Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 89fefd9

Browse files
committed
Reduce the permissions check needed to use pgrowlocks() to having
SELECT on the target table. Per discussion.
1 parent 24d4517 commit 89fefd9

File tree

1 file changed

+10
-6
lines changed

1 file changed

+10
-6
lines changed

contrib/pgrowlocks/pgrowlocks.c

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* $PostgreSQL: pgsql/contrib/pgrowlocks/pgrowlocks.c,v 1.6 2007/08/27 00:13:51 tgl Exp $
2+
* $PostgreSQL: pgsql/contrib/pgrowlocks/pgrowlocks.c,v 1.7 2007/08/28 22:59:30 tgl Exp $
33
*
44
* Copyright (c) 2005-2006 Tatsuo Ishii
55
*
@@ -31,6 +31,7 @@
3131
#include "funcapi.h"
3232
#include "miscadmin.h"
3333
#include "storage/procarray.h"
34+
#include "utils/acl.h"
3435
#include "utils/builtins.h"
3536

3637

@@ -67,16 +68,12 @@ pgrowlocks(PG_FUNCTION_ARGS)
6768
MyData *mydata;
6869
Relation rel;
6970

70-
if (!superuser())
71-
ereport(ERROR,
72-
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
73-
(errmsg("must be superuser to use pgrowlocks"))));
74-
7571
if (SRF_IS_FIRSTCALL())
7672
{
7773
text *relname;
7874
RangeVar *relrv;
7975
MemoryContext oldcontext;
76+
AclResult aclresult;
8077

8178
funcctx = SRF_FIRSTCALL_INIT();
8279
oldcontext = MemoryContextSwitchTo(funcctx->multi_call_memory_ctx);
@@ -92,6 +89,13 @@ pgrowlocks(PG_FUNCTION_ARGS)
9289
relrv = makeRangeVarFromNameList(textToQualifiedNameList(relname));
9390
rel = heap_openrv(relrv, AccessShareLock);
9491

92+
/* check permissions: must have SELECT on table */
93+
aclresult = pg_class_aclcheck(RelationGetRelid(rel), GetUserId(),
94+
ACL_SELECT);
95+
if (aclresult != ACLCHECK_OK)
96+
aclcheck_error(aclresult, ACL_KIND_CLASS,
97+
RelationGetRelationName(rel));
98+
9599
scan = heap_beginscan(rel, SnapshotNow, 0, NULL);
96100
mydata = palloc(sizeof(*mydata));
97101
mydata->rel = rel;

0 commit comments

Comments
 (0)