Make CREATE CONSTRAINT TRIGGER check for REFERENCES privilege on both

master and slave tables.

Make CREATE CONSTRAINT TRIGGER check for REFERENCES privilege on both
master and slave tables.
315a9ca3 · Peter Eisentraut · c828ec88 · 315a9ca3
Commit 315a9ca3 authored Aug 18, 2002 by Peter Eisentraut
Hide whitespace changes
Inline Side-by-side

Showing with 29 additions and 10 deletions

src/backend/commands/trigger.c src/backend/commands/trigger.c +29 -10

No files found.
--- a/src/backend/commands/trigger.c
+++ b/src/backend/commands/trigger.c
@@ -7,7 +7,7 @@
 * Portions Copyright (c) 1994, Regents of the University of California
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/commands/trigger.c,v 1.126 2002/08/17 12:15:48 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/commands/trigger.c,v 1.127 2002/08/18 11:20:05 petere Exp $
 *
 *-------------------------------------------------------------------------
 */
@@ -86,6 +86,11 @@ CreateTrigger(CreateTrigStmt *stmt, bool forConstraint)
 	rel = heap_openrv(stmt->relation, AccessExclusiveLock);
+	if (stmt->constrrel != NULL)
+		constrrelid = RangeVarGetRelid(stmt->constrrel, false);
+	else
+		constrrelid = InvalidOid;
 	if (rel->rd_rel->relkind != RELKIND_RELATION)
 		elog(ERROR, "CreateTrigger: relation \"%s\" is not a table",
 			 stmt->relation->relname);
@@ -94,10 +99,29 @@ CreateTrigger(CreateTrigStmt *stmt, bool forConstraint)
 		elog(ERROR, "CreateTrigger: can't create trigger for system relation %s",
 			stmt->relation->relname);
-	aclresult = pg_class_aclcheck(RelationGetRelid(rel), GetUserId(),
+	/* permission checks */
-						  stmt->isconstraint ? ACL_REFERENCES : ACL_TRIGGER);
-	if (aclresult != ACLCHECK_OK)
+	if (stmt->isconstraint)
-		aclcheck_error(aclresult, RelationGetRelationName(rel));
+	{
+		/* foreign key constraint trigger */
+		aclresult = pg_class_aclcheck(RelationGetRelid(rel), GetUserId(), ACL_REFERENCES);
+		if (aclresult != ACLCHECK_OK)
+			aclcheck_error(aclresult, RelationGetRelationName(rel));
+		if (constrrelid != InvalidOid)
+		{
+			aclresult = pg_class_aclcheck(constrrelid, GetUserId(), ACL_REFERENCES);
+			if (aclresult != ACLCHECK_OK)
+				aclcheck_error(aclresult, get_rel_name(constrrelid));
+		}
+	}
+	else
+	{
+		/* real trigger */
+		aclresult = pg_class_aclcheck(RelationGetRelid(rel), GetUserId(), ACL_TRIGGER);
+		if (aclresult != ACLCHECK_OK)
+			aclcheck_error(aclresult, RelationGetRelationName(rel));
+	}
 	/*
 	 * Generate the trigger's OID now, so that we can use it in the name
@@ -124,11 +148,6 @@ CreateTrigger(CreateTrigStmt *stmt, bool forConstraint)
 		constrname = "";
 	}
-	if (stmt->constrrel != NULL)
-		constrrelid = RangeVarGetRelid(stmt->constrrel, false);
-	else
-		constrrelid = InvalidOid;
 	TRIGGER_CLEAR_TYPE(tgtype);
 	if (stmt->before)
 		TRIGGER_SETT_BEFORE(tgtype);