You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hawq.apache.org by wl...@apache.org on 2017/03/01 05:52:18 UTC
incubator-hawq git commit: HAWQ-1367. HAWQ can access to user tables
that have no permission with fallback check table.
Repository: incubator-hawq
Updated Branches:
refs/heads/master 97104833e -> 63894f061
HAWQ-1367. HAWQ can access to user tables that have no permission with fallback check table.
Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-hawq/commit/63894f06
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq/tree/63894f06
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq/diff/63894f06
Branch: refs/heads/master
Commit: 63894f061bfeb795cc252f490ff5aa8c694bf133
Parents: 9710483
Author: Chunling Wang <wa...@126.com>
Authored: Tue Feb 28 18:18:22 2017 +0800
Committer: Wen Lin <wl...@pivotal.io>
Committed: Wed Mar 1 13:51:48 2017 +0800
----------------------------------------------------------------------
src/backend/catalog/aclchk.c | 20 --------------------
src/backend/parser/parse_relation.c | 7 ++++++-
src/include/utils/acl.h | 1 -
3 files changed, 6 insertions(+), 22 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/63894f06/src/backend/catalog/aclchk.c
----------------------------------------------------------------------
diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c
index b361beb..16e00c1 100644
--- a/src/backend/catalog/aclchk.c
+++ b/src/backend/catalog/aclchk.c
@@ -2749,26 +2749,6 @@ bool fallBackToNativeCheck(AclObjectKind objkind, Oid obj_oid, Oid roleid, AclMo
return false;
}
-bool fallBackToNativeChecks(AclObjectKind objkind, List* table_list, Oid roleid)
-{
- /*we only have range table here*/
- if (objkind == ACL_KIND_CLASS)
- {
- ListCell *l;
- foreach(l, table_list)
- {
- RangeTblEntry *rte=(RangeTblEntry *) lfirst(l);
- bool ret = fallBackToNativeCheck(ACL_KIND_CLASS, rte->relid, roleid, ACL_NO_RIGHTS);
- if(ret)
- {
- return true;
- }
- }
-
- }
- return false;
-}
-
/*
* check whether rte is a sequence.
*/
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/63894f06/src/backend/parser/parse_relation.c
----------------------------------------------------------------------
diff --git a/src/backend/parser/parse_relation.c b/src/backend/parser/parse_relation.c
index d21ea01..e1be951 100644
--- a/src/backend/parser/parse_relation.c
+++ b/src/backend/parser/parse_relation.c
@@ -2714,7 +2714,7 @@ warnAutoRange(ParseState *pstate, RangeVar *relation, int location)
void
ExecCheckRTPerms(List *rangeTable)
{
- if (aclType == HAWQ_ACL_RANGER && !fallBackToNativeChecks(ACL_KIND_CLASS,rangeTable,GetUserId()))
+ if (aclType == HAWQ_ACL_RANGER)
{
if(rangeTable!=NULL)
ExecCheckRTPermsWithRanger(rangeTable);
@@ -2750,6 +2750,11 @@ ExecCheckRTPermsWithRanger(List *rangeTable)
requiredPerms = rte->requiredPerms;
if (requiredPerms == 0)
continue;
+ bool ret = fallBackToNativeCheck(ACL_KIND_CLASS, rte->relid, GetUserId(), ACL_NO_RIGHTS);
+ if (ret) {
+ ExecCheckRTEPerms((RangeTblEntry *) lfirst(l));
+ continue;
+ }
relOid = rte->relid;
userid = rte->checkAsUser ? rte->checkAsUser : GetUserId();
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/63894f06/src/include/utils/acl.h
----------------------------------------------------------------------
diff --git a/src/include/utils/acl.h b/src/include/utils/acl.h
index 9f2407f..378b3e2 100644
--- a/src/include/utils/acl.h
+++ b/src/include/utils/acl.h
@@ -317,7 +317,6 @@ extern AclResult
pg_rangercheck(AclObjectKind objkind, Oid table_oid, Oid roleid,
AclMode mask, AclMaskHow how);
extern bool fallBackToNativeCheck(AclObjectKind objkind, Oid table_oid, Oid roleid, AclMode mode);
-extern bool fallBackToNativeChecks(AclObjectKind objkind, List* table_list, Oid roleid);
extern char *getNameFromOid(AclObjectKind objkind, Oid object_oid);
extern char *getClassNameFromOid(Oid object_oid);
extern char *getDatabaseNameFromOid(Oid object_oid);