Enforce EXECUTE privilege for aggregate functions.

author Tom Lane <tgl@sss.pgh.pa.us>

Mon, 29 Apr 2002 22:28:19 +0000 (22:28 +0000)

committer Tom Lane <tgl@sss.pgh.pa.us>

Mon, 29 Apr 2002 22:28:19 +0000 (22:28 +0000)
author Tom Lane <tgl@sss.pgh.pa.us>
Mon, 29 Apr 2002 22:28:19 +0000 (22:28 +0000)
committer Tom Lane <tgl@sss.pgh.pa.us>
Mon, 29 Apr 2002 22:28:19 +0000 (22:28 +0000)
diff --git a/doc/src/sgml/ref/grant.sgml b/doc/src/sgml/ref/grant.sgml

index 294e34d95f2faee9dc79ba05f759f92a5b37412b..0ef5caa89a3450390f526d528241476e28ec7ba8 100644 (file)
--- a/doc/src/sgml/ref/grant.sgml
+++ b/doc/src/sgml/ref/grant.sgml
@@ -182,6 +182,7 @@ GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
         Allows the use of the specified function and the use of any
         operators that are implemented on top of the function.  This is
         the only type of privilege that is applicable to functions.
+       (This syntax works for aggregate functions, as well.)
        </para>
       </listitem>
      </varlistentry>
diff --git a/src/backend/executor/nodeAgg.c b/src/backend/executor/nodeAgg.c

index 8e1ed5bfbfad3d590e3fb8cf47e99bd8c071fcca..0f574ae0f33fc15132a8a6c02fb6ea0f7301cb7a 100644 (file)
--- a/src/backend/executor/nodeAgg.c
+++ b/src/backend/executor/nodeAgg.c
@@ -58,11 +58,13 @@
  #include "catalog/pg_operator.h"
  #include "executor/executor.h"
  #include "executor/nodeAgg.h"
+#include "miscadmin.h"
  #include "optimizer/clauses.h"
  #include "parser/parse_coerce.h"
  #include "parser/parse_expr.h"
  #include "parser/parse_oper.h"
  #include "parser/parse_type.h"
+#include "utils/acl.h"
  #include "utils/builtins.h"
  #include "utils/lsyscache.h"
  #include "utils/syscache.h"
@@ -843,6 +845,7 @@ ExecInitAgg(Agg *node, EState *estate, Plan *parent)
                 AggStatePerAgg peraggstate = &peragg[++aggno];
                 HeapTuple       aggTuple;
                 Form_pg_aggregate aggform;
+               AclResult       aclresult;
                 Oid                     transfn_oid,
                                         finalfn_oid;
                 Datum           textInitVal;
@@ -861,6 +864,12 @@ ExecInitAgg(Agg *node, EState *estate, Plan *parent)
                                  aggref->aggfnoid);
                 aggform = (Form_pg_aggregate) GETSTRUCT(aggTuple);
  
+               /* Check permission to call aggregate function */
+               aclresult = pg_proc_aclcheck(aggref->aggfnoid, GetUserId(),
+                                                                        ACL_EXECUTE);
+               if (aclresult != ACLCHECK_OK)
+                       aclcheck_error(aclresult, get_func_name(aggref->aggfnoid));
+
                 get_typlenbyval(aggref->aggtype,
                                                 &peraggstate->resulttypeLen,
                                                 &peraggstate->resulttypeByVal);
author	Tom Lane <tgl@sss.pgh.pa.us>
	Mon, 29 Apr 2002 22:28:19 +0000 (22:28 +0000)
committer	Tom Lane <tgl@sss.pgh.pa.us>
	Mon, 29 Apr 2002 22:28:19 +0000 (22:28 +0000)
doc/src/sgml/ref/grant.sgml		patch \| blob \| blame \| history
src/backend/executor/nodeAgg.c		patch \| blob \| blame \| history