On 3/30/21 8:17 PM, Joe Conway wrote:
On 3/30/21 6:22 PM, Tom Lane wrote:
Joe Conway <m...@joeconway.com> writes:
Heh, I missed the forest for the trees it seems.
That version undid the changes fixing what Ian was originally complaining about.
Duh, right. It would be a good idea for there to be a code comment
explaining this, because it's *far* from obvious. Say like
* Check for column-level privileges first. This serves in
* part as a check on whether the column even exists, so we
* need to do it before checking table-level privilege.
Will do.
My gripe about providing API-spec comments for the new aclchk.c
entry points still stands. Other than that, I think it's good
to go.
Yeah, I was planning to put something akin to this in all four spots:
8<-------------------
/*
* Exported routine for checking a user's access privileges to a table
*
* Does the bulk of the work for pg_class_aclcheck(), and allows other
* callers to avoid the missing relation ERROR when is_missing is non-NULL.
*/
AclResult
pg_class_aclcheck_ext(Oid table_oid, Oid roleid,
AclMode mode, bool *is_missing)
...
8<-------------------
Pushed that way.
Joe
--
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development