* Petr Jelinek ([EMAIL PROTECTED]) wrote: > + if (!(superuser() > + || ((Form_pg_database) GETSTRUCT(tuple))->datdba == > GetUserId())) > + aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_DATABASE, > + stmt->dbname);
This should almost certainly be a pg_database_ownercheck() call instead. The rest needs to be updated for roles, but looks like it should be pretty easy to do. Much of it just needs to be repatched, the parts that do need to be changed look to be pretty simple changes. I believe the use of SessionUserId is probably correct in this patch. This does mean that this patch will only be for canlogin roles, but that seems like it's probably correct. Handling roles w/ members would require much more thought. Thanks, Stephen
signature.asc
Description: Digital signature