On sön, 2011-11-27 at 17:29 -0500, Tom Lane wrote:
> Peter Eisentraut <pete...@gmx.net> writes:
> > This ought to show EXECUTE privilege on the new function, but it
> > doesn't, because proacl is null, and nothing in the information schema
> > handles that specially.
>
> > I've pondered some ways to fix that. One would be to add a variant of
> > aclexplode() that takes a parameter telling which catalog the acl datum
> > came from, and aclexplode() could then substitute the data received
> > acldefault() for null values. The other way would be to handle this
> > entirely in the information schema SQL (either using some coalesce calls
> > or perhaps a UNION). But that would mean duplicating the knowledge of
> > acldefault() in a second remote place. So I'm thinking that handling it
> > in aclexplode() would be better.
>
> +1. It would be a really bad idea for the acldefault() logic to be
> duplicated someplace else, especially in SQL code where grepping for the
> relevant macros wouldn't even find it.
I figured the best and most flexible way to address this is to export
acldefault() as an SQL function and replace
aclexplode(proacl)
with
aclexplode(coalesce(proacl, acldefault('f', proowner)))
where 'f' here is something that is mapped to ACL_OBJECT_FUNCTION
internally. AFAICT, there is no existing way to map an SQL-accessible
quantity to the ACL_OBJECT_* symbols, so I'll just have to make
something up.
WIP patch is attached. If there are no objections to this approach,
I'll finish it up.
diff --git i/src/backend/catalog/information_schema.sql w/src/backend/catalog/information_schema.sql
index b60409f..cdc6e29 100644
--- i/src/backend/catalog/information_schema.sql
+++ w/src/backend/catalog/information_schema.sql
@@ -1276,7 +1276,7 @@ CREATE VIEW routine_privileges AS
THEN 'YES' ELSE 'NO' END AS yes_or_no) AS is_grantable
FROM (
- SELECT oid, proname, proowner, pronamespace, (aclexplode(proacl)).* FROM pg_proc
+ SELECT oid, proname, proowner, pronamespace, (aclexplode(coalesce(proacl, acldefault('f', proowner)))).* FROM pg_proc
) p (oid, proname, proowner, pronamespace, grantor, grantee, prtype, grantable),
pg_namespace n,
pg_authid u_grantor,
diff --git i/src/backend/utils/adt/acl.c w/src/backend/utils/adt/acl.c
index 59587c6..e48faea 100644
--- i/src/backend/utils/adt/acl.c
+++ w/src/backend/utils/adt/acl.c
@@ -833,6 +833,26 @@ acldefault(GrantObjectType objtype, Oid ownerId)
return acl;
}
+Datum
+acldefault_sql(PG_FUNCTION_ARGS)
+{
+ char objtypec = PG_GETARG_CHAR(0);
+ Oid owner = PG_GETARG_OID(1);
+ GrantObjectType objtype;
+
+ switch (objtypec)
+ {
+ case 'f':
+ objtype = ACL_OBJECT_FUNCTION;
+ break;
+ default:
+ elog(ERROR, "booh!");
+ abort();
+ }
+
+ PG_RETURN_ACL_P(acldefault(objtype, owner));
+}
+
/*
* Update an ACL array to add or remove specified privileges.
diff --git i/src/include/catalog/pg_proc.h w/src/include/catalog/pg_proc.h
index c893c3a..885e03a 100644
--- i/src/include/catalog/pg_proc.h
+++ w/src/include/catalog/pg_proc.h
@@ -1092,6 +1092,8 @@ DESCR("contains");
DATA(insert OID = 1062 ( aclitemeq PGNSP PGUID 12 1 0 0 0 f f f t f i 2 0 16 "1033 1033" _null_ _null_ _null_ _null_ aclitem_eq _null_ _null_ _null_ ));
DATA(insert OID = 1365 ( makeaclitem PGNSP PGUID 12 1 0 0 0 f f f t f i 4 0 1033 "26 26 25 16" _null_ _null_ _null_ _null_ makeaclitem _null_ _null_ _null_ ));
DESCR("make ACL item");
+DATA(insert OID = 3943 ( acldefault PGNSP PGUID 12 1 0 0 0 f f f t f i 2 0 1034 "18 26" _null_ _null_ _null_ _null_ acldefault_sql _null_ _null_ _null_ ));
+DESCR("TODO");
DATA(insert OID = 1689 ( aclexplode PGNSP PGUID 12 1 10 0 0 f f f t t s 1 0 2249 "1034" "{1034,26,26,25,16}" "{i,o,o,o,o}" "{acl,grantor,grantee,privilege_type,is_grantable}" _null_ aclexplode _null_ _null_ _null_ ));
DESCR("convert ACL item array to table, for use by information schema");
DATA(insert OID = 1044 ( bpcharin PGNSP PGUID 12 1 0 0 0 f f f t f i 3 0 1042 "2275 26 23" _null_ _null_ _null_ _null_ bpcharin _null_ _null_ _null_ ));
diff --git i/src/include/utils/acl.h w/src/include/utils/acl.h
index f231951..d92d348 100644
--- i/src/include/utils/acl.h
+++ w/src/include/utils/acl.h
@@ -245,6 +245,7 @@ extern Datum aclcontains(PG_FUNCTION_ARGS);
extern Datum makeaclitem(PG_FUNCTION_ARGS);
extern Datum aclitem_eq(PG_FUNCTION_ARGS);
extern Datum hash_aclitem(PG_FUNCTION_ARGS);
+extern Datum acldefault_sql(PG_FUNCTION_ARGS);
extern Datum aclexplode(PG_FUNCTION_ARGS);
/*
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
