| From: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | robertmhaas(at)gmail(dot)com, pgsql-hackers(at)postgresql(dot)org, kaigai(at)kaigai(dot)gr(dot)jp |
| Subject: | Reworks for Access Control facilities (r2363) |
| Date: | 2009-10-14 03:07:46 |
| Message-ID: | 4AD54082.9050001@ak.jp.nec.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
The attached patch is a revised one with the following updates:
- rebased to the latest CVS HEAD
- eliminated comments about code which already removed, such as "we had
ACL_xxx checks here, but it is moved to ac_xxx_create()", and some of
notifications are moved to the README.
(comments about LookupCreationNamespace() and CheckRelationOwnership())
- removed ac_relation_permission() invocation from OpenIntoRel()
because the default PG model uses the perspective CREATE TABLE AS is
an atomic operation, due to the defaultACL thread.
(It is already talked with Stephen, and agreed.)
- fixed two bugs:
* ac_index_create() didn't bypass checks on bootstraping mode.
* ac_schema_alter() didn't checks ACL_CREATE on changing owner.
Thanks,
Stephen Frost wrote:
> KaiGai,
>
> * KaiGai Kohei (kaigai(at)ak(dot)jp(dot)nec(dot)com) wrote:
>> Please review the new revision, Thanks,
>
> In general, I'm pretty happy with this revision. You still have a
> number of places where you have comments about code which does not exist
> any more. For example, the comments about the check being removed from
> LookupCreationNamespace. I would recommend pulling out those comments
> and instead having a comment at the top of the function that says
> "namespace creation permission checks are handled in the individual
> object ac_*_create() routines".
>
> I don't like having comments that are about code which was removed.
> Some of these could be moved to the README if they aren't there already
> and they really need to be kept.
>
> There are some other grammatical and spelling issues in the comments,
> but I don't believe any of this should hold this patch up from being
> ready for committer. At a minimum, I think this really needs to have a
> committer comment on it to ensure we're going in the right direction.
> I'd be happy to continue working with KaiGai to review his changes going
> forward, either with the next set of SE-PG patches or reworking this one
> if necessary.
>
> Thanks,
>
> Stephen
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
| Attachment | Content-Type | Size |
|---|---|---|
| sepgsql-01-base-8.5devel-r2363.patch.gz | application/gzip | 81.0 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Itagaki Takahiro | 2009-10-14 04:34:31 | Re: Triggers on columns |
| Previous Message | Tom Lane | 2009-10-14 02:43:05 | Re: [PATCH] Largeobject access controls |