Allow GRANT/REVOKE to/from more than one user per invocation. Command tag

for GRANT/REVOKE is now just that, not "CHANGE".

On the way, migrate some of the aclitem internal representation away from
the parser and build a real parse tree instead.  Also add some 'const'
qualifiers.

Author: petere

doc/src/sgml/ref/grant.sgml

@@ -1,5 +1,5 @@
 <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/ref/grant.sgml,v 1.10 2001/05/27 09:59:28 petere Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/ref/grant.sgml,v 1.11 2001/06/09 23:21:54 petere Exp $
 Postgres documentation
 -->
 
@@ -18,7 +18,7 @@ Postgres documentation
 <synopsis>
 GRANT { { SELECT | INSERT | UPDATE | DELETE | RULE | REFERENCES | TRIGGER } [,...] | ALL [ PRIVILEGES ] }
     ON [ TABLE ] <replaceable class="PARAMETER">objectname</replaceable> [, ...]
-    TO { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC }
+    TO { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...]
 </synopsis>
  </refsynopsisdiv>
 

doc/src/sgml/ref/revoke.sgml

@@ -1,5 +1,5 @@
 <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/ref/revoke.sgml,v 1.14 2001/05/27 09:59:28 petere Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/ref/revoke.sgml,v 1.15 2001/06/09 23:21:54 petere Exp $
 Postgres documentation
 -->
 
@@ -18,7 +18,7 @@ Postgres documentation
 <synopsis>
 REVOKE { { SELECT | INSERT | UPDATE | DELETE | RULE | REFERENCES | TRIGGER } [,...] | ALL [ PRIVILEGES ] }
     ON [ TABLE ] <replaceable class="PARAMETER">object</replaceable> [, ...]
-    FROM { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC }
+    FROM { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...]
 </synopsis>
  </refsynopsisdiv>
 

src/backend/catalog/aclchk.c

@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/catalog/aclchk.c,v 1.49 2001/06/05 19:34:56 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/catalog/aclchk.c,v 1.50 2001/06/09 23:21:54 petere Exp $
  *
  * NOTES
  *	  See acl.h.
@@ -63,95 +63,132 @@ dumpacl(Acl *acl)
 
 #endif /* ACLDEBUG */
 
+
 /*
- * ChangeAcl
+ * Called to execute the utility commands GRANT and REVOKE
  */
 void
-ChangeAcl(char *relname,
-		  AclItem *mod_aip,
-		  unsigned modechg)
+ExecuteGrantStmt(GrantStmt *stmt)
 {
-	unsigned	i;
-	Acl		   *old_acl,
-			   *new_acl;
-	Relation	relation;
-	HeapTuple	tuple;
-	HeapTuple	newtuple;
-	Datum		aclDatum;
-	Datum		values[Natts_pg_class];
-	char		nulls[Natts_pg_class];
-	char		replaces[Natts_pg_class];
-	Relation	idescs[Num_pg_class_indices];
-	bool		isNull;
+	List	   *i;
+	List	   *j;
 
-	/*
-	 * Find the pg_class tuple matching 'relname' and extract the ACL. If
-	 * there's no ACL, create a default using the pg_class.relowner field.
-	 */
-	relation = heap_openr(RelationRelationName, RowExclusiveLock);
-	tuple = SearchSysCache(RELNAME,
-						   PointerGetDatum(relname),
-						   0, 0, 0);
-	if (!HeapTupleIsValid(tuple))
-	{
-		heap_close(relation, RowExclusiveLock);
-		elog(ERROR, "ChangeAcl: class \"%s\" not found",
-			 relname);
-	}
-
-	aclDatum = SysCacheGetAttr(RELNAME, tuple, Anum_pg_class_relacl,
-							   &isNull);
-	if (isNull)
-	{
-		/* No ACL, so build default ACL for rel */
-		AclId		ownerId;
+	/* see comment in pg_type.h */
+	Assert(ACLITEMSIZE == sizeof(AclItem));
 
-		ownerId = ((Form_pg_class) GETSTRUCT(tuple))->relowner;
-		old_acl = acldefault(relname, ownerId);
-	}
-	else
+	foreach(i, stmt->relnames)
 	{
-		/* get a detoasted copy of the rel's ACL */
-		old_acl = DatumGetAclPCopy(aclDatum);
-	}
+		char	   *relname = strVal(lfirst(i));
+		Relation	relation;
+		HeapTuple	tuple;
+		Form_pg_class pg_class_tuple;
+		Datum		aclDatum;
+		bool		isNull;
+		Acl		   *old_acl;
+		Acl		   *new_acl;
+		unsigned	i;
+		HeapTuple	newtuple;
+		Datum		values[Natts_pg_class];
+		char		nulls[Natts_pg_class];
+		char		replaces[Natts_pg_class];
+
+
+		if (!pg_ownercheck(GetUserId(), relname, RELNAME))
+			elog(ERROR, "permission denied");
+
+		/* open pg_class */
+		relation = heap_openr(RelationRelationName, RowExclusiveLock);
+		tuple = SearchSysCache(RELNAME,
+							   PointerGetDatum(relname),
+							   0, 0, 0);
+		if (!HeapTupleIsValid(tuple))
+		{
+			heap_close(relation, RowExclusiveLock);
+			elog(ERROR, "relation \"%s\" not found",
+				 relname);
+		}
+		pg_class_tuple = (Form_pg_class) GETSTRUCT(tuple);
+
+		if (pg_class_tuple->relkind == RELKIND_INDEX)
+			elog(ERROR, "\"%s\" is an index",
+				 relname);
+
+		/*
+		 * If there's no ACL, create a default using the
+		 * pg_class.relowner field.
+		 */
+		aclDatum = SysCacheGetAttr(RELNAME, tuple, Anum_pg_class_relacl,
+								   &isNull);
+		if (isNull)
+			old_acl = acldefault(relname, pg_class_tuple->relowner);
+		else
+			/* get a detoasted copy of the rel's ACL */
+			old_acl = DatumGetAclPCopy(aclDatum);
 
 #ifdef ACLDEBUG
-	dumpacl(old_acl);
+		dumpacl(old_acl);
 #endif
+		new_acl = old_acl;
 
-	new_acl = aclinsert3(old_acl, mod_aip, modechg);
-
+		foreach(j, stmt->grantees)
+		{
+			PrivGrantee *grantee = (PrivGrantee *)lfirst(j);
+			char	   *granteeString;
+			char	   *aclString;
+			AclItem		aclitem;
+			unsigned	modechg;
+
+			if (grantee->username)
+				granteeString = aclmakeuser("U", grantee->username);
+			else if (grantee->groupname)
+				granteeString = aclmakeuser("G", grantee->groupname);
+			else
+				granteeString = aclmakeuser("A", "");
+
+			aclString = makeAclString(stmt->privileges, granteeString,
+									  stmt->is_grant ? '+' : '-');
+
+			/* Convert string ACL spec into internal form */
+			aclparse(aclString, &aclitem, &modechg);
+			new_acl = aclinsert3(new_acl, &aclitem, modechg);
 #ifdef ACLDEBUG
-	dumpacl(new_acl);
+			dumpacl(new_acl);
 #endif
+		}
 
-	for (i = 0; i < Natts_pg_class; ++i)
-	{
-		replaces[i] = ' ';
-		nulls[i] = ' ';			/* ignored if replaces[i] == ' ' anyway */
-		values[i] = (Datum) NULL;		/* ignored if replaces[i] == ' '
-										 * anyway */
-	}
-	replaces[Anum_pg_class_relacl - 1] = 'r';
-	values[Anum_pg_class_relacl - 1] = PointerGetDatum(new_acl);
-	newtuple = heap_modifytuple(tuple, relation, values, nulls, replaces);
+		/* finished building new ACL value, now insert it */
+		for (i = 0; i < Natts_pg_class; ++i)
+		{
+			replaces[i] = ' ';
+			nulls[i] = ' ';		/* ignored if replaces[i]==' ' anyway */
+			values[i] = (Datum) NULL; /* ignored if replaces[i]==' ' anyway */
+		}
+		replaces[Anum_pg_class_relacl - 1] = 'r';
+		values[Anum_pg_class_relacl - 1] = PointerGetDatum(new_acl);
+		newtuple = heap_modifytuple(tuple, relation, values, nulls, replaces);
 
-	ReleaseSysCache(tuple);
+		ReleaseSysCache(tuple);
 
-	simple_heap_update(relation, &newtuple->t_self, newtuple);
+		simple_heap_update(relation, &newtuple->t_self, newtuple);
 
-	/* keep the catalog indices up to date */
-	CatalogOpenIndices(Num_pg_class_indices, Name_pg_class_indices,
-					   idescs);
-	CatalogIndexInsert(idescs, Num_pg_class_indices, relation, newtuple);
-	CatalogCloseIndices(Num_pg_class_indices, idescs);
+		{
+			/* keep the catalog indexes up to date */
+			Relation	idescs[Num_pg_class_indices];
+			CatalogOpenIndices(Num_pg_class_indices, Name_pg_class_indices,
+							   idescs);
+			CatalogIndexInsert(idescs, Num_pg_class_indices, relation, newtuple);
+			CatalogCloseIndices(Num_pg_class_indices, idescs);
+		}
 
-	heap_close(relation, RowExclusiveLock);
+		pfree(old_acl);
+		pfree(new_acl);
 
-	pfree(old_acl);
-	pfree(new_acl);
+		heap_close(relation, RowExclusiveLock);
+	}
 }
 
+
+
 AclId
 get_grosysid(char *groname)
 {

src/backend/nodes/copyfuncs.c

@@ -15,7 +15,7 @@
  * Portions Copyright (c) 1994, Regents of the University of California
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/nodes/copyfuncs.c,v 1.143 2001/06/05 05:26:03 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/nodes/copyfuncs.c,v 1.144 2001/06/09 23:21:54 petere Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -24,7 +24,6 @@
 
 #include "optimizer/clauses.h"
 #include "optimizer/planmain.h"
-#include "utils/acl.h"
 
 
 /*
@@ -1856,14 +1855,29 @@ _copyAlterTableStmt(AlterTableStmt *from)
 	return newnode;
 }
 
-static ChangeACLStmt *
-_copyChangeACLStmt(ChangeACLStmt *from)
+static GrantStmt *
+_copyGrantStmt(GrantStmt *from)
 {
-	ChangeACLStmt *newnode = makeNode(ChangeACLStmt);
+	GrantStmt *newnode = makeNode(GrantStmt);
 
-	Node_Copy(from, newnode, relNames);
-	if (from->aclString)
-		newnode->aclString = pstrdup(from->aclString);
+	newnode->is_grant = from->is_grant;
+	Node_Copy(from, newnode, relnames);
+	if (from->privileges)
+		newnode->privileges = pstrdup(from->privileges);
+	Node_Copy(from, newnode, grantees);
+
+	return newnode;
+}
+
+static PrivGrantee *
+_copyPrivGrantee(PrivGrantee *from)
+{
+	PrivGrantee *newnode = makeNode(PrivGrantee);
+
+	if (from->username)
+		newnode->username = pstrdup(from->username);
+	if (from->groupname)
+		newnode->groupname = pstrdup(from->groupname);
 
 	return newnode;
 }
@@ -2729,8 +2743,8 @@ copyObject(void *from)
 		case T_AlterTableStmt:
 			retval = _copyAlterTableStmt(from);
 			break;
-		case T_ChangeACLStmt:
-			retval = _copyChangeACLStmt(from);
+		case T_GrantStmt:
+			retval = _copyGrantStmt(from);
 			break;
 		case T_ClosePortalStmt:
 			retval = _copyClosePortalStmt(from);
@@ -2943,6 +2957,9 @@ copyObject(void *from)
 		case T_FkConstraint:
 			retval = _copyFkConstraint(from);
 			break;
+		case T_PrivGrantee:
+			retval = _copyPrivGrantee(from);
+			break;
 
 		default:
 			elog(ERROR, "copyObject: don't know how to copy node type %d",

src/backend/nodes/equalfuncs.c

@@ -20,7 +20,7 @@
  * Portions Copyright (c) 1994, Regents of the University of California
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/nodes/equalfuncs.c,v 1.91 2001/06/05 05:26:03 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/nodes/equalfuncs.c,v 1.92 2001/06/09 23:21:54 petere Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -29,7 +29,6 @@
 
 #include "nodes/plannodes.h"
 #include "nodes/relation.h"
-#include "utils/acl.h"
 #include "utils/datum.h"
 
 
@@ -755,16 +754,27 @@ _equalAlterTableStmt(AlterTableStmt *a, AlterTableStmt *b)
 }
 
 static bool
-_equalChangeACLStmt(ChangeACLStmt *a, ChangeACLStmt *b)
+_equalGrantStmt(GrantStmt *a, GrantStmt *b)
 {
-	if (!equal(a->relNames, b->relNames))
+	if (a->is_grant != b->is_grant)
 		return false;
-	if (!equalstr(a->aclString, b->aclString))
+	if (!equal(a->relnames, b->relnames))
+		return false;
+	if (!equalstr(a->privileges, b->privileges))
+		return false;
+	if (!equal(a->grantees, b->grantees))
 		return false;
 
 	return true;
 }
 
+static bool
+_equalPrivGrantee(PrivGrantee *a, PrivGrantee *b)
+{
+	return equalstr(a->username, b->username)
+		&& equalstr(a->groupname, b->groupname);
+}	
+
 static bool
 _equalClosePortalStmt(ClosePortalStmt *a, ClosePortalStmt *b)
 {
@@ -1898,8 +1908,8 @@ equal(void *a, void *b)
 		case T_AlterTableStmt:
 			retval = _equalAlterTableStmt(a, b);
 			break;
-		case T_ChangeACLStmt:
-			retval = _equalChangeACLStmt(a, b);
+		case T_GrantStmt:
+			retval = _equalGrantStmt(a, b);
 			break;
 		case T_ClosePortalStmt:
 			retval = _equalClosePortalStmt(a, b);
@@ -2113,6 +2123,9 @@ equal(void *a, void *b)
 		case T_FkConstraint:
 			retval = _equalFkConstraint(a, b);
 			break;
+		case T_PrivGrantee:
+			retval = _equalPrivGrantee(a, b);
+			break;
 
 		default:
 			elog(NOTICE, "equal: don't know whether nodes of type %d are equal",