Re: patch for type privileges
Yeb Havinga <yebhavinga@gmail.com>
From: Yeb Havinga <yebhavinga@gmail.com>
To: Peter Eisentraut <peter_e@gmx.net>
Cc: pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2011-12-13T18:13:03Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Support range data types.
- 4429f6a9e3e1 9.2.0 cited
On 2011-12-12 20:53, Peter Eisentraut wrote: > On sön, 2011-12-11 at 21:21 +0200, Peter Eisentraut wrote: >>> * Cannot restrict access to array types. After revoking usage from the >>> element type, the error is perhaps a bit misleading. (smallint[] vs >>> smallint) >>> >>> postgres=> create table a (a int2[]); >>> ERROR: permission denied for type smallint[] >> OK, that error message should be improved. > Fixing this is easy, but I'd like to look into refactoring this a bit. > Let's ignore that for now; it's easy to do later. My experience with ignoring things for now is not positive. >>> * The information schema view 'attributes' has this additional condition: >>> AND (pg_has_role(t.typowner, 'USAGE') >>> OR has_type_privilege(t.oid, 'USAGE')); >>> >>> What happens is that attributes in a composite type are shown, or not, >>> if the current user has USAGE rights. The strange thing here, is that >>> the attribute in the type being show or not, doesn't match being able to >>> use it (in the creation of e.g. a table). >> Yeah, that's a bug. That should be something like >> >> AND (pg_has_role(c.relowner, 'USAGE') >> OR has_type_privilege(c.reltype, 'USAGE')); > And fix for that included. Confirmed that this now works as expected. I have no remarks on the other parts of the patch code. After puzzling a bit more with the udt and usage privileges views, it is clear that they should complement each other. That might be reflected by adding to the 'usage_privileges' section a link back to the 'udt_privileges' section. I have no further comments on this patch. regards, Yeb Havinga