The patch was not attached... (2009/12/16 15:15), KaiGai Kohei wrote: > It is a cleanup patch apart from SELinux and security framework. > > Now, EnableDisableRule() checks ownership of the relation which > owns the rewrite rule to be enabled/disabled. > > But it has the following call path, and this check is already done > in the ATPrepCmd(). > > ATExecCmd() > -> ATExecEnableDisableRule() > -> EnableDisableRule() > > This patch removes redundant permission checks. > No need to check same things twice. > > Also see the related discussions: > http://archives.postgresql.org/pgsql-hackers/2009-09/msg01593.php > http://archives.postgresql.org/pgsql-hackers/2009-09/msg01839.php > http://archives.postgresql.org/pgsql-hackers/2009-09/msg01840.php > > Thanks,
-- OSS Platform Development Division, NEC KaiGai Kohei <kai...@ak.jp.nec.com>
*** base/src/backend/rewrite/rewriteDefine.c 2009-11-09 18:44:10.000000000 +0900 --- pgsec/src/backend/rewrite/rewriteDefine.c 2009-12-19 06:11:58.000000000 +0900 *************** EnableDisableRule(Relation rel, const ch *** 690,704 **** rulename, get_rel_name(owningRel)))); /* - * Verify that the user has appropriate permissions. - */ - eventRelationOid = ((Form_pg_rewrite) GETSTRUCT(ruletup))->ev_class; - Assert(eventRelationOid == owningRel); - if (!pg_class_ownercheck(eventRelationOid, GetUserId())) - aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS, - get_rel_name(eventRelationOid)); - - /* * Change ev_enabled if it is different from the desired new state. */ if (DatumGetChar(((Form_pg_rewrite) GETSTRUCT(ruletup))->ev_enabled) != --- 690,695 ----
-- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
