | src/backend/commands/conversioncmds.c | 25 |
1 files changed, 17 insertions, 8 deletions
diff --git a/src/backend/commands/conversioncmds.c b/src/backend/commands/conversioncmds.c index 9cc72ec732..81e889aa4e 100644 --- a/src/backend/commands/conversioncmds.c +++ b/src/backend/commands/conversioncmds.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/commands/conversioncmds.c,v 1.20 2005/07/07 20:39:58 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/commands/conversioncmds.c,v 1.21 2005/07/14 21:46:29 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -152,8 +152,7 @@ RenameConversion(List *name, const char *newname) newname, get_namespace_name(namespaceOid)))); /* must be owner */ - if (!superuser() && - ((Form_pg_conversion) GETSTRUCT(tup))->conowner != GetUserId()) + if (!pg_conversion_ownercheck(conversionOid,GetUserId())) aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CONVERSION, NameListToString(name)); @@ -182,6 +181,7 @@ AlterConversionOwner(List *name, Oid newOwnerId) HeapTuple tup; Relation rel; Form_pg_conversion convForm; + AclResult aclresult; rel = heap_open(ConversionRelationId, RowExclusiveLock); @@ -206,11 +206,20 @@ AlterConversionOwner(List *name, Oid newOwnerId) */ if (convForm->conowner != newOwnerId) { - /* Otherwise, must be superuser to change object ownership */ - if (!superuser()) - ereport(ERROR, - (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), - errmsg("must be superuser to change owner"))); + /* Otherwise, must be owner of the existing object */ + if (!pg_conversion_ownercheck(HeapTupleGetOid(tup),GetUserId())) + aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CONVERSION, + NameListToString(name)); + + /* Must be able to become new owner */ + check_is_member_of_role(GetUserId(), newOwnerId); + + /* New owner must have CREATE privilege on namespace */ + aclresult = pg_namespace_aclcheck(convForm->connamespace, newOwnerId, + ACL_CREATE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, ACL_KIND_NAMESPACE, + get_namespace_name(convForm->connamespace)); /* * Modify the owner --- okay to scribble on tup because it's a |