Patch from Massimo Dal Zotto <dz@cs.unitn.it>
The first patch changes the behavior of aclcheck for groups. Currently an user can access a table only if he has the required permission for ALL the groups defined for that table. With my patch he can access a table if he has the permission for ONE of the groups, which seems to me a more useful thing. If you think this should be the correct behavior of the acl group check feel free to remove the #ifdef, if not please add a commented line to config.h.
This commit is contained in:
Marc G. Fournier
parent
fa937b5e6b
commit
1e5755cf73
|
|
@ -7,7 +7,7 @@
|
|||
*
|
||||
*
|
||||
* IDENTIFICATION
|
||||
* $Header: /cvsroot/pgsql/src/backend/tcop/Attic/aclchk.c,v 1.5 1996/11/30 18:06:45 momjian Exp $
|
||||
* $Header: /cvsroot/pgsql/src/backend/tcop/Attic/aclchk.c,v 1.6 1997/01/23 19:33:31 scrappy Exp $
|
||||
*
|
||||
* NOTES
|
||||
* See acl.h.
|
||||
|
|
@ -291,6 +291,12 @@ aclcheck(Acl *acl, AclId id, AclIdType idtype, AclMode mode)
|
|||
i < num && aip->ai_idtype == ACL_IDTYPE_GID;
|
||||
++i, ++aip) {
|
||||
if (in_group(id, aip->ai_id)) {
|
||||
#ifdef ACLGROUP_PATCH
|
||||
if (aip->ai_mode & mode) {
|
||||
found_group = 1;
|
||||
break;
|
||||
}
|
||||
#else
|
||||
if (aip->ai_mode & mode)
|
||||
++found_group;
|
||||
else {
|
||||
|
|
@ -300,6 +306,7 @@ aclcheck(Acl *acl, AclId id, AclIdType idtype, AclMode mode)
|
|||
#endif
|
||||
return(0);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
}
|
||||
if (found_group) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue