[PATCH v4 2/5] Replace AclObjectKind with ObjectType
Peter Eisentraut <peter_e@gmx.net>
From: Peter Eisentraut <peter_e@gmx.net>
To:
Date: 2017-12-02T14:26:34Z
Lists: pgsql-hackers
AclObjectKind was basically just another enumeration for object types,
and we already have a preferred one for that. It's only used in
aclcheck_error. By using ObjectType instead, we can also give some more
precise error messages, for example "index" instead of "relation".
---
contrib/dblink/dblink.c | 4 +-
contrib/pg_prewarm/pg_prewarm.c | 2 +-
contrib/pgrowlocks/pgrowlocks.c | 2 +-
src/backend/access/brin/brin.c | 4 +-
src/backend/access/gin/ginfast.c | 2 +-
src/backend/catalog/aclchk.c | 508 +++++++++++++--------
src/backend/catalog/namespace.c | 8 +-
src/backend/catalog/objectaddress.c | 90 ++--
src/backend/catalog/pg_aggregate.c | 2 +-
src/backend/catalog/pg_operator.c | 8 +-
src/backend/catalog/pg_proc.c | 2 +-
src/backend/catalog/pg_type.c | 2 +-
src/backend/commands/aggregatecmds.c | 2 +-
src/backend/commands/alter.c | 18 +-
src/backend/commands/collationcmds.c | 4 +-
src/backend/commands/conversioncmds.c | 4 +-
src/backend/commands/dbcommands.c | 16 +-
src/backend/commands/event_trigger.c | 4 +-
src/backend/commands/extension.c | 8 +-
src/backend/commands/foreigncmds.c | 16 +-
src/backend/commands/functioncmds.c | 26 +-
src/backend/commands/indexcmds.c | 10 +-
src/backend/commands/lockcmds.c | 4 +-
src/backend/commands/opclasscmds.c | 16 +-
src/backend/commands/operatorcmds.c | 10 +-
src/backend/commands/policy.c | 2 +-
src/backend/commands/proclang.c | 4 +-
src/backend/commands/publicationcmds.c | 10 +-
src/backend/commands/schemacmds.c | 10 +-
src/backend/commands/statscmds.c | 2 +-
src/backend/commands/subscriptioncmds.c | 6 +-
src/backend/commands/tablecmds.c | 36 +-
src/backend/commands/tablespace.c | 10 +-
src/backend/commands/trigger.c | 8 +-
src/backend/commands/tsearchcmds.c | 8 +-
src/backend/commands/typecmds.c | 28 +-
src/backend/commands/user.c | 2 +-
src/backend/executor/execExpr.c | 4 +-
src/backend/executor/execMain.c | 2 +-
src/backend/executor/execSRF.c | 2 +-
src/backend/executor/nodeAgg.c | 10 +-
src/backend/executor/nodeWindowAgg.c | 8 +-
src/backend/parser/parse_utilcmd.c | 4 +-
src/backend/rewrite/rewriteDefine.c | 6 +-
src/backend/tcop/fastpath.c | 4 +-
src/backend/utils/adt/dbsize.c | 4 +-
src/backend/utils/adt/tid.c | 4 +-
src/backend/utils/fmgr/fmgr.c | 4 +-
src/include/catalog/objectaddress.h | 2 +-
src/include/utils/acl.h | 35 +-
src/pl/tcl/pltcl.c | 2 +-
.../dummy_seclabel/expected/dummy_seclabel.out | 4 +-
src/test/regress/expected/create_procedure.out | 2 +-
src/test/regress/expected/privileges.out | 8 +-
54 files changed, 562 insertions(+), 441 deletions(-)
diff --git a/contrib/dblink/dblink.c b/contrib/dblink/dblink.c
index a6c897c319..6b4d036d9e 100644
--- a/contrib/dblink/dblink.c
+++ b/contrib/dblink/dblink.c
@@ -2504,7 +2504,7 @@ get_rel_from_relname(text *relname_text, LOCKMODE lockmode, AclMode aclmode)
aclresult = pg_class_aclcheck(RelationGetRelid(rel), GetUserId(),
aclmode);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_CLASS,
+ aclcheck_error(aclresult, OBJECT_RELATION,
RelationGetRelationName(rel));
return rel;
@@ -2789,7 +2789,7 @@ get_connect_string(const char *servername)
/* Check permissions, user must have usage on the server. */
aclresult = pg_foreign_server_aclcheck(serverid, userid, ACL_USAGE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_FOREIGN_SERVER, foreign_server->servername);
+ aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, foreign_server->servername);
foreach(cell, fdw->options)
{
diff --git a/contrib/pg_prewarm/pg_prewarm.c b/contrib/pg_prewarm/pg_prewarm.c
index 4117bf6d2e..bab01e6781 100644
--- a/contrib/pg_prewarm/pg_prewarm.c
+++ b/contrib/pg_prewarm/pg_prewarm.c
@@ -107,7 +107,7 @@ pg_prewarm(PG_FUNCTION_ARGS)
rel = relation_open(relOid, AccessShareLock);
aclresult = pg_class_aclcheck(relOid, GetUserId(), ACL_SELECT);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_CLASS, get_rel_name(relOid));
+ aclcheck_error(aclresult, OBJECT_RELATION, get_rel_name(relOid));
/* Check that the fork exists. */
RelationOpenSmgr(rel);
diff --git a/contrib/pgrowlocks/pgrowlocks.c b/contrib/pgrowlocks/pgrowlocks.c
index eabca65bd2..38e10e59a8 100644
--- a/contrib/pgrowlocks/pgrowlocks.c
+++ b/contrib/pgrowlocks/pgrowlocks.c
@@ -121,7 +121,7 @@ pgrowlocks(PG_FUNCTION_ARGS)
aclresult = is_member_of_role(GetUserId(), DEFAULT_ROLE_STAT_SCAN_TABLES) ? ACLCHECK_OK : ACLCHECK_NO_PRIV;
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_CLASS,
+ aclcheck_error(aclresult, OBJECT_RELATION,
RelationGetRelationName(rel));
scan = heap_beginscan(rel, GetActiveSnapshot(), 0, NULL);
diff --git a/src/backend/access/brin/brin.c b/src/backend/access/brin/brin.c
index f54968bfb5..5027872267 100644
--- a/src/backend/access/brin/brin.c
+++ b/src/backend/access/brin/brin.c
@@ -894,7 +894,7 @@ brin_summarize_range(PG_FUNCTION_ARGS)
/* User must own the index (comparable to privileges needed for VACUUM) */
if (!pg_class_ownercheck(indexoid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_INDEX,
RelationGetRelationName(indexRel));
/*
@@ -965,7 +965,7 @@ brin_desummarize_range(PG_FUNCTION_ARGS)
/* User must own the index (comparable to privileges needed for VACUUM) */
if (!pg_class_ownercheck(indexoid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_INDEX,
RelationGetRelationName(indexRel));
/*
diff --git a/src/backend/access/gin/ginfast.c b/src/backend/access/gin/ginfast.c
index 222a80bc4b..615730b8e5 100644
--- a/src/backend/access/gin/ginfast.c
+++ b/src/backend/access/gin/ginfast.c
@@ -1035,7 +1035,7 @@ gin_clean_pending_list(PG_FUNCTION_ARGS)
/* User must own the index (comparable to privileges needed for VACUUM) */
if (!pg_class_ownercheck(indexoid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_INDEX,
RelationGetRelationName(indexRel));
memset(&stats, 0, sizeof(stats));
diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c
index ef6bc6a9db..2e07d75ef4 100644
--- a/src/backend/catalog/aclchk.c
+++ b/src/backend/catalog/aclchk.c
@@ -132,9 +132,9 @@ static const char *privilege_to_string(AclMode privilege);
static AclMode restrict_and_check_grant(bool is_grant, AclMode avail_goptions,
bool all_privs, AclMode privileges,
Oid objectId, Oid grantorId,
- AclObjectKind objkind, const char *objname,
+ ObjectType objtype, const char *objname,
AttrNumber att_number, const char *colname);
-static AclMode pg_aclmask(AclObjectKind objkind, Oid table_oid, AttrNumber attnum,
+static AclMode pg_aclmask(ObjectType objtype, Oid table_oid, AttrNumber attnum,
Oid roleid, AclMode mask, AclMaskHow how);
static void recordExtensionInitPriv(Oid objoid, Oid classoid, int objsubid,
Acl *new_acl);
@@ -236,56 +236,56 @@ merge_acl_with_grant(Acl *old_acl, bool is_grant,
static AclMode
restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs,
AclMode privileges, Oid objectId, Oid grantorId,
- AclObjectKind objkind, const char *objname,
+ ObjectType objtype, const char *objname,
AttrNumber att_number, const char *colname)
{
AclMode this_privileges;
AclMode whole_mask;
- switch (objkind)
+ switch (objtype)
{
- case ACL_KIND_COLUMN:
+ case OBJECT_COLUMN:
whole_mask = ACL_ALL_RIGHTS_COLUMN;
break;
- case ACL_KIND_CLASS:
+ case OBJECT_RELATION:
whole_mask = ACL_ALL_RIGHTS_RELATION;
break;
- case ACL_KIND_SEQUENCE:
+ case OBJECT_SEQUENCE:
whole_mask = ACL_ALL_RIGHTS_SEQUENCE;
break;
- case ACL_KIND_DATABASE:
+ case OBJECT_DATABASE:
whole_mask = ACL_ALL_RIGHTS_DATABASE;
break;
- case ACL_KIND_PROC:
+ case OBJECT_FUNCTION:
whole_mask = ACL_ALL_RIGHTS_FUNCTION;
break;
- case ACL_KIND_LANGUAGE:
+ case OBJECT_LANGUAGE:
whole_mask = ACL_ALL_RIGHTS_LANGUAGE;
break;
- case ACL_KIND_LARGEOBJECT:
+ case OBJECT_LARGEOBJECT:
whole_mask = ACL_ALL_RIGHTS_LARGEOBJECT;
break;
- case ACL_KIND_NAMESPACE:
+ case OBJECT_SCHEMA:
whole_mask = ACL_ALL_RIGHTS_SCHEMA;
break;
- case ACL_KIND_TABLESPACE:
+ case OBJECT_TABLESPACE:
whole_mask = ACL_ALL_RIGHTS_TABLESPACE;
break;
- case ACL_KIND_FDW:
+ case OBJECT_FDW:
whole_mask = ACL_ALL_RIGHTS_FDW;
break;
- case ACL_KIND_FOREIGN_SERVER:
+ case OBJECT_FOREIGN_SERVER:
whole_mask = ACL_ALL_RIGHTS_FOREIGN_SERVER;
break;
- case ACL_KIND_EVENT_TRIGGER:
+ case OBJECT_EVENT_TRIGGER:
elog(ERROR, "grantable rights not supported for event triggers");
/* not reached, but keep compiler quiet */
return ACL_NO_RIGHTS;
- case ACL_KIND_TYPE:
+ case OBJECT_TYPE:
whole_mask = ACL_ALL_RIGHTS_TYPE;
break;
default:
- elog(ERROR, "unrecognized object kind: %d", objkind);
+ elog(ERROR, "unrecognized object type: %d", objtype);
/* not reached, but keep compiler quiet */
return ACL_NO_RIGHTS;
}
@@ -297,14 +297,14 @@ restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs,
*/
if (avail_goptions == ACL_NO_RIGHTS)
{
- if (pg_aclmask(objkind, objectId, att_number, grantorId,
+ if (pg_aclmask(objtype, objectId, att_number, grantorId,
whole_mask | ACL_GRANT_OPTION_FOR(whole_mask),
ACLMASK_ANY) == ACL_NO_RIGHTS)
{
- if (objkind == ACL_KIND_COLUMN && colname)
- aclcheck_error_col(ACLCHECK_NO_PRIV, objkind, objname, colname);
+ if (objtype == OBJECT_COLUMN && colname)
+ aclcheck_error_col(ACLCHECK_NO_PRIV, objtype, objname, colname);
else
- aclcheck_error(ACLCHECK_NO_PRIV, objkind, objname);
+ aclcheck_error(ACLCHECK_NO_PRIV, objtype, objname);
}
}
@@ -320,7 +320,7 @@ restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs,
{
if (this_privileges == 0)
{
- if (objkind == ACL_KIND_COLUMN && colname)
+ if (objtype == OBJECT_COLUMN && colname)
ereport(WARNING,
(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
errmsg("no privileges were granted for column \"%s\" of relation \"%s\"",
@@ -333,7 +333,7 @@ restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs,
}
else if (!all_privs && this_privileges != privileges)
{
- if (objkind == ACL_KIND_COLUMN && colname)
+ if (objtype == OBJECT_COLUMN && colname)
ereport(WARNING,
(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
errmsg("not all privileges were granted for column \"%s\" of relation \"%s\"",
@@ -349,7 +349,7 @@ restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs,
{
if (this_privileges == 0)
{
- if (objkind == ACL_KIND_COLUMN && colname)
+ if (objtype == OBJECT_COLUMN && colname)
ereport(WARNING,
(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
errmsg("no privileges could be revoked for column \"%s\" of relation \"%s\"",
@@ -362,7 +362,7 @@ restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs,
}
else if (!all_privs && this_privileges != privileges)
{
- if (objkind == ACL_KIND_COLUMN && colname)
+ if (objtype == OBJECT_COLUMN && colname)
ereport(WARNING,
(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
errmsg("not all privileges could be revoked for column \"%s\" of relation \"%s\"",
@@ -1721,7 +1721,7 @@ ExecGrant_Attribute(InternalGrant *istmt, Oid relOid, const char *relname,
restrict_and_check_grant(istmt->is_grant, avail_goptions,
(col_privileges == ACL_ALL_RIGHTS_COLUMN),
col_privileges,
- relOid, grantorId, ACL_KIND_COLUMN,
+ relOid, grantorId, OBJECT_COLUMN,
relname, attnum,
NameStr(pg_attribute_tuple->attname));
@@ -1975,7 +1975,7 @@ ExecGrant_Relation(InternalGrant *istmt)
bool replaces[Natts_pg_class];
int nnewmembers;
Oid *newmembers;
- AclObjectKind aclkind;
+ ObjectType objtype;
/* Determine ID to do the grant as, and available grant options */
select_best_grantor(GetUserId(), this_privileges,
@@ -1985,10 +1985,10 @@ ExecGrant_Relation(InternalGrant *istmt)
switch (pg_class_tuple->relkind)
{
case RELKIND_SEQUENCE:
- aclkind = ACL_KIND_SEQUENCE;
+ objtype = OBJECT_SEQUENCE;
break;
default:
- aclkind = ACL_KIND_CLASS;
+ objtype = OBJECT_RELATION;
break;
}
@@ -1999,7 +1999,7 @@ ExecGrant_Relation(InternalGrant *istmt)
this_privileges =
restrict_and_check_grant(istmt->is_grant, avail_goptions,
istmt->all_privs, this_privileges,
- relOid, grantorId, aclkind,
+ relOid, grantorId, objtype,
NameStr(pg_class_tuple->relname),
0, NULL);
@@ -2193,7 +2193,7 @@ ExecGrant_Database(InternalGrant *istmt)
this_privileges =
restrict_and_check_grant(istmt->is_grant, avail_goptions,
istmt->all_privs, istmt->privileges,
- datId, grantorId, ACL_KIND_DATABASE,
+ datId, grantorId, OBJECT_DATABASE,
NameStr(pg_database_tuple->datname),
0, NULL);
@@ -2315,7 +2315,7 @@ ExecGrant_Fdw(InternalGrant *istmt)
this_privileges =
restrict_and_check_grant(istmt->is_grant, avail_goptions,
istmt->all_privs, istmt->privileges,
- fdwid, grantorId, ACL_KIND_FDW,
+ fdwid, grantorId, OBJECT_FDW,
NameStr(pg_fdw_tuple->fdwname),
0, NULL);
@@ -2441,7 +2441,7 @@ ExecGrant_ForeignServer(InternalGrant *istmt)
this_privileges =
restrict_and_check_grant(istmt->is_grant, avail_goptions,
istmt->all_privs, istmt->privileges,
- srvid, grantorId, ACL_KIND_FOREIGN_SERVER,
+ srvid, grantorId, OBJECT_FOREIGN_SERVER,
NameStr(pg_server_tuple->srvname),
0, NULL);
@@ -2565,7 +2565,7 @@ ExecGrant_Function(InternalGrant *istmt)
this_privileges =
restrict_and_check_grant(istmt->is_grant, avail_goptions,
istmt->all_privs, istmt->privileges,
- funcId, grantorId, ACL_KIND_PROC,
+ funcId, grantorId, OBJECT_FUNCTION,
NameStr(pg_proc_tuple->proname),
0, NULL);
@@ -2696,7 +2696,7 @@ ExecGrant_Language(InternalGrant *istmt)
this_privileges =
restrict_and_check_grant(istmt->is_grant, avail_goptions,
istmt->all_privs, istmt->privileges,
- langId, grantorId, ACL_KIND_LANGUAGE,
+ langId, grantorId, OBJECT_LANGUAGE,
NameStr(pg_language_tuple->lanname),
0, NULL);
@@ -2835,7 +2835,7 @@ ExecGrant_Largeobject(InternalGrant *istmt)
this_privileges =
restrict_and_check_grant(istmt->is_grant, avail_goptions,
istmt->all_privs, istmt->privileges,
- loid, grantorId, ACL_KIND_LARGEOBJECT,
+ loid, grantorId, OBJECT_LARGEOBJECT,
loname, 0, NULL);
/*
@@ -2960,7 +2960,7 @@ ExecGrant_Namespace(InternalGrant *istmt)
this_privileges =
restrict_and_check_grant(istmt->is_grant, avail_goptions,
istmt->all_privs, istmt->privileges,
- nspid, grantorId, ACL_KIND_NAMESPACE,
+ nspid, grantorId, OBJECT_SCHEMA,
NameStr(pg_namespace_tuple->nspname),
0, NULL);
@@ -3084,7 +3084,7 @@ ExecGrant_Tablespace(InternalGrant *istmt)
this_privileges =
restrict_and_check_grant(istmt->is_grant, avail_goptions,
istmt->all_privs, istmt->privileges,
- tblId, grantorId, ACL_KIND_TABLESPACE,
+ tblId, grantorId, OBJECT_TABLESPACE,
NameStr(pg_tablespace_tuple->spcname),
0, NULL);
@@ -3218,7 +3218,7 @@ ExecGrant_Type(InternalGrant *istmt)
this_privileges =
restrict_and_check_grant(istmt->is_grant, avail_goptions,
istmt->all_privs, istmt->privileges,
- typId, grantorId, ACL_KIND_TYPE,
+ typId, grantorId, OBJECT_TYPE,
NameStr(pg_type_tuple->typname),
0, NULL);
@@ -3347,114 +3347,8 @@ privilege_to_string(AclMode privilege)
* Note: we do not double-quote the %s's below, because many callers
* supply strings that might be already quoted.
*/
-
-static const char *const no_priv_msg[MAX_ACL_KIND] =
-{
- /* ACL_KIND_COLUMN */
- gettext_noop("permission denied for column %s"),
- /* ACL_KIND_CLASS */
- gettext_noop("permission denied for relation %s"),
- /* ACL_KIND_SEQUENCE */
- gettext_noop("permission denied for sequence %s"),
- /* ACL_KIND_DATABASE */
- gettext_noop("permission denied for database %s"),
- /* ACL_KIND_PROC */
- gettext_noop("permission denied for function %s"),
- /* ACL_KIND_OPER */
- gettext_noop("permission denied for operator %s"),
- /* ACL_KIND_TYPE */
- gettext_noop("permission denied for type %s"),
- /* ACL_KIND_LANGUAGE */
- gettext_noop("permission denied for language %s"),
- /* ACL_KIND_LARGEOBJECT */
- gettext_noop("permission denied for large object %s"),
- /* ACL_KIND_NAMESPACE */
- gettext_noop("permission denied for schema %s"),
- /* ACL_KIND_OPCLASS */
- gettext_noop("permission denied for operator class %s"),
- /* ACL_KIND_OPFAMILY */
- gettext_noop("permission denied for operator family %s"),
- /* ACL_KIND_COLLATION */
- gettext_noop("permission denied for collation %s"),
- /* ACL_KIND_CONVERSION */
- gettext_noop("permission denied for conversion %s"),
- /* ACL_KIND_STATISTICS */
- gettext_noop("permission denied for statistics object %s"),
- /* ACL_KIND_TABLESPACE */
- gettext_noop("permission denied for tablespace %s"),
- /* ACL_KIND_TSDICTIONARY */
- gettext_noop("permission denied for text search dictionary %s"),
- /* ACL_KIND_TSCONFIGURATION */
- gettext_noop("permission denied for text search configuration %s"),
- /* ACL_KIND_FDW */
- gettext_noop("permission denied for foreign-data wrapper %s"),
- /* ACL_KIND_FOREIGN_SERVER */
- gettext_noop("permission denied for foreign server %s"),
- /* ACL_KIND_EVENT_TRIGGER */
- gettext_noop("permission denied for event trigger %s"),
- /* ACL_KIND_EXTENSION */
- gettext_noop("permission denied for extension %s"),
- /* ACL_KIND_PUBLICATION */
- gettext_noop("permission denied for publication %s"),
- /* ACL_KIND_SUBSCRIPTION */
- gettext_noop("permission denied for subscription %s"),
-};
-
-static const char *const not_owner_msg[MAX_ACL_KIND] =
-{
- /* ACL_KIND_COLUMN */
- gettext_noop("must be owner of relation %s"),
- /* ACL_KIND_CLASS */
- gettext_noop("must be owner of relation %s"),
- /* ACL_KIND_SEQUENCE */
- gettext_noop("must be owner of sequence %s"),
- /* ACL_KIND_DATABASE */
- gettext_noop("must be owner of database %s"),
- /* ACL_KIND_PROC */
- gettext_noop("must be owner of function %s"),
- /* ACL_KIND_OPER */
- gettext_noop("must be owner of operator %s"),
- /* ACL_KIND_TYPE */
- gettext_noop("must be owner of type %s"),
- /* ACL_KIND_LANGUAGE */
- gettext_noop("must be owner of language %s"),
- /* ACL_KIND_LARGEOBJECT */
- gettext_noop("must be owner of large object %s"),
- /* ACL_KIND_NAMESPACE */
- gettext_noop("must be owner of schema %s"),
- /* ACL_KIND_OPCLASS */
- gettext_noop("must be owner of operator class %s"),
- /* ACL_KIND_OPFAMILY */
- gettext_noop("must be owner of operator family %s"),
- /* ACL_KIND_COLLATION */
- gettext_noop("must be owner of collation %s"),
- /* ACL_KIND_CONVERSION */
- gettext_noop("must be owner of conversion %s"),
- /* ACL_KIND_STATISTICS */
- gettext_noop("must be owner of statistics object %s"),
- /* ACL_KIND_TABLESPACE */
- gettext_noop("must be owner of tablespace %s"),
- /* ACL_KIND_TSDICTIONARY */
- gettext_noop("must be owner of text search dictionary %s"),
- /* ACL_KIND_TSCONFIGURATION */
- gettext_noop("must be owner of text search configuration %s"),
- /* ACL_KIND_FDW */
- gettext_noop("must be owner of foreign-data wrapper %s"),
- /* ACL_KIND_FOREIGN_SERVER */
- gettext_noop("must be owner of foreign server %s"),
- /* ACL_KIND_EVENT_TRIGGER */
- gettext_noop("must be owner of event trigger %s"),
- /* ACL_KIND_EXTENSION */
- gettext_noop("must be owner of extension %s"),
- /* ACL_KIND_PUBLICATION */
- gettext_noop("must be owner of publication %s"),
- /* ACL_KIND_SUBSCRIPTION */
- gettext_noop("must be owner of subscription %s"),
-};
-
-
void
-aclcheck_error(AclResult aclerr, AclObjectKind objectkind,
+aclcheck_error(AclResult aclerr, ObjectType objtype,
const char *objectname)
{
switch (aclerr)
@@ -3463,15 +3357,275 @@ aclcheck_error(AclResult aclerr, AclObjectKind objectkind,
/* no error, so return to caller */
break;
case ACLCHECK_NO_PRIV:
- ereport(ERROR,
- (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
- errmsg(no_priv_msg[objectkind], objectname)));
- break;
+ {
+ const char *msg;
+
+ switch (objtype)
+ {
+ case OBJECT_AGGREGATE:
+ msg = gettext_noop("permission denied for aggregate %s");
+ break;
+ case OBJECT_COLLATION:
+ msg = gettext_noop("permission denied for collation %s");
+ break;
+ case OBJECT_COLUMN:
+ msg = gettext_noop("permission denied for column %s");
+ break;
+ case OBJECT_CONVERSION:
+ msg = gettext_noop("permission denied for conversion %s");
+ break;
+ case OBJECT_DATABASE:
+ msg = gettext_noop("permission denied for database %s");
+ break;
+ case OBJECT_DOMAIN:
+ msg = gettext_noop("permission denied for domain %s");
+ break;
+ case OBJECT_EVENT_TRIGGER:
+ msg = gettext_noop("permission denied for event trigger %s");
+ break;
+ case OBJECT_EXTENSION:
+ msg = gettext_noop("permission denied for extension %s");
+ break;
+ case OBJECT_FDW:
+ msg = gettext_noop("permission denied for foreign-data wrapper %s");
+ break;
+ case OBJECT_FOREIGN_SERVER:
+ msg = gettext_noop("permission denied for foreign server %s");
+ break;
+ case OBJECT_FOREIGN_TABLE:
+ msg = gettext_noop("permission denied for foreign table %s");
+ break;
+ case OBJECT_FUNCTION:
+ msg = gettext_noop("permission denied for function %s");
+ break;
+ case OBJECT_INDEX:
+ msg = gettext_noop("permission denied for index %s");
+ break;
+ case OBJECT_LANGUAGE:
+ msg = gettext_noop("permission denied for language %s");
+ break;
+ case OBJECT_LARGEOBJECT:
+ msg = gettext_noop("permission denied for large object %s");
+ break;
+ case OBJECT_MATVIEW:
+ msg = gettext_noop("permission denied for materialized view %s");
+ break;
+ case OBJECT_OPCLASS:
+ msg = gettext_noop("permission denied for operator class %s");
+ break;
+ case OBJECT_OPERATOR:
+ msg = gettext_noop("permission denied for operator %s");
+ break;
+ case OBJECT_OPFAMILY:
+ msg = gettext_noop("permission denied for operator family %s");
+ break;
+ case OBJECT_POLICY:
+ msg = gettext_noop("permission denied for policy %s");
+ break;
+ case OBJECT_PROCEDURE:
+ msg = gettext_noop("permission denied for procedure %s");
+ break;
+ case OBJECT_PUBLICATION:
+ msg = gettext_noop("permission denied for publication %s");
+ break;
+ case OBJECT_RELATION:
+ msg = gettext_noop("permission denied for relation %s");
+ break;
+ case OBJECT_ROUTINE:
+ msg = gettext_noop("permission denied for routine %s");
+ break;
+ case OBJECT_SCHEMA:
+ msg = gettext_noop("permission denied for schema %s");
+ break;
+ case OBJECT_SEQUENCE:
+ msg = gettext_noop("permission denied for sequence %s");
+ break;
+ case OBJECT_STATISTIC_EXT:
+ msg = gettext_noop("permission denied for statistics object %s");
+ break;
+ case OBJECT_SUBSCRIPTION:
+ msg = gettext_noop("permission denied for subscription %s");
+ break;
+ case OBJECT_TABLE:
+ msg = gettext_noop("permission denied for table %s");
+ break;
+ case OBJECT_TABLESPACE:
+ msg = gettext_noop("permission denied for tablespace %s");
+ break;
+ case OBJECT_TSCONFIGURATION:
+ msg = gettext_noop("permission denied for text search configuration %s");
+ break;
+ case OBJECT_TSDICTIONARY:
+ msg = gettext_noop("permission denied for text search dictionary %s");
+ break;
+ case OBJECT_TYPE:
+ msg = gettext_noop("permission denied for type %s");
+ break;
+ case OBJECT_VIEW:
+ msg = gettext_noop("permission denied for view %s");
+ break;
+ /* these currently aren't used */
+ case OBJECT_ACCESS_METHOD:
+ case OBJECT_AMOP:
+ case OBJECT_AMPROC:
+ case OBJECT_ATTRIBUTE:
+ case OBJECT_CAST:
+ case OBJECT_DEFAULT:
+ case OBJECT_DEFACL:
+ case OBJECT_DOMCONSTRAINT:
+ case OBJECT_PUBLICATION_REL:
+ case OBJECT_ROLE:
+ case OBJECT_RULE:
+ case OBJECT_TABCONSTRAINT:
+ case OBJECT_TRANSFORM:
+ case OBJECT_TRIGGER:
+ case OBJECT_TSPARSER:
+ case OBJECT_TSTEMPLATE:
+ case OBJECT_USER_MAPPING:
+ elog(ERROR, "unsupported object type %d", objtype);
+ msg = "???";
+ }
+
+ ereport(ERROR,
+ (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+ errmsg(msg, objectname)));
+ break;
+ }
case ACLCHECK_NOT_OWNER:
- ereport(ERROR,
- (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
- errmsg(not_owner_msg[objectkind], objectname)));
- break;
+ {
+ const char *msg;
+
+ switch (objtype)
+ {
+ case OBJECT_AGGREGATE:
+ msg = gettext_noop("must be owner of aggregate %s");
+ break;
+ case OBJECT_COLLATION:
+ msg = gettext_noop("must be owner of collation %s");
+ break;
+ case OBJECT_COLUMN:
+ msg = gettext_noop("must be owner of relation %s");
+ break;
+ case OBJECT_CONVERSION:
+ msg = gettext_noop("must be owner of conversion %s");
+ break;
+ case OBJECT_DATABASE:
+ msg = gettext_noop("must be owner of database %s");
+ break;
+ case OBJECT_DOMAIN:
+ msg = gettext_noop("must be owner of domain %s");
+ break;
+ case OBJECT_EVENT_TRIGGER:
+ msg = gettext_noop("must be owner of event trigger %s");
+ break;
+ case OBJECT_EXTENSION:
+ msg = gettext_noop("must be owner of extension %s");
+ break;
+ case OBJECT_FDW:
+ msg = gettext_noop("must be owner of foreign-data wrapper %s");
+ break;
+ case OBJECT_FOREIGN_SERVER:
+ msg = gettext_noop("must be owner of foreign server %s");
+ break;
+ case OBJECT_FOREIGN_TABLE:
+ msg = gettext_noop("must be owner of foreign table %s");
+ break;
+ case OBJECT_FUNCTION:
+ msg = gettext_noop("must be owner of function %s");
+ break;
+ case OBJECT_INDEX:
+ msg = gettext_noop("must be owner of index %s");
+ break;
+ case OBJECT_LANGUAGE:
+ msg = gettext_noop("must be owner of language %s");
+ break;
+ case OBJECT_LARGEOBJECT:
+ msg = gettext_noop("must be owner of large object %s");
+ break;
+ case OBJECT_MATVIEW:
+ msg = gettext_noop("must be owner of materialized view %s");
+ break;
+ case OBJECT_OPCLASS:
+ msg = gettext_noop("must be owner of operator class %s");
+ break;
+ case OBJECT_OPERATOR:
+ msg = gettext_noop("must be owner of operator %s");
+ break;
+ case OBJECT_OPFAMILY:
+ msg = gettext_noop("must be owner of operator family %s");
+ break;
+ case OBJECT_POLICY:
+ msg = gettext_noop("must be owner of relation %s");
+ break;
+ case OBJECT_PROCEDURE:
+ msg = gettext_noop("must be owner of procedure %s");
+ break;
+ case OBJECT_PUBLICATION:
+ msg = gettext_noop("must be owner of publication %s");
+ break;
+ case OBJECT_RELATION:
+ msg = gettext_noop("must be owner of relation %s");
+ break;
+ case OBJECT_ROUTINE:
+ msg = gettext_noop("must be owner of routine %s");
+ break;
+ case OBJECT_SEQUENCE:
+ msg = gettext_noop("must be owner of sequence %s");
+ break;
+ case OBJECT_SUBSCRIPTION:
+ msg = gettext_noop("must be owner of subscription %s");
+ break;
+ case OBJECT_TABLE:
+ msg = gettext_noop("must be owner of table %s");
+ break;
+ case OBJECT_TYPE:
+ msg = gettext_noop("must be owner of type %s");
+ break;
+ case OBJECT_VIEW:
+ msg = gettext_noop("must be owner of view %s");
+ break;
+ case OBJECT_SCHEMA:
+ msg = gettext_noop("must be owner of schema %s");
+ break;
+ case OBJECT_STATISTIC_EXT:
+ msg = gettext_noop("must be owner of statistics object %s");
+ break;
+ case OBJECT_TABLESPACE:
+ msg = gettext_noop("must be owner of tablespace %s");
+ break;
+ case OBJECT_TSCONFIGURATION:
+ msg = gettext_noop("must be owner of text search configuration %s");
+ break;
+ case OBJECT_TSDICTIONARY:
+ msg = gettext_noop("must be owner of text search dictionary %s");
+ break;
+ /* these currently aren't used */
+ case OBJECT_ACCESS_METHOD:
+ case OBJECT_AMOP:
+ case OBJECT_AMPROC:
+ case OBJECT_ATTRIBUTE:
+ case OBJECT_CAST:
+ case OBJECT_DEFAULT:
+ case OBJECT_DEFACL:
+ case OBJECT_DOMCONSTRAINT:
+ case OBJECT_PUBLICATION_REL:
+ case OBJECT_ROLE:
+ case OBJECT_RULE:
+ case OBJECT_TABCONSTRAINT:
+ case OBJECT_TRANSFORM:
+ case OBJECT_TRIGGER:
+ case OBJECT_TSPARSER:
+ case OBJECT_TSTEMPLATE:
+ case OBJECT_USER_MAPPING:
+ elog(ERROR, "unsupported object type %d", objtype);
+ msg = "???";
+ }
+
+ ereport(ERROR,
+ (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+ errmsg(msg, objectname)));
+ break;
+ }
default:
elog(ERROR, "unrecognized AclResult: %d", (int) aclerr);
break;
@@ -3480,7 +3634,7 @@ aclcheck_error(AclResult aclerr, AclObjectKind objectkind,
void
-aclcheck_error_col(AclResult aclerr, AclObjectKind objectkind,
+aclcheck_error_col(AclResult aclerr, ObjectType objtype,
const char *objectname, const char *colname)
{
switch (aclerr)
@@ -3496,9 +3650,7 @@ aclcheck_error_col(AclResult aclerr, AclObjectKind objectkind,
break;
case ACLCHECK_NOT_OWNER:
/* relation msg is OK since columns don't have separate owners */
- ereport(ERROR,
- (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
- errmsg(not_owner_msg[objectkind], objectname)));
+ aclcheck_error(aclerr, objtype, objectname);
break;
default:
elog(ERROR, "unrecognized AclResult: %d", (int) aclerr);
@@ -3516,7 +3668,7 @@ aclcheck_error_type(AclResult aclerr, Oid typeOid)
{
Oid element_type = get_element_type(typeOid);
- aclcheck_error(aclerr, ACL_KIND_TYPE, format_type_be(element_type ? element_type : typeOid));
+ aclcheck_error(aclerr, OBJECT_TYPE, format_type_be(element_type ? element_type : typeOid));
}
@@ -3524,48 +3676,48 @@ aclcheck_error_type(AclResult aclerr, Oid typeOid)
* Relay for the various pg_*_mask routines depending on object kind
*/
static AclMode
-pg_aclmask(AclObjectKind objkind, Oid table_oid, AttrNumber attnum, Oid roleid,
+pg_aclmask(ObjectType objtype, Oid table_oid, AttrNumber attnum, Oid roleid,
AclMode mask, AclMaskHow how)
{
- switch (objkind)
+ switch (objtype)
{
- case ACL_KIND_COLUMN:
+ case OBJECT_COLUMN:
return
pg_class_aclmask(table_oid, roleid, mask, how) |
pg_attribute_aclmask(table_oid, attnum, roleid, mask, how);
- case ACL_KIND_CLASS:
- case ACL_KIND_SEQUENCE:
+ case OBJECT_RELATION:
+ case OBJECT_SEQUENCE:
return pg_class_aclmask(table_oid, roleid, mask, how);
- case ACL_KIND_DATABASE:
+ case OBJECT_DATABASE:
return pg_database_aclmask(table_oid, roleid, mask, how);
- case ACL_KIND_PROC:
+ case OBJECT_FUNCTION:
return pg_proc_aclmask(table_oid, roleid, mask, how);
- case ACL_KIND_LANGUAGE:
+ case OBJECT_LANGUAGE:
return pg_language_aclmask(table_oid, roleid, mask, how);
- case ACL_KIND_LARGEOBJECT:
+ case OBJECT_LARGEOBJECT:
return pg_largeobject_aclmask_snapshot(table_oid, roleid,
mask, how, NULL);
- case ACL_KIND_NAMESPACE:
+ case OBJECT_SCHEMA:
return pg_namespace_aclmask(table_oid, roleid, mask, how);
- case ACL_KIND_STATISTICS:
+ case OBJECT_STATISTIC_EXT:
elog(ERROR, "grantable rights not supported for statistics objects");
/* not reached, but keep compiler quiet */
return ACL_NO_RIGHTS;
- case ACL_KIND_TABLESPACE:
+ case OBJECT_TABLESPACE:
return pg_tablespace_aclmask(table_oid, roleid, mask, how);
- case ACL_KIND_FDW:
+ case OBJECT_FDW:
return pg_foreign_data_wrapper_aclmask(table_oid, roleid, mask, how);
- case ACL_KIND_FOREIGN_SERVER:
+ case OBJECT_FOREIGN_SERVER:
return pg_foreign_server_aclmask(table_oid, roleid, mask, how);
- case ACL_KIND_EVENT_TRIGGER:
+ case OBJECT_EVENT_TRIGGER:
elog(ERROR, "grantable rights not supported for event triggers");
/* not reached, but keep compiler quiet */
return ACL_NO_RIGHTS;
- case ACL_KIND_TYPE:
+ case OBJECT_TYPE:
return pg_type_aclmask(table_oid, roleid, mask, how);
default:
- elog(ERROR, "unrecognized objkind: %d",
- (int) objkind);
+ elog(ERROR, "unrecognized objtype: %d",
+ (int) objtype);
/* not reached, but keep compiler quiet */
return ACL_NO_RIGHTS;
}
diff --git a/src/backend/catalog/namespace.c b/src/backend/catalog/namespace.c
index 93c4bbfcb0..75636e6dab 100644
--- a/src/backend/catalog/namespace.c
+++ b/src/backend/catalog/namespace.c
@@ -560,7 +560,7 @@ RangeVarGetAndCheckCreationNamespace(RangeVar *relation,
/* Check namespace permissions. */
aclresult = pg_namespace_aclcheck(nspid, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
+ aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(nspid));
if (retry)
@@ -585,7 +585,7 @@ RangeVarGetAndCheckCreationNamespace(RangeVar *relation,
if (lockmode != NoLock && OidIsValid(relid))
{
if (!pg_class_ownercheck(relid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
relation->relname);
if (relid != oldrelid)
LockRelationOid(relid, lockmode);
@@ -2874,7 +2874,7 @@ LookupExplicitNamespace(const char *nspname, bool missing_ok)
aclresult = pg_namespace_aclcheck(namespaceId, GetUserId(), ACL_USAGE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
+ aclcheck_error(aclresult, OBJECT_SCHEMA,
nspname);
/* Schema search hook for this lookup */
InvokeNamespaceSearchHook(namespaceId, true);
@@ -2911,7 +2911,7 @@ LookupCreationNamespace(const char *nspname)
aclresult = pg_namespace_aclcheck(namespaceId, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
+ aclcheck_error(aclresult, OBJECT_SCHEMA,
nspname);
return namespaceId;
diff --git a/src/backend/catalog/objectaddress.c b/src/backend/catalog/objectaddress.c
index 370be1c420..9be365f50d 100644
--- a/src/backend/catalog/objectaddress.c
+++ b/src/backend/catalog/objectaddress.c
@@ -104,7 +104,7 @@ typedef struct
AttrNumber attnum_namespace; /* attnum of namespace field */
AttrNumber attnum_owner; /* attnum of owner field */
AttrNumber attnum_acl; /* attnum of acl field */
- AclObjectKind acl_kind; /* ACL_KIND_* of this object type */
+ ObjectType objtype; /* OBJECT_* of this object type */
bool is_nsp_name_unique; /* can the nsp/name combination (or name
* alone, if there's no namespace) be
* considered a unique identifier for an
@@ -146,7 +146,7 @@ static const ObjectPropertyType ObjectProperty[] =
Anum_pg_collation_collnamespace,
Anum_pg_collation_collowner,
InvalidAttrNumber,
- ACL_KIND_COLLATION,
+ OBJECT_COLLATION,
true
},
{
@@ -170,7 +170,7 @@ static const ObjectPropertyType ObjectProperty[] =
Anum_pg_conversion_connamespace,
Anum_pg_conversion_conowner,
InvalidAttrNumber,
- ACL_KIND_CONVERSION,
+ OBJECT_CONVERSION,
true
},
{
@@ -182,7 +182,7 @@ static const ObjectPropertyType ObjectProperty[] =
InvalidAttrNumber,
Anum_pg_database_datdba,
Anum_pg_database_datacl,
- ACL_KIND_DATABASE,
+ OBJECT_DATABASE,
true
},
{
@@ -194,7 +194,7 @@ static const ObjectPropertyType ObjectProperty[] =
InvalidAttrNumber, /* extension doesn't belong to extnamespace */
Anum_pg_extension_extowner,
InvalidAttrNumber,
- ACL_KIND_EXTENSION,
+ OBJECT_EXTENSION,
true
},
{
@@ -206,7 +206,7 @@ static const ObjectPropertyType ObjectProperty[] =
InvalidAttrNumber,
Anum_pg_foreign_data_wrapper_fdwowner,
Anum_pg_foreign_data_wrapper_fdwacl,
- ACL_KIND_FDW,
+ OBJECT_FDW,
true
},
{
@@ -218,7 +218,7 @@ static const ObjectPropertyType ObjectProperty[] =
InvalidAttrNumber,
Anum_pg_foreign_server_srvowner,
Anum_pg_foreign_server_srvacl,
- ACL_KIND_FOREIGN_SERVER,
+ OBJECT_FOREIGN_SERVER,
true
},
{
@@ -230,7 +230,7 @@ static const ObjectPropertyType ObjectProperty[] =
Anum_pg_proc_pronamespace,
Anum_pg_proc_proowner,
Anum_pg_proc_proacl,
- ACL_KIND_PROC,
+ OBJECT_FUNCTION,
false
},
{
@@ -242,7 +242,7 @@ static const ObjectPropertyType ObjectProperty[] =
InvalidAttrNumber,
Anum_pg_language_lanowner,
Anum_pg_language_lanacl,
- ACL_KIND_LANGUAGE,
+ OBJECT_LANGUAGE,
true
},
{
@@ -254,7 +254,7 @@ static const ObjectPropertyType ObjectProperty[] =
InvalidAttrNumber,
Anum_pg_largeobject_metadata_lomowner,
Anum_pg_largeobject_metadata_lomacl,
- ACL_KIND_LARGEOBJECT,
+ OBJECT_LARGEOBJECT,
false
},
{
@@ -266,7 +266,7 @@ static const ObjectPropertyType ObjectProperty[] =
Anum_pg_opclass_opcnamespace,
Anum_pg_opclass_opcowner,
InvalidAttrNumber,
- ACL_KIND_OPCLASS,
+ OBJECT_OPCLASS,
true
},
{
@@ -278,7 +278,7 @@ static const ObjectPropertyType ObjectProperty[] =
Anum_pg_operator_oprnamespace,
Anum_pg_operator_oprowner,
InvalidAttrNumber,
- ACL_KIND_OPER,
+ OBJECT_OPERATOR,
false
},
{
@@ -290,7 +290,7 @@ static const ObjectPropertyType ObjectProperty[] =
Anum_pg_opfamily_opfnamespace,
Anum_pg_opfamily_opfowner,
InvalidAttrNumber,
- ACL_KIND_OPFAMILY,
+ OBJECT_OPFAMILY,
true
},
{
@@ -326,7 +326,7 @@ static const ObjectPropertyType ObjectProperty[] =
InvalidAttrNumber,
Anum_pg_namespace_nspowner,
Anum_pg_namespace_nspacl,
- ACL_KIND_NAMESPACE,
+ OBJECT_SCHEMA,
true
},
{
@@ -338,7 +338,7 @@ static const ObjectPropertyType ObjectProperty[] =
Anum_pg_class_relnamespace,
Anum_pg_class_relowner,
Anum_pg_class_relacl,
- ACL_KIND_CLASS,
+ OBJECT_RELATION,
true
},
{
@@ -350,7 +350,7 @@ static const ObjectPropertyType ObjectProperty[] =
InvalidAttrNumber,
Anum_pg_tablespace_spcowner,
Anum_pg_tablespace_spcacl,
- ACL_KIND_TABLESPACE,
+ OBJECT_TABLESPACE,
true
},
{
@@ -392,7 +392,7 @@ static const ObjectPropertyType ObjectProperty[] =
InvalidAttrNumber,
Anum_pg_event_trigger_evtowner,
InvalidAttrNumber,
- ACL_KIND_EVENT_TRIGGER,
+ OBJECT_EVENT_TRIGGER,
true
},
{
@@ -404,7 +404,7 @@ static const ObjectPropertyType ObjectProperty[] =
Anum_pg_ts_config_cfgnamespace,
Anum_pg_ts_config_cfgowner,
InvalidAttrNumber,
- ACL_KIND_TSCONFIGURATION,
+ OBJECT_TSCONFIGURATION,
true
},
{
@@ -416,7 +416,7 @@ static const ObjectPropertyType ObjectProperty[] =
Anum_pg_ts_dict_dictnamespace,
Anum_pg_ts_dict_dictowner,
InvalidAttrNumber,
- ACL_KIND_TSDICTIONARY,
+ OBJECT_TSDICTIONARY,
true
},
{
@@ -452,7 +452,7 @@ static const ObjectPropertyType ObjectProperty[] =
Anum_pg_type_typnamespace,
Anum_pg_type_typowner,
Anum_pg_type_typacl,
- ACL_KIND_TYPE,
+ OBJECT_TYPE,
true
},
{
@@ -464,7 +464,7 @@ static const ObjectPropertyType ObjectProperty[] =
InvalidAttrNumber,
Anum_pg_publication_pubowner,
InvalidAttrNumber,
- ACL_KIND_PUBLICATION,
+ OBJECT_PUBLICATION,
true
},
{
@@ -476,7 +476,7 @@ static const ObjectPropertyType ObjectProperty[] =
InvalidAttrNumber,
Anum_pg_subscription_subowner,
InvalidAttrNumber,
- ACL_KIND_SUBSCRIPTION,
+ OBJECT_SUBSCRIPTION,
true
},
{
@@ -488,7 +488,7 @@ static const ObjectPropertyType ObjectProperty[] =
Anum_pg_statistic_ext_stxnamespace,
Anum_pg_statistic_ext_stxowner,
InvalidAttrNumber, /* no ACL (same as relation) */
- ACL_KIND_STATISTICS,
+ OBJECT_STATISTIC_EXT,
true
}
};
@@ -2242,12 +2242,12 @@ check_object_ownership(Oid roleid, ObjectType objtype, ObjectAddress address,
case OBJECT_POLICY:
case OBJECT_TABCONSTRAINT:
if (!pg_class_ownercheck(RelationGetRelid(relation), roleid))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
+ aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
RelationGetRelationName(relation));
break;
case OBJECT_DATABASE:
if (!pg_database_ownercheck(address.objectId, roleid))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_DATABASE,
+ aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
strVal((Value *) object));
break;
case OBJECT_TYPE:
@@ -2262,62 +2262,62 @@ check_object_ownership(Oid roleid, ObjectType objtype, ObjectAddress address,
case OBJECT_PROCEDURE:
case OBJECT_ROUTINE:
if (!pg_proc_ownercheck(address.objectId, roleid))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PROC,
+ aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
NameListToString((castNode(ObjectWithArgs, object))->objname));
break;
case OBJECT_OPERATOR:
if (!pg_oper_ownercheck(address.objectId, roleid))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_OPER,
+ aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
NameListToString((castNode(ObjectWithArgs, object))->objname));
break;
case OBJECT_SCHEMA:
if (!pg_namespace_ownercheck(address.objectId, roleid))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_NAMESPACE,
+ aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
strVal((Value *) object));
break;
case OBJECT_COLLATION:
if (!pg_collation_ownercheck(address.objectId, roleid))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_COLLATION,
+ aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
NameListToString(castNode(List, object)));
break;
case OBJECT_CONVERSION:
if (!pg_conversion_ownercheck(address.objectId, roleid))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CONVERSION,
+ aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
NameListToString(castNode(List, object)));
break;
case OBJECT_EXTENSION:
if (!pg_extension_ownercheck(address.objectId, roleid))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_EXTENSION,
+ aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
strVal((Value *) object));
break;
case OBJECT_FDW:
if (!pg_foreign_data_wrapper_ownercheck(address.objectId, roleid))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_FDW,
+ aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
strVal((Value *) object));
break;
case OBJECT_FOREIGN_SERVER:
if (!pg_foreign_server_ownercheck(address.objectId, roleid))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_FOREIGN_SERVER,
+ aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
strVal((Value *) object));
break;
case OBJECT_EVENT_TRIGGER:
if (!pg_event_trigger_ownercheck(address.objectId, roleid))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_EVENT_TRIGGER,
+ aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
strVal((Value *) object));
break;
case OBJECT_LANGUAGE:
if (!pg_language_ownercheck(address.objectId, roleid))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_LANGUAGE,
+ aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
strVal((Value *) object));
break;
case OBJECT_OPCLASS:
if (!pg_opclass_ownercheck(address.objectId, roleid))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_OPCLASS,
+ aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
NameListToString(castNode(List, object)));
break;
case OBJECT_OPFAMILY:
if (!pg_opfamily_ownercheck(address.objectId, roleid))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_OPFAMILY,
+ aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
NameListToString(castNode(List, object)));
break;
case OBJECT_LARGEOBJECT:
@@ -2347,12 +2347,12 @@ check_object_ownership(Oid roleid, ObjectType objtype, ObjectAddress address,
break;
case OBJECT_PUBLICATION:
if (!pg_publication_ownercheck(address.objectId, roleid))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PUBLICATION,
+ aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
strVal((Value *) object));
break;
case OBJECT_SUBSCRIPTION:
if (!pg_subscription_ownercheck(address.objectId, roleid))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_SUBSCRIPTION,
+ aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
strVal((Value *) object));
break;
case OBJECT_TRANSFORM:
@@ -2366,17 +2366,17 @@ check_object_ownership(Oid roleid, ObjectType objtype, ObjectAddress address,
break;
case OBJECT_TABLESPACE:
if (!pg_tablespace_ownercheck(address.objectId, roleid))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_TABLESPACE,
+ aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
strVal((Value *) object));
break;
case OBJECT_TSDICTIONARY:
if (!pg_ts_dict_ownercheck(address.objectId, roleid))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_TSDICTIONARY,
+ aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
NameListToString(castNode(List, object)));
break;
case OBJECT_TSCONFIGURATION:
if (!pg_ts_config_ownercheck(address.objectId, roleid))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_TSCONFIGURATION,
+ aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
NameListToString(castNode(List, object)));
break;
case OBJECT_ROLE:
@@ -2540,12 +2540,12 @@ get_object_attnum_acl(Oid class_id)
return prop->attnum_acl;
}
-AclObjectKind
-get_object_aclkind(Oid class_id)
+ObjectType
+get_object_type(Oid class_id)
{
const ObjectPropertyType *prop = get_object_property_data(class_id);
- return prop->acl_kind;
+ return prop->objtype;
}
bool
diff --git a/src/backend/catalog/pg_aggregate.c b/src/backend/catalog/pg_aggregate.c
index e801c1ed5c..f14ea26fcb 100644
--- a/src/backend/catalog/pg_aggregate.c
+++ b/src/backend/catalog/pg_aggregate.c
@@ -865,7 +865,7 @@ lookup_agg_function(List *fnName,
/* Check aggregate creator has permission to call the function */
aclresult = pg_proc_aclcheck(fnOid, GetUserId(), ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_PROC, get_func_name(fnOid));
+ aclcheck_error(aclresult, OBJECT_FUNCTION, get_func_name(fnOid));
return fnOid;
}
diff --git a/src/backend/catalog/pg_operator.c b/src/backend/catalog/pg_operator.c
index c96f336b7a..051602d820 100644
--- a/src/backend/catalog/pg_operator.c
+++ b/src/backend/catalog/pg_operator.c
@@ -425,7 +425,7 @@ OperatorCreate(const char *operatorName,
*/
if (OidIsValid(operatorObjectId) &&
!pg_oper_ownercheck(operatorObjectId, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_OPER,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_OPERATOR,
operatorName);
/*
@@ -445,7 +445,7 @@ OperatorCreate(const char *operatorName,
/* Permission check: must own other operator */
if (OidIsValid(commutatorId) &&
!pg_oper_ownercheck(commutatorId, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_OPER,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_OPERATOR,
NameListToString(commutatorName));
/*
@@ -470,7 +470,7 @@ OperatorCreate(const char *operatorName,
/* Permission check: must own other operator */
if (OidIsValid(negatorId) &&
!pg_oper_ownercheck(negatorId, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_OPER,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_OPERATOR,
NameListToString(negatorName));
}
else
@@ -618,7 +618,7 @@ get_other_operator(List *otherOp, Oid otherLeftTypeId, Oid otherRightTypeId,
aclresult = pg_namespace_aclcheck(otherNamespace, GetUserId(),
ACL_CREATE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
+ aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(otherNamespace));
other_oid = OperatorShellMake(otherName,
diff --git a/src/backend/catalog/pg_proc.c b/src/backend/catalog/pg_proc.c
index dd674113ba..b59fadbf76 100644
--- a/src/backend/catalog/pg_proc.c
+++ b/src/backend/catalog/pg_proc.c
@@ -400,7 +400,7 @@ ProcedureCreate(const char *procedureName,
errmsg("function \"%s\" already exists with same argument types",
procedureName)));
if (!pg_proc_ownercheck(HeapTupleGetOid(oldtup), proowner))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PROC,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_FUNCTION,
procedureName);
/*
diff --git a/src/backend/catalog/pg_type.c b/src/backend/catalog/pg_type.c
index fd63ea8cd1..660ac5b7c9 100644
--- a/src/backend/catalog/pg_type.c
+++ b/src/backend/catalog/pg_type.c
@@ -413,7 +413,7 @@ TypeCreate(Oid newTypeOid,
* shell type must have been created by same owner
*/
if (((Form_pg_type) GETSTRUCT(tup))->typowner != ownerId)
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_TYPE, typeName);
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_TYPE, typeName);
/* trouble if caller wanted to force the OID */
if (OidIsValid(newTypeOid))
diff --git a/src/backend/commands/aggregatecmds.c b/src/backend/commands/aggregatecmds.c
index 15378a9d4d..1779ba7bcb 100644
--- a/src/backend/commands/aggregatecmds.c
+++ b/src/backend/commands/aggregatecmds.c
@@ -103,7 +103,7 @@ DefineAggregate(ParseState *pstate, List *name, List *args, bool oldstyle, List
/* Check we have creation rights in target namespace */
aclresult = pg_namespace_aclcheck(aggNamespace, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
+ aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(aggNamespace));
/* Deconstruct the output of the aggr_args grammar production */
diff --git a/src/backend/commands/alter.c b/src/backend/commands/alter.c
index 3995c5ef3d..2d88f4c649 100644
--- a/src/backend/commands/alter.c
+++ b/src/backend/commands/alter.c
@@ -171,7 +171,7 @@ AlterObjectRename_internal(Relation rel, Oid objectId, const char *new_name)
AttrNumber Anum_name = get_object_attnum_name(classId);
AttrNumber Anum_namespace = get_object_attnum_namespace(classId);
AttrNumber Anum_owner = get_object_attnum_owner(classId);
- AclObjectKind acl_kind = get_object_aclkind(classId);
+ ObjectType objtype = get_object_type(classId);
HeapTuple oldtup;
HeapTuple newtup;
Datum datum;
@@ -223,7 +223,7 @@ AlterObjectRename_internal(Relation rel, Oid objectId, const char *new_name)
ownerId = DatumGetObjectId(datum);
if (!has_privs_of_role(GetUserId(), DatumGetObjectId(ownerId)))
- aclcheck_error(ACLCHECK_NOT_OWNER, acl_kind, old_name);
+ aclcheck_error(ACLCHECK_NOT_OWNER, objtype, old_name);
/* User must have CREATE privilege on the namespace */
if (OidIsValid(namespaceId))
@@ -231,7 +231,7 @@ AlterObjectRename_internal(Relation rel, Oid objectId, const char *new_name)
aclresult = pg_namespace_aclcheck(namespaceId, GetUserId(),
ACL_CREATE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
+ aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(namespaceId));
}
}
@@ -663,7 +663,7 @@ AlterObjectNamespace_internal(Relation rel, Oid objid, Oid nspOid)
AttrNumber Anum_name = get_object_attnum_name(classId);
AttrNumber Anum_namespace = get_object_attnum_namespace(classId);
AttrNumber Anum_owner = get_object_attnum_owner(classId);
- AclObjectKind acl_kind = get_object_aclkind(classId);
+ ObjectType objtype = get_object_type(classId);
Oid oldNspOid;
Datum name,
namespace;
@@ -719,13 +719,13 @@ AlterObjectNamespace_internal(Relation rel, Oid objid, Oid nspOid)
ownerId = DatumGetObjectId(owner);
if (!has_privs_of_role(GetUserId(), ownerId))
- aclcheck_error(ACLCHECK_NOT_OWNER, acl_kind,
+ aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
NameStr(*(DatumGetName(name))));
/* User must have CREATE privilege on new namespace */
aclresult = pg_namespace_aclcheck(nspOid, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
+ aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(nspOid));
}
@@ -942,7 +942,7 @@ AlterObjectOwner_internal(Relation rel, Oid objectId, Oid new_ownerId)
/* Superusers can bypass permission checks */
if (!superuser())
{
- AclObjectKind aclkind = get_object_aclkind(classId);
+ ObjectType objtype = get_object_type(classId);
/* must be owner */
if (!has_privs_of_role(GetUserId(), old_ownerId))
@@ -963,7 +963,7 @@ AlterObjectOwner_internal(Relation rel, Oid objectId, Oid new_ownerId)
HeapTupleGetOid(oldtup));
objname = namebuf;
}
- aclcheck_error(ACLCHECK_NOT_OWNER, aclkind, objname);
+ aclcheck_error(ACLCHECK_NOT_OWNER, objtype, objname);
}
/* Must be able to become new owner */
check_is_member_of_role(GetUserId(), new_ownerId);
@@ -976,7 +976,7 @@ AlterObjectOwner_internal(Relation rel, Oid objectId, Oid new_ownerId)
aclresult = pg_namespace_aclcheck(namespaceId, new_ownerId,
ACL_CREATE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
+ aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(namespaceId));
}
}
diff --git a/src/backend/commands/collationcmds.c b/src/backend/commands/collationcmds.c
index 6c6877395f..fdfb3dcd2c 100644
--- a/src/backend/commands/collationcmds.c
+++ b/src/backend/commands/collationcmds.c
@@ -74,7 +74,7 @@ DefineCollation(ParseState *pstate, List *names, List *parameters, bool if_not_e
aclresult = pg_namespace_aclcheck(collNamespace, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
+ aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(collNamespace));
foreach(pl, parameters)
@@ -278,7 +278,7 @@ AlterCollation(AlterCollationStmt *stmt)
collOid = get_collation_oid(stmt->collname, false);
if (!pg_collation_ownercheck(collOid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_COLLATION,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_COLLATION,
NameListToString(stmt->collname));
tup = SearchSysCacheCopy1(COLLOID, ObjectIdGetDatum(collOid));
diff --git a/src/backend/commands/conversioncmds.c b/src/backend/commands/conversioncmds.c
index 294143c522..01a02484a2 100644
--- a/src/backend/commands/conversioncmds.c
+++ b/src/backend/commands/conversioncmds.c
@@ -55,7 +55,7 @@ CreateConversionCommand(CreateConversionStmt *stmt)
/* Check we have creation rights in target namespace */
aclresult = pg_namespace_aclcheck(namespaceId, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
+ aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(namespaceId));
/* Check the encoding names */
@@ -90,7 +90,7 @@ CreateConversionCommand(CreateConversionStmt *stmt)
/* Check we have EXECUTE rights for the function */
aclresult = pg_proc_aclcheck(funcoid, GetUserId(), ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_PROC,
+ aclcheck_error(aclresult, OBJECT_FUNCTION,
NameListToString(func_name));
/*
diff --git a/src/backend/commands/dbcommands.c b/src/backend/commands/dbcommands.c
index 0b111fc5cf..d2020d07cf 100644
--- a/src/backend/commands/dbcommands.c
+++ b/src/backend/commands/dbcommands.c
@@ -422,7 +422,7 @@ createdb(ParseState *pstate, const CreatedbStmt *stmt)
aclresult = pg_tablespace_aclcheck(dst_deftablespace, GetUserId(),
ACL_CREATE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_TABLESPACE,
+ aclcheck_error(aclresult, OBJECT_TABLESPACE,
tablespacename);
/* pg_global must never be the default tablespace */
@@ -822,7 +822,7 @@ dropdb(const char *dbname, bool missing_ok)
* Permission checks
*/
if (!pg_database_ownercheck(db_id, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_DATABASE,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_DATABASE,
dbname);
/* DROP hook for the database being removed */
@@ -997,7 +997,7 @@ RenameDatabase(const char *oldname, const char *newname)
/* must be owner */
if (!pg_database_ownercheck(db_id, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_DATABASE,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_DATABASE,
oldname);
/* must have createdb rights */
@@ -1112,7 +1112,7 @@ movedb(const char *dbname, const char *tblspcname)
* Permission checks
*/
if (!pg_database_ownercheck(db_id, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_DATABASE,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_DATABASE,
dbname);
/*
@@ -1134,7 +1134,7 @@ movedb(const char *dbname, const char *tblspcname)
aclresult = pg_tablespace_aclcheck(dst_tblspcoid, GetUserId(),
ACL_CREATE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_TABLESPACE,
+ aclcheck_error(aclresult, OBJECT_TABLESPACE,
tblspcname);
/*
@@ -1515,7 +1515,7 @@ AlterDatabase(ParseState *pstate, AlterDatabaseStmt *stmt, bool isTopLevel)
dboid = HeapTupleGetOid(tuple);
if (!pg_database_ownercheck(HeapTupleGetOid(tuple), GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_DATABASE,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_DATABASE,
stmt->dbname);
/*
@@ -1583,7 +1583,7 @@ AlterDatabaseSet(AlterDatabaseSetStmt *stmt)
shdepLockAndCheckObject(DatabaseRelationId, datid);
if (!pg_database_ownercheck(datid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_DATABASE,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_DATABASE,
stmt->dbname);
AlterSetting(datid, InvalidOid, stmt->setstmt);
@@ -1646,7 +1646,7 @@ AlterDatabaseOwner(const char *dbname, Oid newOwnerId)
/* Otherwise, must be owner of the existing object */
if (!pg_database_ownercheck(HeapTupleGetOid(tuple), GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_DATABASE,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_DATABASE,
dbname);
/* Must be able to become new owner */
diff --git a/src/backend/commands/event_trigger.c b/src/backend/commands/event_trigger.c
index 5c1620b802..1dcdb07c29 100644
--- a/src/backend/commands/event_trigger.c
+++ b/src/backend/commands/event_trigger.c
@@ -519,7 +519,7 @@ AlterEventTrigger(AlterEventTrigStmt *stmt)
trigoid = HeapTupleGetOid(tup);
if (!pg_event_trigger_ownercheck(trigoid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_EVENT_TRIGGER,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_EVENT_TRIGGER,
stmt->trigname);
/* tuple is a copy, so we can modify it below */
@@ -610,7 +610,7 @@ AlterEventTriggerOwner_internal(Relation rel, HeapTuple tup, Oid newOwnerId)
return;
if (!pg_event_trigger_ownercheck(HeapTupleGetOid(tup), GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_EVENT_TRIGGER,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_EVENT_TRIGGER,
NameStr(form->evtname));
/* New owner must be a superuser */
diff --git a/src/backend/commands/extension.c b/src/backend/commands/extension.c
index c0c933583f..2e4538146d 100644
--- a/src/backend/commands/extension.c
+++ b/src/backend/commands/extension.c
@@ -2704,13 +2704,13 @@ AlterExtensionNamespace(const char *extensionName, const char *newschema, Oid *o
* check ownership of the individual member objects ...
*/
if (!pg_extension_ownercheck(extensionOid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_EXTENSION,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_EXTENSION,
extensionName);
/* Permission check: must have creation rights in target namespace */
aclresult = pg_namespace_aclcheck(nspOid, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_NAMESPACE, newschema);
+ aclcheck_error(aclresult, OBJECT_SCHEMA, newschema);
/*
* If the schema is currently a member of the extension, disallow moving
@@ -2924,7 +2924,7 @@ ExecAlterExtensionStmt(ParseState *pstate, AlterExtensionStmt *stmt)
/* Permission check: must own extension */
if (!pg_extension_ownercheck(extensionOid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_EXTENSION,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_EXTENSION,
stmt->extname);
/*
@@ -3182,7 +3182,7 @@ ExecAlterExtensionContentsStmt(AlterExtensionContentsStmt *stmt,
/* Permission check: must own extension */
if (!pg_extension_ownercheck(extension.objectId, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_EXTENSION,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_EXTENSION,
stmt->extname);
/*
diff --git a/src/backend/commands/foreigncmds.c b/src/backend/commands/foreigncmds.c
index 44f3da9b51..5c53aeeaeb 100644
--- a/src/backend/commands/foreigncmds.c
+++ b/src/backend/commands/foreigncmds.c
@@ -358,7 +358,7 @@ AlterForeignServerOwner_internal(Relation rel, HeapTuple tup, Oid newOwnerId)
/* Must be owner */
if (!pg_foreign_server_ownercheck(srvId, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_FOREIGN_SERVER,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_FOREIGN_SERVER,
NameStr(form->srvname));
/* Must be able to become new owner */
@@ -370,7 +370,7 @@ AlterForeignServerOwner_internal(Relation rel, HeapTuple tup, Oid newOwnerId)
{
ForeignDataWrapper *fdw = GetForeignDataWrapper(form->srvfdw);
- aclcheck_error(aclresult, ACL_KIND_FDW, fdw->fdwname);
+ aclcheck_error(aclresult, OBJECT_FDW, fdw->fdwname);
}
}
@@ -907,7 +907,7 @@ CreateForeignServer(CreateForeignServerStmt *stmt)
aclresult = pg_foreign_data_wrapper_aclcheck(fdw->fdwid, ownerId, ACL_USAGE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_FDW, fdw->fdwname);
+ aclcheck_error(aclresult, OBJECT_FDW, fdw->fdwname);
/*
* Insert tuple into pg_foreign_server.
@@ -1010,7 +1010,7 @@ AlterForeignServer(AlterForeignServerStmt *stmt)
* Only owner or a superuser can ALTER a SERVER.
*/
if (!pg_foreign_server_ownercheck(srvId, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_FOREIGN_SERVER,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_FOREIGN_SERVER,
stmt->servername);
memset(repl_val, 0, sizeof(repl_val));
@@ -1119,10 +1119,10 @@ user_mapping_ddl_aclcheck(Oid umuserid, Oid serverid, const char *servername)
aclresult = pg_foreign_server_aclcheck(serverid, curuserid, ACL_USAGE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_FOREIGN_SERVER, servername);
+ aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, servername);
}
else
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_FOREIGN_SERVER,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_FOREIGN_SERVER,
servername);
}
}
@@ -1477,7 +1477,7 @@ CreateForeignTable(CreateForeignTableStmt *stmt, Oid relid)
server = GetForeignServerByName(stmt->servername, false);
aclresult = pg_foreign_server_aclcheck(server->serverid, ownerId, ACL_USAGE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_FOREIGN_SERVER, server->servername);
+ aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, server->servername);
fdw = GetForeignDataWrapper(server->fdwid);
@@ -1536,7 +1536,7 @@ ImportForeignSchema(ImportForeignSchemaStmt *stmt)
server = GetForeignServerByName(stmt->server_name, false);
aclresult = pg_foreign_server_aclcheck(server->serverid, GetUserId(), ACL_USAGE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_FOREIGN_SERVER, server->servername);
+ aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, server->servername);
/* Check that the schema exists and we have CREATE permissions on it */
(void) LookupCreationNamespace(stmt->local_schema);
diff --git a/src/backend/commands/functioncmds.c b/src/backend/commands/functioncmds.c
index 12ab33f418..ea08c3237c 100644
--- a/src/backend/commands/functioncmds.c
+++ b/src/backend/commands/functioncmds.c
@@ -146,7 +146,7 @@ compute_return_type(TypeName *returnType, Oid languageOid,
aclresult = pg_namespace_aclcheck(namespaceId, GetUserId(),
ACL_CREATE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
+ aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(namespaceId));
address = TypeShellMake(typname, namespaceId, GetUserId());
rettype = address.objectId;
@@ -953,7 +953,7 @@ CreateFunction(ParseState *pstate, CreateFunctionStmt *stmt)
/* Check we have creation rights in target namespace */
aclresult = pg_namespace_aclcheck(namespaceId, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
+ aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(namespaceId));
/* default attributes */
@@ -995,14 +995,14 @@ CreateFunction(ParseState *pstate, CreateFunctionStmt *stmt)
aclresult = pg_language_aclcheck(languageOid, GetUserId(), ACL_USAGE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_LANGUAGE,
+ aclcheck_error(aclresult, OBJECT_LANGUAGE,
NameStr(languageStruct->lanname));
}
else
{
/* if untrusted language, must be superuser */
if (!superuser())
- aclcheck_error(ACLCHECK_NO_PRIV, ACL_KIND_LANGUAGE,
+ aclcheck_error(ACLCHECK_NO_PRIV, OBJECT_LANGUAGE,
NameStr(languageStruct->lanname));
}
@@ -1254,7 +1254,7 @@ AlterFunction(ParseState *pstate, AlterFunctionStmt *stmt)
/* Permission check: must own function */
if (!pg_proc_ownercheck(funcOid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PROC,
+ aclcheck_error(ACLCHECK_NOT_OWNER, stmt->objtype,
NameListToString(stmt->func->objname));
if (procForm->proisagg)
@@ -1911,7 +1911,7 @@ CreateTransform(CreateTransformStmt *stmt)
aclresult = pg_language_aclcheck(langid, GetUserId(), ACL_USAGE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_LANGUAGE, stmt->lang);
+ aclcheck_error(aclresult, OBJECT_LANGUAGE, stmt->lang);
/*
* Get the functions
@@ -1921,11 +1921,11 @@ CreateTransform(CreateTransformStmt *stmt)
fromsqlfuncid = LookupFuncWithArgs(OBJECT_FUNCTION, stmt->fromsql, false);
if (!pg_proc_ownercheck(fromsqlfuncid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PROC, NameListToString(stmt->fromsql->objname));
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_FUNCTION, NameListToString(stmt->fromsql->objname));
aclresult = pg_proc_aclcheck(fromsqlfuncid, GetUserId(), ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_PROC, NameListToString(stmt->fromsql->objname));
+ aclcheck_error(aclresult, OBJECT_FUNCTION, NameListToString(stmt->fromsql->objname));
tuple = SearchSysCache1(PROCOID, ObjectIdGetDatum(fromsqlfuncid));
if (!HeapTupleIsValid(tuple))
@@ -1947,11 +1947,11 @@ CreateTransform(CreateTransformStmt *stmt)
tosqlfuncid = LookupFuncWithArgs(OBJECT_FUNCTION, stmt->tosql, false);
if (!pg_proc_ownercheck(tosqlfuncid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PROC, NameListToString(stmt->tosql->objname));
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_FUNCTION, NameListToString(stmt->tosql->objname));
aclresult = pg_proc_aclcheck(tosqlfuncid, GetUserId(), ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_PROC, NameListToString(stmt->tosql->objname));
+ aclcheck_error(aclresult, OBJECT_FUNCTION, NameListToString(stmt->tosql->objname));
tuple = SearchSysCache1(PROCOID, ObjectIdGetDatum(tosqlfuncid));
if (!HeapTupleIsValid(tuple))
@@ -2209,14 +2209,14 @@ ExecuteDoStmt(DoStmt *stmt)
aclresult = pg_language_aclcheck(codeblock->langOid, GetUserId(),
ACL_USAGE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_LANGUAGE,
+ aclcheck_error(aclresult, OBJECT_LANGUAGE,
NameStr(languageStruct->lanname));
}
else
{
/* if untrusted language, must be superuser */
if (!superuser())
- aclcheck_error(ACLCHECK_NO_PRIV, ACL_KIND_LANGUAGE,
+ aclcheck_error(ACLCHECK_NO_PRIV, OBJECT_LANGUAGE,
NameStr(languageStruct->lanname));
}
@@ -2270,7 +2270,7 @@ ExecuteCallStmt(ParseState *pstate, CallStmt *stmt)
aclresult = pg_proc_aclcheck(fexpr->funcid, GetUserId(), ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_PROC, get_func_name(fexpr->funcid));
+ aclcheck_error(aclresult, OBJECT_PROCEDURE, get_func_name(fexpr->funcid));
InvokeFunctionExecuteHook(fexpr->funcid);
nargs = list_length(fexpr->args);
diff --git a/src/backend/commands/indexcmds.c b/src/backend/commands/indexcmds.c
index 9e6ba92008..7d190cdc1b 100644
--- a/src/backend/commands/indexcmds.c
+++ b/src/backend/commands/indexcmds.c
@@ -431,7 +431,7 @@ DefineIndex(Oid relationId,
aclresult = pg_namespace_aclcheck(namespaceId, GetUserId(),
ACL_CREATE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
+ aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(namespaceId));
}
@@ -458,7 +458,7 @@ DefineIndex(Oid relationId,
aclresult = pg_tablespace_aclcheck(tablespaceId, GetUserId(),
ACL_CREATE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_TABLESPACE,
+ aclcheck_error(aclresult, OBJECT_TABLESPACE,
get_tablespace_name(tablespaceId));
}
@@ -1839,7 +1839,7 @@ RangeVarCallbackForReindexIndex(const RangeVar *relation,
/* Check permissions */
if (!pg_class_ownercheck(relId, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS, relation->relname);
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_INDEX, relation->relname);
/* Lock heap before index to avoid deadlock. */
if (relId != oldRelId)
@@ -1918,7 +1918,7 @@ ReindexMultipleTables(const char *objectName, ReindexObjectType objectKind,
objectOid = get_namespace_oid(objectName, false);
if (!pg_namespace_ownercheck(objectOid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_NAMESPACE,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_SCHEMA,
objectName);
}
else
@@ -1930,7 +1930,7 @@ ReindexMultipleTables(const char *objectName, ReindexObjectType objectKind,
(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
errmsg("can only reindex the currently open database")));
if (!pg_database_ownercheck(objectOid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_DATABASE,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_DATABASE,
objectName);
}
diff --git a/src/backend/commands/lockcmds.c b/src/backend/commands/lockcmds.c
index c587edc209..aa54565716 100644
--- a/src/backend/commands/lockcmds.c
+++ b/src/backend/commands/lockcmds.c
@@ -96,7 +96,7 @@ RangeVarCallbackForLockTable(const RangeVar *rv, Oid relid, Oid oldrelid,
/* Check permissions. */
aclresult = LockTableAclCheck(relid, lockmode);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_CLASS, rv->relname);
+ aclcheck_error(aclresult, OBJECT_RELATION, rv->relname);
}
/*
@@ -127,7 +127,7 @@ LockTableRecurse(Oid reloid, LOCKMODE lockmode, bool nowait)
if (!relname)
continue; /* child concurrently dropped, just skip it */
- aclcheck_error(aclresult, ACL_KIND_CLASS, relname);
+ aclcheck_error(aclresult, OBJECT_RELATION, relname);
}
/* We have enough rights to lock the relation; do so. */
diff --git a/src/backend/commands/opclasscmds.c b/src/backend/commands/opclasscmds.c
index 7fb7b3976c..1768140a83 100644
--- a/src/backend/commands/opclasscmds.c
+++ b/src/backend/commands/opclasscmds.c
@@ -353,7 +353,7 @@ DefineOpClass(CreateOpClassStmt *stmt)
/* Check we have creation rights in target namespace */
aclresult = pg_namespace_aclcheck(namespaceoid, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
+ aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(namespaceoid));
/* Get necessary info about access method */
@@ -497,11 +497,11 @@ DefineOpClass(CreateOpClassStmt *stmt)
/* XXX this is unnecessary given the superuser check above */
/* Caller must own operator and its underlying function */
if (!pg_oper_ownercheck(operOid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_OPER,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_OPERATOR,
get_opname(operOid));
funcOid = get_opcode(operOid);
if (!pg_proc_ownercheck(funcOid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PROC,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_FUNCTION,
get_func_name(funcOid));
#endif
@@ -525,7 +525,7 @@ DefineOpClass(CreateOpClassStmt *stmt)
/* XXX this is unnecessary given the superuser check above */
/* Caller must own function */
if (!pg_proc_ownercheck(funcOid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PROC,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_FUNCTION,
get_func_name(funcOid));
#endif
@@ -730,7 +730,7 @@ DefineOpFamily(CreateOpFamilyStmt *stmt)
/* Check we have creation rights in target namespace */
aclresult = pg_namespace_aclcheck(namespaceoid, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
+ aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(namespaceoid));
/* Get access method OID, throwing an error if it doesn't exist. */
@@ -871,11 +871,11 @@ AlterOpFamilyAdd(AlterOpFamilyStmt *stmt, Oid amoid, Oid opfamilyoid,
/* XXX this is unnecessary given the superuser check above */
/* Caller must own operator and its underlying function */
if (!pg_oper_ownercheck(operOid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_OPER,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_OPERATOR,
get_opname(operOid));
funcOid = get_opcode(operOid);
if (!pg_proc_ownercheck(funcOid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PROC,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_FUNCTION,
get_func_name(funcOid));
#endif
@@ -899,7 +899,7 @@ AlterOpFamilyAdd(AlterOpFamilyStmt *stmt, Oid amoid, Oid opfamilyoid,
/* XXX this is unnecessary given the superuser check above */
/* Caller must own function */
if (!pg_proc_ownercheck(funcOid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PROC,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_FUNCTION,
get_func_name(funcOid));
#endif
diff --git a/src/backend/commands/operatorcmds.c b/src/backend/commands/operatorcmds.c
index 81ef532184..35404ac39a 100644
--- a/src/backend/commands/operatorcmds.c
+++ b/src/backend/commands/operatorcmds.c
@@ -95,7 +95,7 @@ DefineOperator(List *names, List *parameters)
/* Check we have creation rights in target namespace */
aclresult = pg_namespace_aclcheck(oprNamespace, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
+ aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(oprNamespace));
/*
@@ -215,7 +215,7 @@ DefineOperator(List *names, List *parameters)
*/
aclresult = pg_proc_aclcheck(functionOid, GetUserId(), ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_PROC,
+ aclcheck_error(aclresult, OBJECT_FUNCTION,
NameListToString(functionName));
rettype = get_func_rettype(functionOid);
@@ -281,7 +281,7 @@ ValidateRestrictionEstimator(List *restrictionName)
/* Require EXECUTE rights for the estimator */
aclresult = pg_proc_aclcheck(restrictionOid, GetUserId(), ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_PROC,
+ aclcheck_error(aclresult, OBJECT_FUNCTION,
NameListToString(restrictionName));
return restrictionOid;
@@ -327,7 +327,7 @@ ValidateJoinEstimator(List *joinName)
/* Require EXECUTE rights for the estimator */
aclresult = pg_proc_aclcheck(joinOid, GetUserId(), ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_PROC,
+ aclcheck_error(aclresult, OBJECT_FUNCTION,
NameListToString(joinName));
return joinOid;
@@ -457,7 +457,7 @@ AlterOperator(AlterOperatorStmt *stmt)
/* Check permissions. Must be owner. */
if (!pg_oper_ownercheck(oprId, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_OPER,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_OPERATOR,
NameStr(oprForm->oprname));
/*
diff --git a/src/backend/commands/policy.c b/src/backend/commands/policy.c
index 396d4c3449..2ec35abf8f 100644
--- a/src/backend/commands/policy.c
+++ b/src/backend/commands/policy.c
@@ -78,7 +78,7 @@ RangeVarCallbackForPolicy(const RangeVar *rv, Oid relid, Oid oldrelid,
/* Must own relation. */
if (!pg_class_ownercheck(relid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS, rv->relname);
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION, rv->relname);
/* No system table modifications unless explicitly allowed. */
if (!allowSystemTableMods && IsSystemClass(relid, classform))
diff --git a/src/backend/commands/proclang.c b/src/backend/commands/proclang.c
index 9783a162d7..2ec96242ae 100644
--- a/src/backend/commands/proclang.c
+++ b/src/backend/commands/proclang.c
@@ -97,7 +97,7 @@ CreateProceduralLanguage(CreatePLangStmt *stmt)
errmsg("must be superuser to create procedural language \"%s\"",
stmt->plname)));
if (!pg_database_ownercheck(MyDatabaseId, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_DATABASE,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_DATABASE,
get_database_name(MyDatabaseId));
}
@@ -366,7 +366,7 @@ create_proc_lang(const char *languageName, bool replace,
(errcode(ERRCODE_DUPLICATE_OBJECT),
errmsg("language \"%s\" already exists", languageName)));
if (!pg_language_ownercheck(HeapTupleGetOid(oldtup), languageOwner))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_LANGUAGE,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_LANGUAGE,
languageName);
/*
diff --git a/src/backend/commands/publicationcmds.c b/src/backend/commands/publicationcmds.c
index 91338e8d49..0cc62c77bd 100644
--- a/src/backend/commands/publicationcmds.c
+++ b/src/backend/commands/publicationcmds.c
@@ -150,7 +150,7 @@ CreatePublication(CreatePublicationStmt *stmt)
/* must have CREATE privilege on database */
aclresult = pg_database_aclcheck(MyDatabaseId, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_DATABASE,
+ aclcheck_error(aclresult, OBJECT_DATABASE,
get_database_name(MyDatabaseId));
/* FOR ALL TABLES requires superuser */
@@ -403,7 +403,7 @@ AlterPublication(AlterPublicationStmt *stmt)
/* must be owner */
if (!pg_publication_ownercheck(HeapTupleGetOid(tup), GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PUBLICATION,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_PUBLICATION,
stmt->pubname);
if (stmt->options)
@@ -582,7 +582,7 @@ PublicationAddTables(Oid pubid, List *rels, bool if_not_exists,
/* Must be owner of the table or superuser. */
if (!pg_class_ownercheck(RelationGetRelid(rel), GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
RelationGetRelationName(rel));
obj = publication_add_relation(pubid, rel, if_not_exists);
@@ -649,7 +649,7 @@ AlterPublicationOwner_internal(Relation rel, HeapTuple tup, Oid newOwnerId)
/* Must be owner */
if (!pg_publication_ownercheck(HeapTupleGetOid(tup), GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PUBLICATION,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_PUBLICATION,
NameStr(form->pubname));
/* Must be able to become new owner */
@@ -658,7 +658,7 @@ AlterPublicationOwner_internal(Relation rel, HeapTuple tup, Oid newOwnerId)
/* New owner must have CREATE privilege on database */
aclresult = pg_database_aclcheck(MyDatabaseId, newOwnerId, ACL_CREATE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_DATABASE,
+ aclcheck_error(aclresult, OBJECT_DATABASE,
get_database_name(MyDatabaseId));
if (form->puballtables && !superuser_arg(newOwnerId))
diff --git a/src/backend/commands/schemacmds.c b/src/backend/commands/schemacmds.c
index 16b6e8f111..dc6cb46e4e 100644
--- a/src/backend/commands/schemacmds.c
+++ b/src/backend/commands/schemacmds.c
@@ -94,7 +94,7 @@ CreateSchemaCommand(CreateSchemaStmt *stmt, const char *queryString,
*/
aclresult = pg_database_aclcheck(MyDatabaseId, saved_uid, ACL_CREATE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_DATABASE,
+ aclcheck_error(aclresult, OBJECT_DATABASE,
get_database_name(MyDatabaseId));
check_is_member_of_role(saved_uid, owner_uid);
@@ -265,13 +265,13 @@ RenameSchema(const char *oldname, const char *newname)
/* must be owner */
if (!pg_namespace_ownercheck(HeapTupleGetOid(tup), GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_NAMESPACE,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_SCHEMA,
oldname);
/* must have CREATE privilege on database */
aclresult = pg_database_aclcheck(MyDatabaseId, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_DATABASE,
+ aclcheck_error(aclresult, OBJECT_DATABASE,
get_database_name(MyDatabaseId));
if (!allowSystemTableMods && IsReservedName(newname))
@@ -373,7 +373,7 @@ AlterSchemaOwner_internal(HeapTuple tup, Relation rel, Oid newOwnerId)
/* Otherwise, must be owner of the existing object */
if (!pg_namespace_ownercheck(HeapTupleGetOid(tup), GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_NAMESPACE,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_SCHEMA,
NameStr(nspForm->nspname));
/* Must be able to become new owner */
@@ -391,7 +391,7 @@ AlterSchemaOwner_internal(HeapTuple tup, Relation rel, Oid newOwnerId)
aclresult = pg_database_aclcheck(MyDatabaseId, GetUserId(),
ACL_CREATE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_DATABASE,
+ aclcheck_error(aclresult, OBJECT_DATABASE,
get_database_name(MyDatabaseId));
memset(repl_null, false, sizeof(repl_null));
diff --git a/src/backend/commands/statscmds.c b/src/backend/commands/statscmds.c
index 5773a8fd03..8a0cc6c2cf 100644
--- a/src/backend/commands/statscmds.c
+++ b/src/backend/commands/statscmds.c
@@ -141,7 +141,7 @@ CreateStatistics(CreateStatsStmt *stmt)
/* You must own the relation to create stats on it */
if (!pg_class_ownercheck(RelationGetRelid(rel), stxowner))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
RelationGetRelationName(rel));
}
diff --git a/src/backend/commands/subscriptioncmds.c b/src/backend/commands/subscriptioncmds.c
index bd25ec2401..9de5969302 100644
--- a/src/backend/commands/subscriptioncmds.c
+++ b/src/backend/commands/subscriptioncmds.c
@@ -635,7 +635,7 @@ AlterSubscription(AlterSubscriptionStmt *stmt)
/* must be owner */
if (!pg_subscription_ownercheck(HeapTupleGetOid(tup), GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_SUBSCRIPTION,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_SUBSCRIPTION,
stmt->subname);
subid = HeapTupleGetOid(tup);
@@ -854,7 +854,7 @@ DropSubscription(DropSubscriptionStmt *stmt, bool isTopLevel)
/* must be owner */
if (!pg_subscription_ownercheck(subid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_SUBSCRIPTION,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_SUBSCRIPTION,
stmt->subname);
/* DROP hook for the subscription being removed */
@@ -1022,7 +1022,7 @@ AlterSubscriptionOwner_internal(Relation rel, HeapTuple tup, Oid newOwnerId)
return;
if (!pg_subscription_ownercheck(HeapTupleGetOid(tup), GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_SUBSCRIPTION,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_SUBSCRIPTION,
NameStr(form->subname));
/* New owner must be a superuser */
diff --git a/src/backend/commands/tablecmds.c b/src/backend/commands/tablecmds.c
index f2a928b823..38bfd29cd9 100644
--- a/src/backend/commands/tablecmds.c
+++ b/src/backend/commands/tablecmds.c
@@ -588,7 +588,7 @@ DefineRelation(CreateStmt *stmt, char relkind, Oid ownerId,
aclresult = pg_tablespace_aclcheck(tablespaceId, GetUserId(),
ACL_CREATE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_TABLESPACE,
+ aclcheck_error(aclresult, OBJECT_TABLESPACE,
get_tablespace_name(tablespaceId));
}
@@ -1192,7 +1192,7 @@ RangeVarCallbackForDropRelation(const RangeVar *rel, Oid relOid, Oid oldRelOid,
/* Allow DROP to either table owner or schema owner */
if (!pg_class_ownercheck(relOid, GetUserId()) &&
!pg_namespace_ownercheck(classform->relnamespace, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
rel->relname);
if (!allowSystemTableMods && IsSystemClass(relOid, classform))
@@ -1374,7 +1374,7 @@ ExecuteTruncate(TruncateStmt *stmt)
/* This check must match AlterSequence! */
if (!pg_class_ownercheck(seq_relid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_SEQUENCE,
RelationGetRelationName(seq_rel));
seq_relids = lappend_oid(seq_relids, seq_relid);
@@ -1562,7 +1562,7 @@ truncate_check_rel(Relation rel)
aclresult = pg_class_aclcheck(RelationGetRelid(rel), GetUserId(),
ACL_TRUNCATE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_CLASS,
+ aclcheck_error(aclresult, OBJECT_RELATION,
RelationGetRelationName(rel));
if (!allowSystemTableMods && IsSystemRelation(rel))
@@ -1848,7 +1848,7 @@ MergeAttributes(List *schema, List *supers, char relpersistence,
* demand that creator of a child table own the parent.
*/
if (!pg_class_ownercheck(RelationGetRelid(relation), GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
RelationGetRelationName(relation));
/*
@@ -2551,7 +2551,7 @@ renameatt_check(Oid myrelid, Form_pg_class classform, bool recursing)
* permissions checking. only the owner of a class can change its schema.
*/
if (!pg_class_ownercheck(myrelid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
NameStr(classform->relname));
if (!allowSystemTableMods && IsSystemClass(myrelid, classform))
ereport(ERROR,
@@ -4769,7 +4769,7 @@ ATSimplePermissions(Relation rel, int allowed_targets)
/* Permissions checks */
if (!pg_class_ownercheck(RelationGetRelid(rel), GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
RelationGetRelationName(rel));
if (!allowSystemTableMods && IsSystemRelation(rel))
@@ -6212,7 +6212,7 @@ ATPrepSetStatistics(Relation rel, const char *colName, int16 colNum, Node *newVa
/* Permissions checks */
if (!pg_class_ownercheck(RelationGetRelid(rel), GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
RelationGetRelationName(rel));
}
@@ -8136,7 +8136,7 @@ checkFkeyPermissions(Relation rel, int16 *attnums, int natts)
aclresult = pg_attribute_aclcheck(RelationGetRelid(rel), attnums[i],
roleid, ACL_REFERENCES);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_CLASS,
+ aclcheck_error(aclresult, OBJECT_RELATION,
RelationGetRelationName(rel));
}
}
@@ -10046,7 +10046,7 @@ ATExecChangeOwner(Oid relationOid, Oid newOwnerId, bool recursing, LOCKMODE lock
/* Otherwise, must be owner of the existing object */
if (!pg_class_ownercheck(relationOid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
RelationGetRelationName(target_rel));
/* Must be able to become new owner */
@@ -10056,7 +10056,7 @@ ATExecChangeOwner(Oid relationOid, Oid newOwnerId, bool recursing, LOCKMODE lock
aclresult = pg_namespace_aclcheck(namespaceOid, newOwnerId,
ACL_CREATE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
+ aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(namespaceOid));
}
}
@@ -10351,7 +10351,7 @@ ATPrepSetTableSpace(AlteredTableInfo *tab, Relation rel, const char *tablespacen
aclresult = pg_tablespace_aclcheck(tablespaceId, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_TABLESPACE, tablespacename);
+ aclcheck_error(aclresult, OBJECT_TABLESPACE, tablespacename);
}
/* Save info for Phase 3 to do the real work */
@@ -10785,7 +10785,7 @@ AlterTableMoveAll(AlterTableMoveAllStmt *stmt)
aclresult = pg_tablespace_aclcheck(new_tablespaceoid, GetUserId(),
ACL_CREATE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_TABLESPACE,
+ aclcheck_error(aclresult, OBJECT_TABLESPACE,
get_tablespace_name(new_tablespaceoid));
}
@@ -10856,7 +10856,7 @@ AlterTableMoveAll(AlterTableMoveAllStmt *stmt)
* Caller must be considered an owner on the table to move it.
*/
if (!pg_class_ownercheck(relOid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
NameStr(relForm->relname));
if (stmt->nowait &&
@@ -13101,7 +13101,7 @@ RangeVarCallbackOwnsTable(const RangeVar *relation,
/* Check permissions */
if (!pg_class_ownercheck(relId, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS, relation->relname);
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION, relation->relname);
}
/*
@@ -13123,7 +13123,7 @@ RangeVarCallbackOwnsRelation(const RangeVar *relation,
elog(ERROR, "cache lookup failed for relation %u", relId);
if (!pg_class_ownercheck(relId, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
relation->relname);
if (!allowSystemTableMods &&
@@ -13159,7 +13159,7 @@ RangeVarCallbackForAlterRelation(const RangeVar *rv, Oid relid, Oid oldrelid,
/* Must own relation. */
if (!pg_class_ownercheck(relid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS, rv->relname);
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION, rv->relname);
/* No system table modifications unless explicitly allowed. */
if (!allowSystemTableMods && IsSystemClass(relid, classform))
@@ -13179,7 +13179,7 @@ RangeVarCallbackForAlterRelation(const RangeVar *rv, Oid relid, Oid oldrelid,
aclresult = pg_namespace_aclcheck(classform->relnamespace,
GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
+ aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(classform->relnamespace));
reltype = ((RenameStmt *) stmt)->renameType;
}
diff --git a/src/backend/commands/tablespace.c b/src/backend/commands/tablespace.c
index 8cb834c271..5c450caa4e 100644
--- a/src/backend/commands/tablespace.c
+++ b/src/backend/commands/tablespace.c
@@ -444,13 +444,13 @@ DropTableSpace(DropTableSpaceStmt *stmt)
/* Must be tablespace owner */
if (!pg_tablespace_ownercheck(tablespaceoid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_TABLESPACE,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_TABLESPACE,
tablespacename);
/* Disallow drop of the standard tablespaces, even by superuser */
if (tablespaceoid == GLOBALTABLESPACE_OID ||
tablespaceoid == DEFAULTTABLESPACE_OID)
- aclcheck_error(ACLCHECK_NO_PRIV, ACL_KIND_TABLESPACE,
+ aclcheck_error(ACLCHECK_NO_PRIV, OBJECT_TABLESPACE,
tablespacename);
/* DROP hook for the tablespace being removed */
@@ -941,7 +941,7 @@ RenameTableSpace(const char *oldname, const char *newname)
/* Must be owner */
if (!pg_tablespace_ownercheck(HeapTupleGetOid(newtuple), GetUserId()))
- aclcheck_error(ACLCHECK_NO_PRIV, ACL_KIND_TABLESPACE, oldname);
+ aclcheck_error(ACLCHECK_NO_PRIV, OBJECT_TABLESPACE, oldname);
/* Validate new name */
if (!allowSystemTableMods && IsReservedName(newname))
@@ -1017,7 +1017,7 @@ AlterTableSpaceOptions(AlterTableSpaceOptionsStmt *stmt)
/* Must be owner of the existing object */
if (!pg_tablespace_ownercheck(HeapTupleGetOid(tup), GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_TABLESPACE,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_TABLESPACE,
stmt->tablespacename);
/* Generate new proposed spcoptions (text array) */
@@ -1232,7 +1232,7 @@ check_temp_tablespaces(char **newval, void **extra, GucSource source)
if (aclresult != ACLCHECK_OK)
{
if (source >= PGC_S_INTERACTIVE)
- aclcheck_error(aclresult, ACL_KIND_TABLESPACE, curname);
+ aclcheck_error(aclresult, OBJECT_TABLESPACE, curname);
continue;
}
diff --git a/src/backend/commands/trigger.c b/src/backend/commands/trigger.c
index 1c488c338a..438653f310 100644
--- a/src/backend/commands/trigger.c
+++ b/src/backend/commands/trigger.c
@@ -284,7 +284,7 @@ CreateTrigger(CreateTrigStmt *stmt, const char *queryString,
aclresult = pg_class_aclcheck(RelationGetRelid(rel), GetUserId(),
ACL_TRIGGER);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_CLASS,
+ aclcheck_error(aclresult, OBJECT_RELATION,
RelationGetRelationName(rel));
if (OidIsValid(constrrelid))
@@ -292,7 +292,7 @@ CreateTrigger(CreateTrigStmt *stmt, const char *queryString,
aclresult = pg_class_aclcheck(constrrelid, GetUserId(),
ACL_TRIGGER);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_CLASS,
+ aclcheck_error(aclresult, OBJECT_RELATION,
get_rel_name(constrrelid));
}
}
@@ -592,7 +592,7 @@ CreateTrigger(CreateTrigStmt *stmt, const char *queryString,
{
aclresult = pg_proc_aclcheck(funcoid, GetUserId(), ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_PROC,
+ aclcheck_error(aclresult, OBJECT_FUNCTION,
NameListToString(stmt->funcname));
}
funcrettype = get_func_rettype(funcoid);
@@ -1422,7 +1422,7 @@ RangeVarCallbackForRenameTrigger(const RangeVar *rv, Oid relid, Oid oldrelid,
/* you must own the table to rename one of its triggers */
if (!pg_class_ownercheck(relid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS, rv->relname);
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION, rv->relname);
if (!allowSystemTableMods && IsSystemClass(relid, form))
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
diff --git a/src/backend/commands/tsearchcmds.c b/src/backend/commands/tsearchcmds.c
index bf06ed9318..bdf3857ce4 100644
--- a/src/backend/commands/tsearchcmds.c
+++ b/src/backend/commands/tsearchcmds.c
@@ -428,7 +428,7 @@ DefineTSDictionary(List *names, List *parameters)
/* Check we have creation rights in target namespace */
aclresult = pg_namespace_aclcheck(namespaceoid, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
+ aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(namespaceoid));
/*
@@ -549,7 +549,7 @@ AlterTSDictionary(AlterTSDictionaryStmt *stmt)
/* must be owner */
if (!pg_ts_dict_ownercheck(dictId, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_TSDICTIONARY,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_TSDICTIONARY,
NameListToString(stmt->dictname));
/* deserialize the existing set of options */
@@ -980,7 +980,7 @@ DefineTSConfiguration(List *names, List *parameters, ObjectAddress *copied)
/* Check we have creation rights in target namespace */
aclresult = pg_namespace_aclcheck(namespaceoid, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
+ aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(namespaceoid));
/*
@@ -1189,7 +1189,7 @@ AlterTSConfiguration(AlterTSConfigurationStmt *stmt)
/* must be owner */
if (!pg_ts_config_ownercheck(HeapTupleGetOid(tup), GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_TSCONFIGURATION,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_TSCONFIGURATION,
NameListToString(stmt->cfgname));
relMap = heap_open(TSConfigMapRelationId, RowExclusiveLock);
diff --git a/src/backend/commands/typecmds.c b/src/backend/commands/typecmds.c
index a40b3cf752..74eb430f96 100644
--- a/src/backend/commands/typecmds.c
+++ b/src/backend/commands/typecmds.c
@@ -190,7 +190,7 @@ DefineType(ParseState *pstate, List *names, List *parameters)
/* Check we have creation rights in target namespace */
aclresult = pg_namespace_aclcheck(typeNamespace, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
+ aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(typeNamespace));
#endif
@@ -526,25 +526,25 @@ DefineType(ParseState *pstate, List *names, List *parameters)
#ifdef NOT_USED
/* XXX this is unnecessary given the superuser check above */
if (inputOid && !pg_proc_ownercheck(inputOid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PROC,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_FUNCTION,
NameListToString(inputName));
if (outputOid && !pg_proc_ownercheck(outputOid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PROC,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_FUNCTION,
NameListToString(outputName));
if (receiveOid && !pg_proc_ownercheck(receiveOid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PROC,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_FUNCTION,
NameListToString(receiveName));
if (sendOid && !pg_proc_ownercheck(sendOid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PROC,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_FUNCTION,
NameListToString(sendName));
if (typmodinOid && !pg_proc_ownercheck(typmodinOid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PROC,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_FUNCTION,
NameListToString(typmodinName));
if (typmodoutOid && !pg_proc_ownercheck(typmodoutOid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PROC,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_FUNCTION,
NameListToString(typmodoutName));
if (analyzeOid && !pg_proc_ownercheck(analyzeOid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PROC,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_FUNCTION,
NameListToString(analyzeName));
#endif
@@ -772,7 +772,7 @@ DefineDomain(CreateDomainStmt *stmt)
aclresult = pg_namespace_aclcheck(domainNamespace, GetUserId(),
ACL_CREATE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
+ aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(domainNamespace));
/*
@@ -1171,7 +1171,7 @@ DefineEnum(CreateEnumStmt *stmt)
/* Check we have creation rights in target namespace */
aclresult = pg_namespace_aclcheck(enumNamespace, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
+ aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(enumNamespace));
/*
@@ -1398,7 +1398,7 @@ DefineRange(CreateRangeStmt *stmt)
/* Check we have creation rights in target namespace */
aclresult = pg_namespace_aclcheck(typeNamespace, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
+ aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(typeNamespace));
/*
@@ -2042,7 +2042,7 @@ findRangeCanonicalFunction(List *procname, Oid typeOid)
/* Also, range type's creator must have permission to call function */
aclresult = pg_proc_aclcheck(procOid, GetUserId(), ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_PROC, get_func_name(procOid));
+ aclcheck_error(aclresult, OBJECT_FUNCTION, get_func_name(procOid));
return procOid;
}
@@ -2085,7 +2085,7 @@ findRangeSubtypeDiffFunction(List *procname, Oid subtype)
/* Also, range type's creator must have permission to call function */
aclresult = pg_proc_aclcheck(procOid, GetUserId(), ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_PROC, get_func_name(procOid));
+ aclcheck_error(aclresult, OBJECT_FUNCTION, get_func_name(procOid));
return procOid;
}
@@ -3380,7 +3380,7 @@ AlterTypeOwner(List *names, Oid newOwnerId, ObjectType objecttype)
newOwnerId,
ACL_CREATE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
+ aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(typTup->typnamespace));
}
diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c
index d559c29d24..71c5caa41b 100644
--- a/src/backend/commands/user.c
+++ b/src/backend/commands/user.c
@@ -939,7 +939,7 @@ AlterRoleSet(AlterRoleSetStmt *stmt)
* ALTER DATABASE ... SET, so use the same permission check.
*/
if (!pg_database_ownercheck(databaseid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_DATABASE,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_DATABASE,
stmt->database);
}
}
diff --git a/src/backend/executor/execExpr.c b/src/backend/executor/execExpr.c
index 794573803d..883a29f0a7 100644
--- a/src/backend/executor/execExpr.c
+++ b/src/backend/executor/execExpr.c
@@ -955,7 +955,7 @@ ExecInitExprRec(Expr *node, ExprState *state,
GetUserId(),
ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_PROC,
+ aclcheck_error(aclresult, OBJECT_FUNCTION,
get_func_name(opexpr->opfuncid));
InvokeFunctionExecuteHook(opexpr->opfuncid);
@@ -2162,7 +2162,7 @@ ExecInitFunc(ExprEvalStep *scratch, Expr *node, List *args, Oid funcid,
/* Check permission to call function */
aclresult = pg_proc_aclcheck(funcid, GetUserId(), ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_PROC, get_func_name(funcid));
+ aclcheck_error(aclresult, OBJECT_FUNCTION, get_func_name(funcid));
InvokeFunctionExecuteHook(funcid);
/*
diff --git a/src/backend/executor/execMain.c b/src/backend/executor/execMain.c
index 16822e962a..64a43822bb 100644
--- a/src/backend/executor/execMain.c
+++ b/src/backend/executor/execMain.c
@@ -579,7 +579,7 @@ ExecCheckRTPerms(List *rangeTable, bool ereport_on_violation)
{
Assert(rte->rtekind == RTE_RELATION);
if (ereport_on_violation)
- aclcheck_error(ACLCHECK_NO_PRIV, ACL_KIND_CLASS,
+ aclcheck_error(ACLCHECK_NO_PRIV, OBJECT_RELATION,
get_rel_name(rte->relid));
return false;
}
diff --git a/src/backend/executor/execSRF.c b/src/backend/executor/execSRF.c
index 8e521288a9..b97b8d797e 100644
--- a/src/backend/executor/execSRF.c
+++ b/src/backend/executor/execSRF.c
@@ -682,7 +682,7 @@ init_sexpr(Oid foid, Oid input_collation, Expr *node,
/* Check permission to call function */
aclresult = pg_proc_aclcheck(foid, GetUserId(), ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_PROC, get_func_name(foid));
+ aclcheck_error(aclresult, OBJECT_FUNCTION, get_func_name(foid));
InvokeFunctionExecuteHook(foid);
/*
diff --git a/src/backend/executor/nodeAgg.c b/src/backend/executor/nodeAgg.c
index 061acad80f..ec62e7fb38 100644
--- a/src/backend/executor/nodeAgg.c
+++ b/src/backend/executor/nodeAgg.c
@@ -2548,7 +2548,7 @@ ExecInitAgg(Agg *node, EState *estate, int eflags)
aclresult = pg_proc_aclcheck(aggref->aggfnoid, GetUserId(),
ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_PROC,
+ aclcheck_error(aclresult, OBJECT_AGGREGATE,
get_func_name(aggref->aggfnoid));
InvokeFunctionExecuteHook(aggref->aggfnoid);
@@ -2638,7 +2638,7 @@ ExecInitAgg(Agg *node, EState *estate, int eflags)
aclresult = pg_proc_aclcheck(transfn_oid, aggOwner,
ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_PROC,
+ aclcheck_error(aclresult, OBJECT_FUNCTION,
get_func_name(transfn_oid));
InvokeFunctionExecuteHook(transfn_oid);
if (OidIsValid(finalfn_oid))
@@ -2646,7 +2646,7 @@ ExecInitAgg(Agg *node, EState *estate, int eflags)
aclresult = pg_proc_aclcheck(finalfn_oid, aggOwner,
ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_PROC,
+ aclcheck_error(aclresult, OBJECT_FUNCTION,
get_func_name(finalfn_oid));
InvokeFunctionExecuteHook(finalfn_oid);
}
@@ -2655,7 +2655,7 @@ ExecInitAgg(Agg *node, EState *estate, int eflags)
aclresult = pg_proc_aclcheck(serialfn_oid, aggOwner,
ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_PROC,
+ aclcheck_error(aclresult, OBJECT_FUNCTION,
get_func_name(serialfn_oid));
InvokeFunctionExecuteHook(serialfn_oid);
}
@@ -2664,7 +2664,7 @@ ExecInitAgg(Agg *node, EState *estate, int eflags)
aclresult = pg_proc_aclcheck(deserialfn_oid, aggOwner,
ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_PROC,
+ aclcheck_error(aclresult, OBJECT_FUNCTION,
get_func_name(deserialfn_oid));
InvokeFunctionExecuteHook(deserialfn_oid);
}
diff --git a/src/backend/executor/nodeWindowAgg.c b/src/backend/executor/nodeWindowAgg.c
index 5492fb3369..0afb1c83d3 100644
--- a/src/backend/executor/nodeWindowAgg.c
+++ b/src/backend/executor/nodeWindowAgg.c
@@ -1928,7 +1928,7 @@ ExecInitWindowAgg(WindowAgg *node, EState *estate, int eflags)
aclresult = pg_proc_aclcheck(wfunc->winfnoid, GetUserId(),
ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_PROC,
+ aclcheck_error(aclresult, OBJECT_FUNCTION,
get_func_name(wfunc->winfnoid));
InvokeFunctionExecuteHook(wfunc->winfnoid);
@@ -2189,7 +2189,7 @@ initialize_peragg(WindowAggState *winstate, WindowFunc *wfunc,
aclresult = pg_proc_aclcheck(transfn_oid, aggOwner,
ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_PROC,
+ aclcheck_error(aclresult, OBJECT_FUNCTION,
get_func_name(transfn_oid));
InvokeFunctionExecuteHook(transfn_oid);
@@ -2198,7 +2198,7 @@ initialize_peragg(WindowAggState *winstate, WindowFunc *wfunc,
aclresult = pg_proc_aclcheck(invtransfn_oid, aggOwner,
ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_PROC,
+ aclcheck_error(aclresult, OBJECT_FUNCTION,
get_func_name(invtransfn_oid));
InvokeFunctionExecuteHook(invtransfn_oid);
}
@@ -2208,7 +2208,7 @@ initialize_peragg(WindowAggState *winstate, WindowFunc *wfunc,
aclresult = pg_proc_aclcheck(finalfn_oid, aggOwner,
ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_PROC,
+ aclcheck_error(aclresult, OBJECT_FUNCTION,
get_func_name(finalfn_oid));
InvokeFunctionExecuteHook(finalfn_oid);
}
diff --git a/src/backend/parser/parse_utilcmd.c b/src/backend/parser/parse_utilcmd.c
index 128f1679c6..e7df455634 100644
--- a/src/backend/parser/parse_utilcmd.c
+++ b/src/backend/parser/parse_utilcmd.c
@@ -954,7 +954,7 @@ transformTableLikeClause(CreateStmtContext *cxt, TableLikeClause *table_like_cla
aclresult = pg_type_aclcheck(relation->rd_rel->reltype, GetUserId(),
ACL_USAGE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_TYPE,
+ aclcheck_error(aclresult, OBJECT_TYPE,
RelationGetRelationName(relation));
}
else
@@ -962,7 +962,7 @@ transformTableLikeClause(CreateStmtContext *cxt, TableLikeClause *table_like_cla
aclresult = pg_class_aclcheck(RelationGetRelid(relation), GetUserId(),
ACL_SELECT);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_CLASS,
+ aclcheck_error(aclresult, OBJECT_RELATION,
RelationGetRelationName(relation));
}
diff --git a/src/backend/rewrite/rewriteDefine.c b/src/backend/rewrite/rewriteDefine.c
index abf45fa82b..7eca67a52f 100644
--- a/src/backend/rewrite/rewriteDefine.c
+++ b/src/backend/rewrite/rewriteDefine.c
@@ -276,7 +276,7 @@ DefineQueryRewrite(const char *rulename,
* Check user has permission to apply rules to this relation.
*/
if (!pg_class_ownercheck(event_relid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
RelationGetRelationName(event_relation));
/*
@@ -864,7 +864,7 @@ EnableDisableRule(Relation rel, const char *rulename,
eventRelationOid = ((Form_pg_rewrite) GETSTRUCT(ruletup))->ev_class;
Assert(eventRelationOid == owningRel);
if (!pg_class_ownercheck(eventRelationOid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
get_rel_name(eventRelationOid));
/*
@@ -927,7 +927,7 @@ RangeVarCallbackForRenameRule(const RangeVar *rv, Oid relid, Oid oldrelid,
/* you must own the table to rename one of its rules */
if (!pg_class_ownercheck(relid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS, rv->relname);
+ aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION, rv->relname);
ReleaseSysCache(tuple);
}
diff --git a/src/backend/tcop/fastpath.c b/src/backend/tcop/fastpath.c
index 3e531977db..d16ba5ec92 100644
--- a/src/backend/tcop/fastpath.c
+++ b/src/backend/tcop/fastpath.c
@@ -315,13 +315,13 @@ HandleFunctionRequest(StringInfo msgBuf)
*/
aclresult = pg_namespace_aclcheck(fip->namespace, GetUserId(), ACL_USAGE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
+ aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(fip->namespace));
InvokeNamespaceSearchHook(fip->namespace, true);
aclresult = pg_proc_aclcheck(fid, GetUserId(), ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_PROC,
+ aclcheck_error(aclresult, OBJECT_FUNCTION,
get_func_name(fid));
InvokeFunctionExecuteHook(fid);
diff --git a/src/backend/utils/adt/dbsize.c b/src/backend/utils/adt/dbsize.c
index 60f417f1b2..834a10485f 100644
--- a/src/backend/utils/adt/dbsize.c
+++ b/src/backend/utils/adt/dbsize.c
@@ -97,7 +97,7 @@ calculate_database_size(Oid dbOid)
if (aclresult != ACLCHECK_OK &&
!is_member_of_role(GetUserId(), DEFAULT_ROLE_READ_ALL_STATS))
{
- aclcheck_error(aclresult, ACL_KIND_DATABASE,
+ aclcheck_error(aclresult, OBJECT_DATABASE,
get_database_name(dbOid));
}
@@ -183,7 +183,7 @@ calculate_tablespace_size(Oid tblspcOid)
{
aclresult = pg_tablespace_aclcheck(tblspcOid, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_TABLESPACE,
+ aclcheck_error(aclresult, OBJECT_TABLESPACE,
get_tablespace_name(tblspcOid));
}
diff --git a/src/backend/utils/adt/tid.c b/src/backend/utils/adt/tid.c
index 5ed5fdaffe..4aa8122fa2 100644
--- a/src/backend/utils/adt/tid.c
+++ b/src/backend/utils/adt/tid.c
@@ -343,7 +343,7 @@ currtid_byreloid(PG_FUNCTION_ARGS)
aclresult = pg_class_aclcheck(RelationGetRelid(rel), GetUserId(),
ACL_SELECT);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_CLASS,
+ aclcheck_error(aclresult, OBJECT_RELATION,
RelationGetRelationName(rel));
if (rel->rd_rel->relkind == RELKIND_VIEW)
@@ -377,7 +377,7 @@ currtid_byrelname(PG_FUNCTION_ARGS)
aclresult = pg_class_aclcheck(RelationGetRelid(rel), GetUserId(),
ACL_SELECT);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_CLASS,
+ aclcheck_error(aclresult, OBJECT_RELATION,
RelationGetRelationName(rel));
if (rel->rd_rel->relkind == RELKIND_VIEW)
diff --git a/src/backend/utils/fmgr/fmgr.c b/src/backend/utils/fmgr/fmgr.c
index 8968a9fde8..25f4c34901 100644
--- a/src/backend/utils/fmgr/fmgr.c
+++ b/src/backend/utils/fmgr/fmgr.c
@@ -2124,7 +2124,7 @@ CheckFunctionValidatorAccess(Oid validatorOid, Oid functionOid)
aclresult = pg_language_aclcheck(procStruct->prolang, GetUserId(),
ACL_USAGE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_LANGUAGE,
+ aclcheck_error(aclresult, OBJECT_LANGUAGE,
NameStr(langStruct->lanname));
/*
@@ -2134,7 +2134,7 @@ CheckFunctionValidatorAccess(Oid validatorOid, Oid functionOid)
*/
aclresult = pg_proc_aclcheck(functionOid, GetUserId(), ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_PROC, NameStr(procStruct->proname));
+ aclcheck_error(aclresult, OBJECT_FUNCTION, NameStr(procStruct->proname));
ReleaseSysCache(procTup);
ReleaseSysCache(langTup);
diff --git a/src/include/catalog/objectaddress.h b/src/include/catalog/objectaddress.h
index 834554ec17..403e8bb2af 100644
--- a/src/include/catalog/objectaddress.h
+++ b/src/include/catalog/objectaddress.h
@@ -62,7 +62,7 @@ extern AttrNumber get_object_attnum_name(Oid class_id);
extern AttrNumber get_object_attnum_namespace(Oid class_id);
extern AttrNumber get_object_attnum_owner(Oid class_id);
extern AttrNumber get_object_attnum_acl(Oid class_id);
-extern AclObjectKind get_object_aclkind(Oid class_id);
+extern ObjectType get_object_type(Oid class_id);
extern bool get_object_namensp_unique(Oid class_id);
extern HeapTuple get_catalog_object_by_oid(Relation catalog,
diff --git a/src/include/utils/acl.h b/src/include/utils/acl.h
index 7db1606b8f..f4d4be8d0d 100644
--- a/src/include/utils/acl.h
+++ b/src/include/utils/acl.h
@@ -182,37 +182,6 @@ typedef enum
ACLCHECK_NOT_OWNER
} AclResult;
-/* this enum covers all object types that can have privilege errors */
-/* currently it's only used to tell aclcheck_error what to say */
-typedef enum AclObjectKind
-{
- ACL_KIND_COLUMN, /* pg_attribute */
- ACL_KIND_CLASS, /* pg_class */
- ACL_KIND_SEQUENCE, /* pg_sequence */
- ACL_KIND_DATABASE, /* pg_database */
- ACL_KIND_PROC, /* pg_proc */
- ACL_KIND_OPER, /* pg_operator */
- ACL_KIND_TYPE, /* pg_type */
- ACL_KIND_LANGUAGE, /* pg_language */
- ACL_KIND_LARGEOBJECT, /* pg_largeobject */
- ACL_KIND_NAMESPACE, /* pg_namespace */
- ACL_KIND_OPCLASS, /* pg_opclass */
- ACL_KIND_OPFAMILY, /* pg_opfamily */
- ACL_KIND_COLLATION, /* pg_collation */
- ACL_KIND_CONVERSION, /* pg_conversion */
- ACL_KIND_STATISTICS, /* pg_statistic_ext */
- ACL_KIND_TABLESPACE, /* pg_tablespace */
- ACL_KIND_TSDICTIONARY, /* pg_ts_dict */
- ACL_KIND_TSCONFIGURATION, /* pg_ts_config */
- ACL_KIND_FDW, /* pg_foreign_data_wrapper */
- ACL_KIND_FOREIGN_SERVER, /* pg_foreign_server */
- ACL_KIND_EVENT_TRIGGER, /* pg_event_trigger */
- ACL_KIND_EXTENSION, /* pg_extension */
- ACL_KIND_PUBLICATION, /* pg_publication */
- ACL_KIND_SUBSCRIPTION, /* pg_subscription */
- MAX_ACL_KIND /* MUST BE LAST */
-} AclObjectKind;
-
/*
* routines used internally
@@ -301,10 +270,10 @@ extern AclResult pg_foreign_data_wrapper_aclcheck(Oid fdw_oid, Oid roleid, AclMo
extern AclResult pg_foreign_server_aclcheck(Oid srv_oid, Oid roleid, AclMode mode);
extern AclResult pg_type_aclcheck(Oid type_oid, Oid roleid, AclMode mode);
-extern void aclcheck_error(AclResult aclerr, AclObjectKind objectkind,
+extern void aclcheck_error(AclResult aclerr, ObjectType objtype,
const char *objectname);
-extern void aclcheck_error_col(AclResult aclerr, AclObjectKind objectkind,
+extern void aclcheck_error_col(AclResult aclerr, ObjectType objtype,
const char *objectname, const char *colname);
extern void aclcheck_error_type(AclResult aclerr, Oid typeOid);
diff --git a/src/pl/tcl/pltcl.c b/src/pl/tcl/pltcl.c
index 8069784151..8f5847c4ff 100644
--- a/src/pl/tcl/pltcl.c
+++ b/src/pl/tcl/pltcl.c
@@ -618,7 +618,7 @@ call_pltcl_start_proc(Oid prolang, bool pltrusted)
/* Current user must have permission to call function */
aclresult = pg_proc_aclcheck(procOid, GetUserId(), ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
- aclcheck_error(aclresult, ACL_KIND_PROC, start_proc);
+ aclcheck_error(aclresult, OBJECT_FUNCTION, start_proc);
/* Get the function's pg_proc entry */
procTup = SearchSysCache1(PROCOID, ObjectIdGetDatum(procOid));
diff --git a/src/test/modules/dummy_seclabel/expected/dummy_seclabel.out b/src/test/modules/dummy_seclabel/expected/dummy_seclabel.out
index 77bdc9345d..b2d898a7d1 100644
--- a/src/test/modules/dummy_seclabel/expected/dummy_seclabel.out
+++ b/src/test/modules/dummy_seclabel/expected/dummy_seclabel.out
@@ -30,14 +30,14 @@ SECURITY LABEL FOR 'dummy' ON TABLE dummy_seclabel_tbl1 IS 'unclassified'; -- OK
SECURITY LABEL FOR 'unknown_seclabel' ON TABLE dummy_seclabel_tbl1 IS 'classified'; -- fail
ERROR: security label provider "unknown_seclabel" is not loaded
SECURITY LABEL ON TABLE dummy_seclabel_tbl2 IS 'unclassified'; -- fail (not owner)
-ERROR: must be owner of relation dummy_seclabel_tbl2
+ERROR: must be owner of table dummy_seclabel_tbl2
SECURITY LABEL ON TABLE dummy_seclabel_tbl1 IS 'secret'; -- fail (not superuser)
ERROR: only superuser can set 'secret' label
SECURITY LABEL ON TABLE dummy_seclabel_tbl3 IS 'unclassified'; -- fail (not found)
ERROR: relation "dummy_seclabel_tbl3" does not exist
SET SESSION AUTHORIZATION regress_dummy_seclabel_user2;
SECURITY LABEL ON TABLE dummy_seclabel_tbl1 IS 'unclassified'; -- fail
-ERROR: must be owner of relation dummy_seclabel_tbl1
+ERROR: must be owner of table dummy_seclabel_tbl1
SECURITY LABEL ON TABLE dummy_seclabel_tbl2 IS 'classified'; -- OK
--
-- Test for shared database object
diff --git a/src/test/regress/expected/create_procedure.out b/src/test/regress/expected/create_procedure.out
index e627d8ebbc..ccad5c87d5 100644
--- a/src/test/regress/expected/create_procedure.out
+++ b/src/test/regress/expected/create_procedure.out
@@ -82,7 +82,7 @@ GRANT INSERT ON cp_test TO regress_user1;
REVOKE EXECUTE ON PROCEDURE ptest1(text) FROM PUBLIC;
SET ROLE regress_user1;
CALL ptest1('a'); -- error
-ERROR: permission denied for function ptest1
+ERROR: permission denied for procedure ptest1
RESET ROLE;
GRANT EXECUTE ON PROCEDURE ptest1(text) TO regress_user1;
SET ROLE regress_user1;
diff --git a/src/test/regress/expected/privileges.out b/src/test/regress/expected/privileges.out
index e6994f0490..87e9211f6a 100644
--- a/src/test/regress/expected/privileges.out
+++ b/src/test/regress/expected/privileges.out
@@ -694,9 +694,9 @@ SET SESSION AUTHORIZATION regress_user3;
SELECT testfunc1(5); -- fail
ERROR: permission denied for function testfunc1
SELECT testagg1(x) FROM (VALUES (1), (2), (3)) _(x); -- fail
-ERROR: permission denied for function testagg1
+ERROR: permission denied for aggregate testagg1
CALL testproc1(6); -- fail
-ERROR: permission denied for function testproc1
+ERROR: permission denied for procedure testproc1
SELECT col1 FROM atest2 WHERE col2 = true; -- fail
ERROR: permission denied for relation atest2
SELECT testfunc4(true); -- ok
@@ -722,9 +722,9 @@ CALL testproc1(6); -- ok
DROP FUNCTION testfunc1(int); -- fail
ERROR: must be owner of function testfunc1
DROP AGGREGATE testagg1(int); -- fail
-ERROR: must be owner of function testagg1
+ERROR: must be owner of aggregate testagg1
DROP PROCEDURE testproc1(int); -- fail
-ERROR: must be owner of function testproc1
+ERROR: must be owner of procedure testproc1
\c -
DROP FUNCTION testfunc1(int); -- ok
-- restore to sanity
--
2.15.1
--------------9542E740EF1A89D80A2224F4
Content-Type: text/plain; charset=UTF-8; x-mac-type="0"; x-mac-creator="0";
name="v4-0003-Don-t-use-OBJECT_RELATION-with-aclcheck_error.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename*0="v4-0003-Don-t-use-OBJECT_RELATION-with-aclcheck_error.patch"