mirrors/postgres
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Enforce EXECUTE privilege for aggregate functions.

Browse Source
This commit is contained in:
Tom Lane 2002-04-29 22:28:19 +00:00
parent ccfaf9067d
commit 857661ba2e
2 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
doc/src/sgml/ref/grant.sgml
View File

@ -1,5 +1,5 @@
<!-- <!--
$Header: /cvsroot/pgsql/doc/src/sgml/ref/grant.sgml,v 1.23 2002/04/22 19:17:40 tgl Exp $ $Header: /cvsroot/pgsql/doc/src/sgml/ref/grant.sgml,v 1.24 2002/04/29 22:28:19 tgl Exp $
PostgreSQL documentation PostgreSQL documentation
--> -->
@ -182,6 +182,7 @@ GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
Allows the use of the specified function and the use of any Allows the use of the specified function and the use of any
operators that are implemented on top of the function. This is operators that are implemented on top of the function. This is
the only type of privilege that is applicable to functions. the only type of privilege that is applicable to functions.
(This syntax works for aggregate functions, as well.)
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>

11
src/backend/executor/nodeAgg.c
View File

@ -46,7 +46,7 @@
* Portions Copyright (c) 1994, Regents of the University of California * Portions Copyright (c) 1994, Regents of the University of California
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/executor/nodeAgg.c,v 1.82 2002/04/16 23:08:10 tgl Exp $ * $Header: /cvsroot/pgsql/src/backend/executor/nodeAgg.c,v 1.83 2002/04/29 22:28:19 tgl Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
@ -58,11 +58,13 @@
#include "catalog/pg_operator.h" #include "catalog/pg_operator.h"
#include "executor/executor.h" #include "executor/executor.h"
#include "executor/nodeAgg.h" #include "executor/nodeAgg.h"
#include "miscadmin.h"
#include "optimizer/clauses.h" #include "optimizer/clauses.h"
#include "parser/parse_coerce.h" #include "parser/parse_coerce.h"
#include "parser/parse_expr.h" #include "parser/parse_expr.h"
#include "parser/parse_oper.h" #include "parser/parse_oper.h"
#include "parser/parse_type.h" #include "parser/parse_type.h"
#include "utils/acl.h"
#include "utils/builtins.h" #include "utils/builtins.h"
#include "utils/lsyscache.h" #include "utils/lsyscache.h"
#include "utils/syscache.h" #include "utils/syscache.h"
@ -843,6 +845,7 @@ ExecInitAgg(Agg *node, EState *estate, Plan *parent)
AggStatePerAgg peraggstate = &peragg[++aggno]; AggStatePerAgg peraggstate = &peragg[++aggno];
HeapTuple aggTuple; HeapTuple aggTuple;
Form_pg_aggregate aggform; Form_pg_aggregate aggform;
AclResult aclresult;
Oid transfn_oid, Oid transfn_oid,
finalfn_oid; finalfn_oid;
Datum textInitVal; Datum textInitVal;
@ -861,6 +864,12 @@ ExecInitAgg(Agg *node, EState *estate, Plan *parent)
aggref->aggfnoid); aggref->aggfnoid);
aggform = (Form_pg_aggregate) GETSTRUCT(aggTuple); aggform = (Form_pg_aggregate) GETSTRUCT(aggTuple);
/* Check permission to call aggregate function */
aclresult = pg_proc_aclcheck(aggref->aggfnoid, GetUserId(),
ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, get_func_name(aggref->aggfnoid));
get_typlenbyval(aggref->aggtype, get_typlenbyval(aggref->aggtype,
&peraggstate->resulttypeLen, &peraggstate->resulttypeLen,
&peraggstate->resulttypeByVal); &peraggstate->resulttypeByVal);