Changeset: f0c84cb94a0e for MonetDB
URL: https://dev.monetdb.org/hg/MonetDB?cmd=changeset;node=f0c84cb94a0e
Modified Files:
sql/server/rel_updates.c
sql/server/sql_privileges.c
Branch: Oct2020
Log Message:
fixed handling of PRIV_ROLE_ADMIN
diffs (72 lines):
diff --git a/sql/server/rel_updates.c b/sql/server/rel_updates.c
--- a/sql/server/rel_updates.c
+++ b/sql/server/rel_updates.c
@@ -898,7 +898,7 @@ rel_update(mvc *sql, sql_rel *t, sql_rel
sql_exp *
update_check_column(mvc *sql, sql_table *t, sql_column *c, sql_exp *v, sql_rel
*r, char *cname, const char *action)
{
- if (!table_privs(sql, t, PRIV_UPDATE) && !sql_privilege(sql,
sql->user_id, c->base.id, PRIV_UPDATE))
+ if (!table_privs(sql, t, PRIV_UPDATE) && sql_privilege(sql,
sql->user_id, c->base.id, PRIV_UPDATE) < 0)
return sql_error(sql, 02, SQLSTATE(42000) "%s: insufficient
privileges for user '%s' to update table '%s' on column '%s'", action,
sqlvar_get_string(find_global_var(sql, mvc_bind_schema(sql, "sys"),
"current_user")), t->base.name, cname);
if (!v || (v = exp_check_type(sql, &c->type, r, v, type_equal)) == NULL)
return NULL;
diff --git a/sql/server/sql_privileges.c b/sql/server/sql_privileges.c
--- a/sql/server/sql_privileges.c
+++ b/sql/server/sql_privileges.c
@@ -119,7 +119,7 @@ sql_grant_global_privs( mvc *sql, char *
if (grantee_id <= 0)
throw(SQL,"sql.grant_global",SQLSTATE(01007) "GRANT: User/role
'%s' unknown", grantee);
/* first check if privilege isn't already given */
- if ((sql_privilege(sql, grantee_id, GLOBAL_OBJID, privs)))
+ if ((sql_privilege(sql, grantee_id, GLOBAL_OBJID, privs) >= 0))
throw(SQL,"sql.grant_global",SQLSTATE(01007) "GRANT: User/role
'%s' already has this privilege", grantee);
sql_insert_priv(sql, grantee_id, GLOBAL_OBJID, privs, grantor, grant);
tr->schema_updates++;
@@ -168,13 +168,13 @@ sql_grant_table_privs( mvc *sql, char *g
throw(SQL,"sql.grant_table", SQLSTATE(01007) "GRANT: User/role
'%s' unknown", grantee);
/* first check if privilege isn't already given */
if ((privs == all &&
- (sql_privilege(sql, grantee_id, t->base.id, PRIV_SELECT) ||
- sql_privilege(sql, grantee_id, t->base.id, PRIV_UPDATE) ||
- sql_privilege(sql, grantee_id, t->base.id, PRIV_INSERT) ||
- sql_privilege(sql, grantee_id, t->base.id, PRIV_DELETE) ||
- sql_privilege(sql, grantee_id, t->base.id, PRIV_TRUNCATE))) ||
- (privs != all && !c && sql_privilege(sql, grantee_id, t->base.id,
privs)) ||
- (privs != all && c && sql_privilege(sql, grantee_id, c->base.id,
privs))) {
+ (sql_privilege(sql, grantee_id, t->base.id, PRIV_SELECT) >= 0 ||
+ sql_privilege(sql, grantee_id, t->base.id, PRIV_UPDATE) >= 0 ||
+ sql_privilege(sql, grantee_id, t->base.id, PRIV_INSERT) >= 0 ||
+ sql_privilege(sql, grantee_id, t->base.id, PRIV_DELETE) >= 0 ||
+ sql_privilege(sql, grantee_id, t->base.id, PRIV_TRUNCATE) >= 0)) ||
+ (privs != all && !c && sql_privilege(sql, grantee_id, t->base.id,
privs) >= 0) ||
+ (privs != all && c && sql_privilege(sql, grantee_id, c->base.id,
privs) >= 0)) {
throw(SQL, "sql.grant", SQLSTATE(01007) "GRANT: User/role '%s'
already has this privilege", grantee);
}
if (privs == all) {
@@ -215,7 +215,7 @@ sql_grant_func_privs( mvc *sql, char *gr
if (grantee_id <= 0)
throw(SQL, "sql.grant_func", SQLSTATE(01007) "GRANT: User/role
'%s' unknown", grantee);
/* first check if privilege isn't already given */
- if (sql_privilege(sql, grantee_id, f->base.id, privs))
+ if (sql_privilege(sql, grantee_id, f->base.id, privs) >= 0)
throw(SQL,"sql.grant", SQLSTATE(01007) "GRANT: User/role '%s'
already has this privilege", grantee);
sql_insert_priv(sql, grantee_id, f->base.id, privs, grantor, grant);
tr->schema_updates++;
@@ -428,7 +428,7 @@ int
sql_privilege(mvc *m, sqlid auth_id, sqlid obj_id, int priv)
{
oid rid = sql_privilege_rid(m, auth_id, obj_id, priv);
- int res = 0;
+ int res = -1;
if (!is_oid_nil(rid)) {
/* found priv */
@@ -513,7 +513,7 @@ role_granting_privs(mvc *m, oid role_rid
owner_id = table_funcs.column_find_sqlid(m->session->tr, auths_grantor,
role_rid);
if (owner_id == grantor_id)
return true;
- if (sql_privilege(m, grantor_id, role_id, PRIV_ROLE_ADMIN))
+ if (sql_privilege(m, grantor_id, role_id, PRIV_ROLE_ADMIN) ==
PRIV_ROLE_ADMIN)
return true;
/* check for grant rights in the privs table */
return false;
_______________________________________________
checkin-list mailing list
checkin-list@monetdb.org
https://www.monetdb.org/mailman/listinfo/checkin-list
