pgsql-create-extension-permission-checks.patch

application/octet-stream

Filename: pgsql-create-extension-permission-checks.patch
Type: application/octet-stream
Part: 0
Message: Re: Question: CREATE EXTENSION and create schema permission?
 src/backend/commands/extension.c |   14 ++++++++++++++
 1 files changed, 14 insertions(+), 0 deletions(-)

diff --git a/src/backend/commands/extension.c b/src/backend/commands/extension.c
index 9b9bb7d..944b40e 100644
--- a/src/backend/commands/extension.c
+++ b/src/backend/commands/extension.c
@@ -1370,6 +1370,20 @@ CreateExtension(CreateExtensionStmt *stmt)
 
 		if (schemaOid == InvalidOid)
 		{
+			AclResult	aclresult;
+
+			/*
+			 * To create a schema, must have schema-create privilege on the
+			 * current database. It also requires the current role must be
+			 * able to become the owner role, however, it is obviously same
+			 * role in this case.
+			 */
+			aclresult = pg_database_aclcheck(MyDatabaseId,
+											 extowner, ACL_CREATE);
+			if (aclresult != ACLCHECK_OK)
+				aclcheck_error(aclresult, ACL_KIND_DATABASE,
+							   get_database_name(MyDatabaseId));
+
 			schemaOid = NamespaceCreate(schemaName, extowner);
 			/* Advance cmd counter to make the namespace visible */
 			CommandCounterIncrement();