Skip to content

Commit 4ab8e69

Browse files
tglsfdctglsfdc
committed
has_table_privilege spawns scions has_database_privilege, has_function_privilege,
has_language_privilege, has_schema_privilege to let SQL queries test all the new privilege types in 7.3. Also, add functions pg_table_is_visible, pg_type_is_visible, pg_function_is_visible, pg_operator_is_visible, pg_opclass_is_visible to test whether objects contained in schemas are visible in the current search path. Do some minor cleanup to centralize accesses to pg_database, as well.
1 parent 65dc2e0 commit 4ab8e69

File tree

12 files changed

+1325
-282
lines changed

12 files changed

+1325
-282
lines changed

contrib/dbsize/dbsize.c

Lines changed: 3 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -8,12 +8,10 @@
88

99
#include "access/heapam.h"
1010
#include "catalog/catalog.h"
11-
#include "catalog/catname.h"
1211
#include "catalog/namespace.h"
13-
#include "catalog/pg_database.h"
12+
#include "commands/dbcommands.h"
1413
#include "fmgr.h"
1514
#include "utils/builtins.h"
16-
#include "utils/fmgroids.h"
1715

1816

1917
static char *
@@ -46,32 +44,16 @@ database_size(PG_FUNCTION_ARGS)
4644
{
4745
Name dbname = PG_GETARG_NAME(0);
4846

49-
HeapTuple tuple;
50-
Relation relation;
51-
ScanKeyData scanKey;
52-
HeapScanDesc scan;
5347
Oid dbid;
5448
char *dbpath;
5549
DIR *dirdesc;
5650
struct dirent *direntry;
5751
int64 totalsize;
5852

59-
relation = heap_openr(DatabaseRelationName, AccessShareLock);
60-
ScanKeyEntryInitialize(&scanKey, 0, Anum_pg_database_datname,
61-
F_NAMEEQ, NameGetDatum(dbname));
62-
scan = heap_beginscan(relation, SnapshotNow, 1, &scanKey);
63-
tuple = heap_getnext(scan, ForwardScanDirection);
64-
65-
if (!HeapTupleIsValid(tuple))
53+
dbid = get_database_oid(NameStr(*dbname));
54+
if (!OidIsValid(dbid))
6655
elog(ERROR, "database %s does not exist", NameStr(*dbname));
6756

68-
dbid = HeapTupleGetOid(tuple);
69-
if (dbid == InvalidOid)
70-
elog(ERROR, "invalid database id");
71-
72-
heap_endscan(scan);
73-
heap_close(relation, NoLock);
74-
7557
dbpath = GetDatabasePath(dbid);
7658

7759
dirdesc = opendir(dbpath);

doc/src/sgml/func.sgml

Lines changed: 208 additions & 48 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
<!--
2-
$Header: /cvsroot/pgsql/doc/src/sgml/func.sgml,v 1.109 2002/08/08 14:29:07 tgl Exp $
2+
$Header: /cvsroot/pgsql/doc/src/sgml/func.sgml,v 1.110 2002/08/09 16:45:13 tgl Exp $
33
PostgreSQL documentation
44
-->
55

@@ -4925,57 +4925,11 @@ select current_setting('DateStyle');
49254925
<literal>false</literal> instead. It is the equivalent to the SQL
49264926
<command>SET</command> command. For example:
49274927
<programlisting>
4928-
SHOW show_query_stats;
4929-
show_query_stats
4930-
------------------
4931-
on
4932-
(1 row)
4933-
49344928
select set_config('show_query_stats','off','f');
49354929
set_config
49364930
------------
49374931
off
49384932
(1 row)
4939-
4940-
SHOW show_query_stats;
4941-
show_query_stats
4942-
------------------
4943-
off
4944-
(1 row)
4945-
4946-
select set_config('show_query_stats','on','t');
4947-
set_config
4948-
------------
4949-
on
4950-
(1 row)
4951-
4952-
SHOW show_query_stats;
4953-
show_query_stats
4954-
------------------
4955-
off
4956-
(1 row)
4957-
4958-
BEGIN;
4959-
BEGIN
4960-
select set_config('show_query_stats','on','t');
4961-
set_config
4962-
------------
4963-
on
4964-
(1 row)
4965-
4966-
SHOW show_query_stats;
4967-
show_query_stats
4968-
------------------
4969-
on
4970-
(1 row)
4971-
4972-
COMMIT;
4973-
COMMIT
4974-
SHOW show_query_stats;
4975-
show_query_stats
4976-
------------------
4977-
off
4978-
(1 row)
49794933
</programlisting>
49804934
</para>
49814935

@@ -5002,16 +4956,88 @@ SHOW show_query_stats;
50024956
<entry><type>boolean</type></entry>
50034957
<entry>does current user have access to table</entry>
50044958
</row>
4959+
<row>
4960+
<entry><function>has_database_privilege</function>(<parameter>user</parameter>,
4961+
<parameter>database</parameter>,
4962+
<parameter>access</parameter>)
4963+
</entry>
4964+
<entry><type>boolean</type></entry>
4965+
<entry>does user have access to database</entry>
4966+
</row>
4967+
<row>
4968+
<entry><function>has_database_privilege</function>(<parameter>database</parameter>,
4969+
<parameter>access</parameter>)
4970+
</entry>
4971+
<entry><type>boolean</type></entry>
4972+
<entry>does current user have access to database</entry>
4973+
</row>
4974+
<row>
4975+
<entry><function>has_function_privilege</function>(<parameter>user</parameter>,
4976+
<parameter>function</parameter>,
4977+
<parameter>access</parameter>)
4978+
</entry>
4979+
<entry><type>boolean</type></entry>
4980+
<entry>does user have access to function</entry>
4981+
</row>
4982+
<row>
4983+
<entry><function>has_function_privilege</function>(<parameter>function</parameter>,
4984+
<parameter>access</parameter>)
4985+
</entry>
4986+
<entry><type>boolean</type></entry>
4987+
<entry>does current user have access to function</entry>
4988+
</row>
4989+
<row>
4990+
<entry><function>has_language_privilege</function>(<parameter>user</parameter>,
4991+
<parameter>language</parameter>,
4992+
<parameter>access</parameter>)
4993+
</entry>
4994+
<entry><type>boolean</type></entry>
4995+
<entry>does user have access to language</entry>
4996+
</row>
4997+
<row>
4998+
<entry><function>has_language_privilege</function>(<parameter>language</parameter>,
4999+
<parameter>access</parameter>)
5000+
</entry>
5001+
<entry><type>boolean</type></entry>
5002+
<entry>does current user have access to language</entry>
5003+
</row>
5004+
<row>
5005+
<entry><function>has_schema_privilege</function>(<parameter>user</parameter>,
5006+
<parameter>schema</parameter>,
5007+
<parameter>access</parameter>)
5008+
</entry>
5009+
<entry><type>boolean</type></entry>
5010+
<entry>does user have access to schema</entry>
5011+
</row>
5012+
<row>
5013+
<entry><function>has_schema_privilege</function>(<parameter>schema</parameter>,
5014+
<parameter>access</parameter>)
5015+
</entry>
5016+
<entry><type>boolean</type></entry>
5017+
<entry>does current user have access to schema</entry>
5018+
</row>
50055019
</tbody>
50065020
</tgroup>
50075021
</table>
50085022

50095023
<indexterm zone="functions-misc">
50105024
<primary>has_table_privilege</primary>
50115025
</indexterm>
5026+
<indexterm zone="functions-misc">
5027+
<primary>has_database_privilege</primary>
5028+
</indexterm>
5029+
<indexterm zone="functions-misc">
5030+
<primary>has_function_privilege</primary>
5031+
</indexterm>
5032+
<indexterm zone="functions-misc">
5033+
<primary>has_language_privilege</primary>
5034+
</indexterm>
5035+
<indexterm zone="functions-misc">
5036+
<primary>has_schema_privilege</primary>
5037+
</indexterm>
50125038

50135039
<para>
5014-
<function>has_table_privilege</function> determines whether a user
5040+
<function>has_table_privilege</function> checks whether a user
50155041
can access a table in a particular way. The user can be
50165042
specified by name or by ID
50175043
(<classname>pg_user</classname>.<structfield>usesysid</structfield>), or if the argument is
@@ -5032,6 +5058,140 @@ SELECT has_table_privilege('myschema.mytable', 'select');
50325058
</programlisting>
50335059
</para>
50345060

5061+
<para>
5062+
<function>has_database_privilege</function> checks whether a user
5063+
can access a database in a particular way. The possibilities for its
5064+
arguments are analogous to <function>has_table_privilege</function>.
5065+
The desired access type must evaluate to
5066+
<literal>CREATE</literal>,
5067+
<literal>TEMPORARY</literal>, or
5068+
<literal>TEMP</literal> (which is equivalent to
5069+
<literal>TEMPORARY</literal>).
5070+
</para>
5071+
5072+
<para>
5073+
<function>has_function_privilege</function> checks whether a user
5074+
can access a function in a particular way. The possibilities for its
5075+
arguments are analogous to <function>has_table_privilege</function>.
5076+
When specifying a function by a text string rather than by OID,
5077+
the allowed input is the same as for the <type>regprocedure</> datatype.
5078+
The desired access type must currently evaluate to
5079+
<literal>EXECUTE</literal>.
5080+
</para>
5081+
5082+
<para>
5083+
<function>has_language_privilege</function> checks whether a user
5084+
can access a procedural language in a particular way. The possibilities
5085+
for its arguments are analogous to <function>has_table_privilege</function>.
5086+
The desired access type must currently evaluate to
5087+
<literal>USAGE</literal>.
5088+
</para>
5089+
5090+
<para>
5091+
<function>has_schema_privilege</function> checks whether a user
5092+
can access a schema in a particular way. The possibilities for its
5093+
arguments are analogous to <function>has_table_privilege</function>.
5094+
The desired access type must evaluate to
5095+
<literal>CREATE</literal> or
5096+
<literal>USAGE</literal>.
5097+
</para>
5098+
5099+
<table>
5100+
<title>Schema Visibility Inquiry Functions</title>
5101+
<tgroup cols="3">
5102+
<thead>
5103+
<row><entry>Name</entry> <entry>Return Type</entry> <entry>Description</entry></row>
5104+
</thead>
5105+
5106+
<tbody>
5107+
<row>
5108+
<entry><function>pg_table_is_visible</function>(<parameter>tableOID</parameter>)
5109+
</entry>
5110+
<entry><type>boolean</type></entry>
5111+
<entry>is table visible in search path</entry>
5112+
</row>
5113+
<row>
5114+
<entry><function>pg_type_is_visible</function>(<parameter>typeOID</parameter>)
5115+
</entry>
5116+
<entry><type>boolean</type></entry>
5117+
<entry>is type visible in search path</entry>
5118+
</row>
5119+
<row>
5120+
<entry><function>pg_function_is_visible</function>(<parameter>functionOID</parameter>)
5121+
</entry>
5122+
<entry><type>boolean</type></entry>
5123+
<entry>is function visible in search path</entry>
5124+
</row>
5125+
<row>
5126+
<entry><function>pg_operator_is_visible</function>(<parameter>operatorOID</parameter>)
5127+
</entry>
5128+
<entry><type>boolean</type></entry>
5129+
<entry>is operator visible in search path</entry>
5130+
</row>
5131+
<row>
5132+
<entry><function>pg_opclass_is_visible</function>(<parameter>opclassOID</parameter>)
5133+
</entry>
5134+
<entry><type>boolean</type></entry>
5135+
<entry>is operator class visible in search path</entry>
5136+
</row>
5137+
</tbody>
5138+
</tgroup>
5139+
</table>
5140+
5141+
<indexterm zone="functions-misc">
5142+
<primary>pg_table_is_visible</primary>
5143+
</indexterm>
5144+
<indexterm zone="functions-misc">
5145+
<primary>pg_type_is_visible</primary>
5146+
</indexterm>
5147+
<indexterm zone="functions-misc">
5148+
<primary>pg_function_is_visible</primary>
5149+
</indexterm>
5150+
<indexterm zone="functions-misc">
5151+
<primary>pg_operator_is_visible</primary>
5152+
</indexterm>
5153+
<indexterm zone="functions-misc">
5154+
<primary>pg_opclass_is_visible</primary>
5155+
</indexterm>
5156+
5157+
<para>
5158+
<function>pg_table_is_visible</function> checks whether a table
5159+
(or view, or any other kind of <structname>pg_class</> entry) is
5160+
<firstterm>visible</> in the current schema search path. A table
5161+
is said to be visible if its containing schema is in the search path
5162+
and no table of the same name appears earlier in the search path.
5163+
This is equivalent to the statement that the table can be referenced
5164+
by name without explicit schema qualification.
5165+
For example, to list the names of all visible tables:
5166+
<programlisting>
5167+
SELECT relname FROM pg_class WHERE pg_table_is_visible(oid);
5168+
</programlisting>
5169+
</para>
5170+
5171+
<para>
5172+
<function>pg_type_is_visible</function>,
5173+
<function>pg_function_is_visible</function>,
5174+
<function>pg_operator_is_visible</function>, and
5175+
<function>pg_opclass_is_visible</function> perform the same sort of
5176+
visibility check for types, functions, operators, and operator classes,
5177+
respectively. For functions and operators, an object in the search path
5178+
is visible if there is no object of the same name <emphasis>and argument
5179+
datatype(s)</> earlier in the path. For operator classes,
5180+
both name and associated index access method are considered.
5181+
</para>
5182+
5183+
<para>
5184+
All these functions require object OIDs to identify the object to be
5185+
checked. If you want to test an object by name, it is convenient to use
5186+
the OID alias types (<type>regclass</>, <type>regtype</>,
5187+
<type>regprocedure</>, or <type>regoperator</>), for example
5188+
<programlisting>
5189+
SELECT pg_type_is_visible('myschema.widget'::regtype);
5190+
</programlisting>
5191+
Note that it would not make much sense to test an unqualified name in
5192+
this way --- if the name can be recognized at all, it must be visible.
5193+
</para>
5194+
50355195
<table>
50365196
<title>Catalog Information Functions</title>
50375197
<tgroup cols="3">

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy