summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 202621d)
raw | patch | inline | side by side (parent: 202621d)
| author | Stephen Frost <sfrost@snowman.net> | |
| Fri, 30 Jan 2015 02:59:43 +0000 (21:59 -0500) | ||
| committer | Stephen Frost <sfrost@snowman.net> | |
| Fri, 30 Jan 2015 02:59:43 +0000 (21:59 -0500) |
In 804b6b6db4dcfc590a468e7be390738f9f7755fb we modified
BuildIndexValueDescription to pay attention to which columns are visible
to the user, but unfortunatley that commit neglected to consider indexes
which are built on expressions.
Handle error-reporting of violations of constraint indexes based on
expressions by not returning any detail when the user does not have
table-level SELECT rights.
Backpatch to 9.0, as the prior commit was.
Pointed out by Tom.
BuildIndexValueDescription to pay attention to which columns are visible
to the user, but unfortunatley that commit neglected to consider indexes
which are built on expressions.
Handle error-reporting of violations of constraint indexes based on
expressions by not returning any detail when the user does not have
table-level SELECT rights.
Backpatch to 9.0, as the prior commit was.
Pointed out by Tom.
| src/backend/access/index/genam.c | patch | blob | blame | history |
index 2520051e8601c95f147deb09fa3ab9943946c8ea..e9b5535a25f1d7761439d0aa13b9428d9482deeb 100644 (file)
{
AttrNumber attnum = idxrec->indkey.values[keyno];
- aclresult = pg_attribute_aclcheck(indrelid, attnum, GetUserId(),
- ACL_SELECT);
-
- if (aclresult != ACLCHECK_OK)
+ /*
+ * Note that if attnum == InvalidAttrNumber, then this is an
+ * index based on an expression and we return no detail rather
+ * than try to figure out what column(s) the expression includes
+ * and if the user has SELECT rights on them.
+ */
+ if (attnum == InvalidAttrNumber ||
+ pg_attribute_aclcheck(indrelid, attnum, GetUserId(),
+ ACL_SELECT) != ACLCHECK_OK)
{
/* No access, so clean up and return */
ReleaseSysCache(ht_idx);