Patch from Massimo Dal Zotto <dz@cs.unitn.it>

The first patch changes the behavior of aclcheck for groups. Currently an user can access a table only if he has the required permission for ALL the groups defined for that table. With my patch he can access a table if he has the permission for ONE of the groups, which seems to me a more useful thing. If you think this should be the correct behavior of the acl group check feel free to remove the #ifdef, if not please add a commented line to config.h.
2025-01-30 19:00:29 +08:00 · 1997-01-23 19:33:31 +00:00 · 1997-01-23 19:33:31 +00:00 · 1e5755cf73
commit 1e5755cf73
parent fa937b5e6b
1 changed files with 8 additions and 1 deletions
--- a/src/backend/tcop/aclchk.c
+++ b/src/backend/tcop/aclchk.c
@ -7,7 +7,7 @@
 *
 *
 * IDENTIFICATION
- *    $Header: /cvsroot/pgsql/src/backend/tcop/Attic/aclchk.c,v 1.5 1996/11/30 18:06:45 momjian Exp $
+ *    $Header: /cvsroot/pgsql/src/backend/tcop/Attic/aclchk.c,v 1.6 1997/01/23 19:33:31 scrappy Exp $
 *
 * NOTES
 *    See acl.h.
@ -291,6 +291,12 @@ aclcheck(Acl *acl, AclId id, AclIdType idtype, AclMode mode)
 	     i < num && aip->ai_idtype == ACL_IDTYPE_GID;
 	     ++i, ++aip) {
 	    if (in_group(id, aip->ai_id)) {
+#ifdef ACLGROUP_PATCH
+		if (aip->ai_mode & mode) {
+		    found_group = 1;
+                    break;
+		}
+#else
 		if (aip->ai_mode & mode)
 		    ++found_group;
 		else {
@ -300,6 +306,7 @@ aclcheck(Acl *acl, AclId id, AclIdType idtype, AclMode mode)
 #endif
 		    return(0);
 		}
+#endif
 	    }
 	}
 	if (found_group) {