Kohei KaiGai kai...@kaigai.gr.jp writes:
The attached patch adds permission check at the scenario that I
explained bellow.
Instead of using this patch, I changed the code to call
CreateSchemaCommand itself. The test that was still missing was the one
to restrict the schema name to not start
The attached patch adds permission check at the scenario that I
explained bellow.
Unlike CreateSchemaCommand(), we don't have check_is_member_of_role() here
because the extowner is obviously same with the current user in this code path.
I hope this patch being also back ported to v9.1 tree, not
CreateExtension() possibly creates a new schema when the supplied
extension was not relocatable and the target schema was given by
control file of the extension.
However, it allows users to create a new schema with his ownership,
even if current user does not have permission to create a new
Kohei KaiGai kai...@kaigai.gr.jp writes:
However, it allows users to create a new schema with his ownership,
even if current user does not have permission to create a new schema.
[...]
It seems to me that we should inject permission checks here like as
CreateSchemaCommand() doing.
It seems to
2011/8/21 Dimitri Fontaine dimi...@2ndquadrant.fr:
Kohei KaiGai kai...@kaigai.gr.jp writes:
However, it allows users to create a new schema with his ownership,
even if current user does not have permission to create a new schema.
[...]
It seems to me that we should inject permission checks
Kohei KaiGai kai...@kaigai.gr.jp writes:
The current implementation set the current user as owner of the new schema.
The default permission check of schema allows owner to create several kinds
of underlying objects.
In the result, we may consider a scenario that a user without permissions to