Skip to content

Commit 1e5755c

Browse files
scrappyscrappy
committed
Patch from Massimo Dal Zotto <dz@cs.unitn.it>
The first patch changes the behavior of aclcheck for groups. Currently an user can access a table only if he has the required permission for ALL the groups defined for that table. With my patch he can access a table if he has the permission for ONE of the groups, which seems to me a more useful thing. If you think this should be the correct behavior of the acl group check feel free to remove the #ifdef, if not please add a commented line to config.h.
1 parent fa937b5 commit 1e5755c

File tree

1 file changed

+8
-1
lines changed

1 file changed

+8
-1
lines changed

src/backend/tcop/aclchk.c

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
*
88
*
99
* IDENTIFICATION
10-
* $Header: /cvsroot/pgsql/src/backend/tcop/Attic/aclchk.c,v 1.5 1996/11/30 18:06:45 momjian Exp $
10+
* $Header: /cvsroot/pgsql/src/backend/tcop/Attic/aclchk.c,v 1.6 1997/01/23 19:33:31 scrappy Exp $
1111
*
1212
* NOTES
1313
* See acl.h.
@@ -291,6 +291,12 @@ aclcheck(Acl *acl, AclId id, AclIdType idtype, AclMode mode)
291291
i < num && aip->ai_idtype == ACL_IDTYPE_GID;
292292
++i, ++aip) {
293293
if (in_group(id, aip->ai_id)) {
294+
#ifdef ACLGROUP_PATCH
295+
if (aip->ai_mode & mode) {
296+
found_group = 1;
297+
break;
298+
}
299+
#else
294300
if (aip->ai_mode & mode)
295301
++found_group;
296302
else {
@@ -300,6 +306,7 @@ aclcheck(Acl *acl, AclId id, AclIdType idtype, AclMode mode)
300306
#endif
301307
return(0);
302308
}
309+
#endif
303310
}
304311
}
305312
if (found_group) {

0 commit comments

Comments
 (0)