Re: ExecutorCheckPerms() hook

2010/5/24 KaiGai Kohei <kaigai@ak.jp.nec.com>:
> BTW, I guess the reason why permissions on attributes are not checked here is
> that we missed it at v8.4 development.

That's a little worrying.  Can you construct and post a test case
where this results in a user-visible failure in CVS HEAD?

> The attached patch provides a common checker function of DML, and modifies
> ExecCheckRTPerms(), CopyTo() and RI_Initial_Check() to call the checker
> function instead of individual ACL checks.

This looks pretty sane to me, although I have not done a full review.
I am disinclined to create a whole new directory for it.   I think the
new function should go in src/backend/catalog/aclchk.c and be declared
in src/include/utils/acl.h.  If that sounds reasonable to you, please
revise and post an updated patch.

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise Postgres Company