* Serge Petrenko <sergepetrenko@xxxxxxxxxxxxx> [18/07/11 19:42]:
/*
* Only the owner of the object or someone who has
* specific DDL privilege on the object can execute
@@ -96,6 +102,40 @@ access_check_ddl(const char *name, uint32_t owner_uid,
*/
if (access == 0 || (is_owner && !(access & (PRIV_U|PRIV_C))))
return; /* Access granted. */
+ int rc = -1;
+ if (!(access & (PRIV_U | PRIV_C))) {
+ * Ignore universe and unknown
+ * types here, since universe is already handled, and what
+ * to do with unknown is unknown.
+ *
+ * Currently no specific privileges to a single role, user,
+ * collation.
+ */
+ switch (type) {
+ case SC_SPACE:
+ rc = access_check_space(
+ space_cache_find_xc(object_id),
+ access);
+ break;
+ case SC_SEQUENCE:
+ if (priv_type == PRIV_W) {
+ rc = access_check_sequence(
+ sequence_cache_find(object_id));
+ break;
+ }
+ case SC_FUNCTION:
+ case SC_USER:
+ case SC_ROLE:
+ case SC_COLLATION:
@@ -1751,11 +1791,9 @@ on_replace_dd_index(struct trigger * /* trigger */,
void *event)
uint32_t iid = tuple_field_u32_xc(old_tuple ? old_tuple : new_tuple,
BOX_INDEX_FIELD_ID);
struct space *old_space = space_cache_find_xc(id);
- enum priv_type priv_type = new_tuple ? PRIV_C : PRIV_D;
- if (old_tuple && new_tuple)
- priv_type = PRIV_A;
- access_check_ddl(old_space->def->name, old_space->def->uid, SC_SPACE,
- priv_type, true);
+ enum priv_type priv_type = new_tuple ? PRIV_A : PRIV_D;
+ access_check_ddl(old_space->def->name, old_space->def->id,
+ old_space->def->uid, SC_SPACE, priv_type, true);
@@ -2185,8 +2224,8 @@ on_replace_dd_user(struct trigger * /* trigger */, void
*event)
* correct.
*/
struct user_def *user = user_def_new_from_tuple(new_tuple);
- access_check_ddl(user->name, user->uid, SC_USER, PRIV_A,
- true);
+ access_check_ddl(user->name, user->uid, user->uid, SC_USER,
+ PRIV_A, true);
end
+ if object_type == 'user' then
+ if object_name == nil or object_name == 0 then
+ return 0
+ end
+ -- otherwise some error. Don't know which one yet.
+ box.error(box.error.NO_SUCH_USER, object_name)
+ end