diff --git a/src/gausskernel/optimizer/commands/alter.cpp b/src/gausskernel/optimizer/commands/alter.cpp index 84491516bf4f5039428d9b136ce5528d2c77af27..6c9f208ddadcbd911ece0047212ee318c77238b0 100644 --- a/src/gausskernel/optimizer/commands/alter.cpp +++ b/src/gausskernel/optimizer/commands/alter.cpp @@ -256,6 +256,14 @@ AlterObjectRename_internal(Relation rel, Oid objectId, const char *new_name) if (!pg_ts_config_ownercheck(objectId, userId)) aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_TSCONFIGURATION, old_name); break; + case OBJECT_PUBLICATION: + if (!pg_publication_ownercheck(objectId, userId)) + aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PUBLICATION, old_name); + break; + case OBJECT_SUBSCRIPTION: + if (!pg_subscription_ownercheck(objectId, userId)) + aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_SUBSCRIPTION, old_name); + break; default: { ereport(ERROR, (errcode(ERRCODE_UNRECOGNIZED_NODE_TYPE), diff --git a/src/test/regress/input/publication.source b/src/test/regress/input/publication.source index 5f90f5d48434a13c2602641fddd6721380f12c53..5d7951f1ba66c199a8e1f9a5b56d76525c3d0e46 100644 --- a/src/test/regress/input/publication.source +++ b/src/test/regress/input/publication.source @@ -109,11 +109,19 @@ RESET SESSION AUTHORIZATION; DROP ROLE regress_publication_user; DROP ROLE regress_publication_user2; --- permission +CREATE ROLE regress_publication_user LOGIN SYSADMIN PASSWORD 'Abcdef@123'; +SET SESSION AUTHORIZATION 'regress_publication_user' PASSWORD 'Abcdef@123'; +CREATE PUBLICATION testpub FOR ALL TABLES; CREATE ROLE normal_user LOGIN PASSWORD 'Abcdef@123'; SET SESSION AUTHORIZATION 'normal_user' PASSWORD 'Abcdef@123'; --- fail permission denied create publication p1; +ALTER PUBLICATION testpub RENAME TO testpub1; + +SET SESSION AUTHORIZATION 'regress_publication_user' PASSWORD 'Abcdef@123'; +DROP PUBLICATION testpub; RESET SESSION AUTHORIZATION; +DROP ROLE regress_publication_user; DROP ROLE normal_user; SELECT object_name,detail_info FROM pg_query_audit('2022-01-13 9:30:00', '2031-12-12 22:00:00') where type = 'ddl_publication_subscription'; diff --git a/src/test/regress/input/subscription.source b/src/test/regress/input/subscription.source index 3d43b99d43daf4d7851d3ca5ccd626b07ddfc088..30cd7a96b270adbbf2c793c259a22492cef28313 100644 --- a/src/test/regress/input/subscription.source +++ b/src/test/regress/input/subscription.source @@ -100,6 +100,13 @@ ALTER SUBSCRIPTION sub_len_999 SET (conninfo='host=192.16''''8.1.50 port=5432 us -- fail, set password len with 1000 ALTER SUBSCRIPTION sub_len_999 CONNECTION 'host=192.16''''8.1.50 port=5432 user=foo dbname=foodb password=xxin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leid'; +--- permission +CREATE ROLE normal_user LOGIN PASSWORD 'Abcdef@123'; +SET SESSION AUTHORIZATION 'normal_user' PASSWORD 'Abcdef@123'; +ALTER SUBSCRIPTION testsub_rename rename to testsub; + +SET SESSION AUTHORIZATION 'regress_subscription_user' PASSWORD 'Abcdef@123'; + --- drop subscription DROP SUBSCRIPTION IF EXISTS testsub_rename; DROP SUBSCRIPTION IF EXISTS testsub_maskconninfo; @@ -108,6 +115,7 @@ DROP SUBSCRIPTION IF EXISTS sub_len_999; RESET SESSION AUTHORIZATION; DROP ROLE regress_subscription_user; DROP ROLE regress_subscription_user2; +DROP ROLE normal_user; -- built-in function test select pg_replication_origin_create('origin_test'); diff --git a/src/test/regress/output/publication.source b/src/test/regress/output/publication.source index 96720bfee49580b259f746acc483174a706b9f70..f1655df1f7ffc33c12e3a7522f1e66792a164e4b 100644 --- a/src/test/regress/output/publication.source +++ b/src/test/regress/output/publication.source @@ -221,13 +221,22 @@ RESET SESSION AUTHORIZATION; DROP ROLE regress_publication_user; DROP ROLE regress_publication_user2; --- permission +CREATE ROLE regress_publication_user LOGIN SYSADMIN PASSWORD 'Abcdef@123'; +SET SESSION AUTHORIZATION 'regress_publication_user' PASSWORD 'Abcdef@123'; +CREATE PUBLICATION testpub FOR ALL TABLES; CREATE ROLE normal_user LOGIN PASSWORD 'Abcdef@123'; SET SESSION AUTHORIZATION 'normal_user' PASSWORD 'Abcdef@123'; --- fail permission denied create publication p1; ERROR: permission denied for database regression DETAIL: N/A +ALTER PUBLICATION testpub RENAME TO testpub1; +ERROR: must be owner of publication testpub +DETAIL: N/A +SET SESSION AUTHORIZATION 'regress_publication_user' PASSWORD 'Abcdef@123'; +DROP PUBLICATION testpub; RESET SESSION AUTHORIZATION; +DROP ROLE regress_publication_user; DROP ROLE normal_user; SELECT object_name,detail_info FROM pg_query_audit('2022-01-13 9:30:00', '2031-12-12 22:00:00') where type = 'ddl_publication_subscription'; object_name | detail_info @@ -251,7 +260,9 @@ SELECT object_name,detail_info FROM pg_query_audit('2022-01-13 9:30:00', '2031-1 testpub_only_tbl1 | DROP PUBLICATION IF EXISTS testpub_only_tbl1; testpub_only_insert | DROP PUBLICATION IF EXISTS testpub_only_insert; testpub_multitbls | DROP PUBLICATION IF EXISTS testpub_multitbls; -(19 rows) + testpub | CREATE PUBLICATION testpub FOR ALL TABLES; + testpub | DROP PUBLICATION testpub; +(21 rows) --clear audit log SELECT pg_delete_audit('1012-11-10', '3012-11-11'); diff --git a/src/test/regress/output/subscription.source b/src/test/regress/output/subscription.source index 2da18de9ac32c3b64a72c55e115a36ca2daf454d..7ef7842a12567f9af026bf47841eee8f6cf51506 100644 --- a/src/test/regress/output/subscription.source +++ b/src/test/regress/output/subscription.source @@ -189,6 +189,13 @@ ERROR: Password can't contain more than 999 characters. -- fail, set password len with 1000 ALTER SUBSCRIPTION sub_len_999 CONNECTION 'host=192.16''''8.1.50 port=5432 user=foo dbname=foodb password=xxin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leid'; ERROR: Password can't contain more than 999 characters. +--- permission +CREATE ROLE normal_user LOGIN PASSWORD 'Abcdef@123'; +SET SESSION AUTHORIZATION 'normal_user' PASSWORD 'Abcdef@123'; +ALTER SUBSCRIPTION testsub_rename rename to testsub; +ERROR: must be owner of subscription testsub_rename +DETAIL: N/A +SET SESSION AUTHORIZATION 'regress_subscription_user' PASSWORD 'Abcdef@123'; --- drop subscription DROP SUBSCRIPTION IF EXISTS testsub_rename; DROP SUBSCRIPTION IF EXISTS testsub_maskconninfo; @@ -197,6 +204,7 @@ DROP SUBSCRIPTION IF EXISTS sub_len_999; RESET SESSION AUTHORIZATION; DROP ROLE regress_subscription_user; DROP ROLE regress_subscription_user2; +DROP ROLE normal_user; -- built-in function test select pg_replication_origin_create('origin_test'); pg_replication_origin_create