From b8b14219638c2c81dc8c528eed91fb03fda7c72a Mon Sep 17 00:00:00 2001
From: drh <drh@noemail.net>
Date: Thu, 24 Aug 2006 15:18:25 +0000
Subject: [PATCH] Documentation updates for the new SQLITE_FUNCTION
 authorization. (CVS 3366)

FossilOrigin-Name: e029637e54e190c89206725a99e1ee7db6c23804
---
 manifest         | 14 +++++++-------
 manifest.uuid    |  2 +-
 src/expr.c       |  4 +++-
 www/capi3ref.tcl | 39 +++++++++++++++++++++++++++++++--------
 4 files changed, 42 insertions(+), 17 deletions(-)

diff --git a/manifest b/manifest
index 31e3fdc0ca..b93328479e 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Enhance\sthe\ssqlite3_set_authorizer()\scallback\sso\sthat\sit\sprovides\scallbacks\non\seach\sSQL\sfunction\sthat\sis\sinvoked.\s(CVS\s3365)
-D 2006-08-24T14:59:46
+C Documentation\supdates\sfor\sthe\snew\sSQLITE_FUNCTION\sauthorization.\s(CVS\s3366)
+D 2006-08-24T15:18:25
 F Makefile.in 8e7f9ecebab2c6e0f3db20ff129a8f9405ab64f8
 F Makefile.linux-gcc 2d8574d1ba75f129aba2019f0b959db380a90935
 F README 9c4e2d6706bdcc3efdd773ce752a8cdab4f90028
@@ -50,7 +50,7 @@ F src/complete.c 7d1a44be8f37de125fcafd3d3a018690b3799675
 F src/date.c cd2bd5d1ebc6fa12d6312f69789ae5b0a2766f2e
 F src/delete.c 804384761144fe1a5035b99f4bd7d706976831bd
 F src/experimental.c 1b2d1a6cd62ecc39610e97670332ca073c50792b
-F src/expr.c fb53fb9ddbfb2868bf148031adde2290de0fd65a
+F src/expr.c 0546cc60f08c426d96092dea0789d085aed3580e
 F src/func.c dd9cea8ed3246d7a4c49fd01034d470d5702b8b0
 F src/hash.c 449f3d6620193aa557f5d86cbc5cc6b87702b185
 F src/hash.h 1b3f7e2609141fd571f62199fc38687d262e9564
@@ -344,7 +344,7 @@ F www/audit.tcl 90e09d580f79c7efec0c7d6f447b7ec5c2dce5c0
 F www/autoinc.tcl b357f5ba954b046ee35392ce0f884a2fcfcdea06
 F www/c_interface.tcl b51b08591554c16a0c3ef718364a508ac25abc7e
 F www/capi3.tcl 7a7cc225fe02eb7ab861a6019b08baa0014409e1
-F www/capi3ref.tcl fab3d77e72fcea574e0fd52e6374d75143792f1c
+F www/capi3ref.tcl 3df3e9703aca711dcdbe6de94bd93456abf75078
 F www/changes.tcl 7bbcf947aa71d4760cbd286ba176466e729c974f
 F www/common.tcl 14d121c28532ad20c3e349caa4db708b0b822083
 F www/compile.tcl 276546d7eb445add5a867193bbd80f6919a6b084
@@ -388,7 +388,7 @@ F www/tclsqlite.tcl bb0d1357328a42b1993d78573e587c6dcbc964b9
 F www/vdbe.tcl 87a31ace769f20d3627a64fa1fade7fed47b90d0
 F www/version3.tcl 890248cf7b70e60c383b0e84d77d5132b3ead42b
 F www/whentouse.tcl 97e2b5cd296f7d8057e11f44427dea8a4c2db513
-P 5696e0cb771ea62df6f91cb03dfc428af1441e9e
-R adbd010d3035a48a51b9cccec0ffd93d
+P 4547c81f7da29b1490c6eba8d9c333218c5cb88f
+R 4e02aebf9882923b83a6bdd556e1b24b
 U drh
-Z e780ba3f47ab009dda8d768d0c7835f6
+Z 0629764da6fb062720dc2a83a77f2d2f
diff --git a/manifest.uuid b/manifest.uuid
index 902b58cea9..6f97047b1c 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-4547c81f7da29b1490c6eba8d9c333218c5cb88f
\ No newline at end of file
+e029637e54e190c89206725a99e1ee7db6c23804
\ No newline at end of file
diff --git a/src/expr.c b/src/expr.c
index 32fb543cc0..54b6488e4c 100644
--- a/src/expr.c
+++ b/src/expr.c
@@ -12,7 +12,7 @@
 ** This file contains routines used for analyzing expressions and
 ** for generating VDBE code that evaluates expressions in SQLite.
 **
-** $Id: expr.c,v 1.267 2006/08/24 14:59:46 drh Exp $
+** $Id: expr.c,v 1.268 2006/08/24 15:18:25 drh Exp $
 */
 #include "sqliteInt.h"
 #include <ctype.h>
@@ -1180,6 +1180,7 @@ static int nameResolverStep(void *pArg, Expr *pExpr){
       }else{
         is_agg = pDef->xFunc==0;
       }
+#ifndef SQLITE_OMIT_AUTHORIZER
       if( pDef ){
         auth = sqlite3AuthCheck(pParse, SQLITE_FUNCTION, 0, pDef->zName, 0);
         if( auth!=SQLITE_OK ){
@@ -1192,6 +1193,7 @@ static int nameResolverStep(void *pArg, Expr *pExpr){
           return 1;
         }
       }
+#endif
       if( is_agg && !pNC->allowAgg ){
         sqlite3ErrorMsg(pParse, "misuse of aggregate function %.*s()", nId,zId);
         pNC->nErr++;
diff --git a/www/capi3ref.tcl b/www/capi3ref.tcl
index 8e46efb777..2d6661f567 100644
--- a/www/capi3ref.tcl
+++ b/www/capi3ref.tcl
@@ -1,4 +1,4 @@
-set rcsid {$Id: capi3ref.tcl,v 1.42 2006/08/12 14:38:47 drh Exp $}
+set rcsid {$Id: capi3ref.tcl,v 1.43 2006/08/24 15:18:25 drh Exp $}
 source common.tcl
 header {C/C++ Interface For SQLite Version 3}
 puts {
@@ -1198,29 +1198,52 @@ int sqlite3_set_authorizer(
 #define SQLITE_ALTER_TABLE          26   /* Database Name   Table Name      */
 #define SQLITE_REINDEX              27   /* Index Name      NULL            */
 #define SQLITE_ANALYZE              28   /* Table Name      NULL            */
+#define SQLITE_CREATE_VTABLE        29   /* Table Name      Module Name     */
+#define SQLITE_DROP_VTABLE          30   /* Table Name      Module Name     */
+#define SQLITE_FUNCTION             31   /* Function Name   NULL            */
 
 #define SQLITE_DENY   1   /* Abort the SQL statement with an error */
 #define SQLITE_IGNORE 2   /* Don't allow access, but don't generate an error */
 } {
  This routine registers a callback with the SQLite library.  The
- callback is invoked (at compile-time, not at run-time) for each
- attempt to access a column of a table in the database.  The callback should
+ callback is invoked by sqlite3_prepare() to authorize various
+ operations against the database.  The callback should
  return SQLITE_OK if access is allowed, SQLITE_DENY if the entire
  SQL statement should be aborted with an error and SQLITE_IGNORE
- if the column should be treated as a NULL value.
+ if the operation should be treated as a no-op.
+
+ Each database connection have at most one authorizer registered
+ at a time one time.  Each call
+ to sqlite3_set_authorizer() overrides the previous authorizer.
+ Setting the callback to NULL disables the authorizer.
 
  The second argument to the access authorization function will be one
  of the defined constants shown.  These values signify what kind of operation
  is to be authorized.  The 3rd and 4th arguments to the authorization
- function will be arguments or NULL depending on which of the following
- codes is used as the second argument.  The 5th argument is the name
- of the database ("main", "temp", etc.) if applicable.  The 6th argument
+ function will be arguments or NULL depending on which of the 
+ codes is used as the second argument.  For example, if the the
+ 2nd argument code is SQLITE_READ then the 3rd argument will be the name
+ of the table that is being read from and the 4th argument will be the
+ name of the column that is being read from.  Or if the 2nd argument
+ is SQLITE_FUNCTION then the 3rd argument will be the name of the
+ function that is being invoked and the 4th argument will be NULL.
+
+ The 5th argument is the name
+ of the database ("main", "temp", etc.) where applicable.  The 6th argument
  is the name of the inner-most trigger or view that is responsible for
  the access attempt or NULL if this access attempt is directly from 
  input SQL code.
 
  The return value of the authorization function should be one of the
- constants SQLITE_OK, SQLITE_DENY, or SQLITE_IGNORE.
+ constants SQLITE_OK, SQLITE_DENY, or SQLITE_IGNORE.  A return of
+ SQLITE_OK means that the operation is permitted and that 
+ sqlite3_prepare() can proceed as normal.
+ A return of SQLITE_DENY means that the sqlite3_prepare()
+ should fail with an error.  A return of SQLITE_IGNORE causes the 
+ sqlite3_prepare() to continue as normal but the requested 
+ operation is silently converted into a no-op.  A return of SQLITE_IGNORE
+ in response to an SQLITE_READ or SQLITE_FUNCTION causes the column
+ being read or the function being invoked to return a NULL.
 
  The intent of this routine is to allow applications to safely execute
  user-entered SQL.  An appropriate callback can deny the user-entered