Skip to content

Commit 857661b

Browse files
tglsfdctglsfdc
committed
Enforce EXECUTE privilege for aggregate functions.
1 parent ccfaf90 commit 857661b

File tree

2 files changed

+12
-2
lines changed

2 files changed

+12
-2
lines changed

doc/src/sgml/ref/grant.sgml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
<!--
2-
$Header: /cvsroot/pgsql/doc/src/sgml/ref/grant.sgml,v 1.23 2002/04/22 19:17:40 tgl Exp $
2+
$Header: /cvsroot/pgsql/doc/src/sgml/ref/grant.sgml,v 1.24 2002/04/29 22:28:19 tgl Exp $
33
PostgreSQL documentation
44
-->
55

@@ -182,6 +182,7 @@ GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
182182
Allows the use of the specified function and the use of any
183183
operators that are implemented on top of the function. This is
184184
the only type of privilege that is applicable to functions.
185+
(This syntax works for aggregate functions, as well.)
185186
</para>
186187
</listitem>
187188
</varlistentry>

src/backend/executor/nodeAgg.c

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,7 @@
4646
* Portions Copyright (c) 1994, Regents of the University of California
4747
*
4848
* IDENTIFICATION
49-
* $Header: /cvsroot/pgsql/src/backend/executor/nodeAgg.c,v 1.82 2002/04/16 23:08:10 tgl Exp $
49+
* $Header: /cvsroot/pgsql/src/backend/executor/nodeAgg.c,v 1.83 2002/04/29 22:28:19 tgl Exp $
5050
*
5151
*-------------------------------------------------------------------------
5252
*/
@@ -58,11 +58,13 @@
5858
#include "catalog/pg_operator.h"
5959
#include "executor/executor.h"
6060
#include "executor/nodeAgg.h"
61+
#include "miscadmin.h"
6162
#include "optimizer/clauses.h"
6263
#include "parser/parse_coerce.h"
6364
#include "parser/parse_expr.h"
6465
#include "parser/parse_oper.h"
6566
#include "parser/parse_type.h"
67+
#include "utils/acl.h"
6668
#include "utils/builtins.h"
6769
#include "utils/lsyscache.h"
6870
#include "utils/syscache.h"
@@ -843,6 +845,7 @@ ExecInitAgg(Agg *node, EState *estate, Plan *parent)
843845
AggStatePerAgg peraggstate = &peragg[++aggno];
844846
HeapTuple aggTuple;
845847
Form_pg_aggregate aggform;
848+
AclResult aclresult;
846849
Oid transfn_oid,
847850
finalfn_oid;
848851
Datum textInitVal;
@@ -861,6 +864,12 @@ ExecInitAgg(Agg *node, EState *estate, Plan *parent)
861864
aggref->aggfnoid);
862865
aggform = (Form_pg_aggregate) GETSTRUCT(aggTuple);
863866

867+
/* Check permission to call aggregate function */
868+
aclresult = pg_proc_aclcheck(aggref->aggfnoid, GetUserId(),
869+
ACL_EXECUTE);
870+
if (aclresult != ACLCHECK_OK)
871+
aclcheck_error(aclresult, get_func_name(aggref->aggfnoid));
872+
864873
get_typlenbyval(aggref->aggtype,
865874
&peraggstate->resulttypeLen,
866875
&peraggstate->resulttypeByVal);

0 commit comments

Comments
 (0)