From 4b86a0d169e1cbbb57d79706fe41185c5132c98e Mon Sep 17 00:00:00 2001 From: chenxiaobin19 <1025221611@qq.com> Date: Mon, 27 Mar 2023 16:59:05 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E6=97=A0=E6=9D=83=E9=99=90?= =?UTF-8?q?=E7=94=A8=E6=88=B7=E4=BF=AE=E6=94=B9=E5=8F=91=E5=B8=83=E8=AE=A2?= =?UTF-8?q?=E9=98=85=E5=90=8D=E6=97=B6=E6=8A=A5=E9=94=99=E4=BF=A1=E6=81=AF?= =?UTF-8?q?=E9=94=99=E8=AF=AF=E7=9A=84=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/gausskernel/optimizer/commands/alter.cpp | 8 ++++++++ src/test/regress/input/publication.source | 8 ++++++++ src/test/regress/input/subscription.source | 8 ++++++++ src/test/regress/output/publication.source | 13 ++++++++++++- src/test/regress/output/subscription.source | 8 ++++++++ 5 files changed, 44 insertions(+), 1 deletion(-) diff --git a/src/gausskernel/optimizer/commands/alter.cpp b/src/gausskernel/optimizer/commands/alter.cpp index 84491516bf..6c9f208dda 100644 --- a/src/gausskernel/optimizer/commands/alter.cpp +++ b/src/gausskernel/optimizer/commands/alter.cpp @@ -256,6 +256,14 @@ AlterObjectRename_internal(Relation rel, Oid objectId, const char *new_name) if (!pg_ts_config_ownercheck(objectId, userId)) aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_TSCONFIGURATION, old_name); break; + case OBJECT_PUBLICATION: + if (!pg_publication_ownercheck(objectId, userId)) + aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PUBLICATION, old_name); + break; + case OBJECT_SUBSCRIPTION: + if (!pg_subscription_ownercheck(objectId, userId)) + aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_SUBSCRIPTION, old_name); + break; default: { ereport(ERROR, (errcode(ERRCODE_UNRECOGNIZED_NODE_TYPE), diff --git a/src/test/regress/input/publication.source b/src/test/regress/input/publication.source index 5f90f5d484..5d7951f1ba 100644 --- a/src/test/regress/input/publication.source +++ b/src/test/regress/input/publication.source @@ -109,11 +109,19 @@ RESET SESSION AUTHORIZATION; DROP ROLE regress_publication_user; DROP ROLE regress_publication_user2; --- permission +CREATE ROLE regress_publication_user LOGIN SYSADMIN PASSWORD 'Abcdef@123'; +SET SESSION AUTHORIZATION 'regress_publication_user' PASSWORD 'Abcdef@123'; +CREATE PUBLICATION testpub FOR ALL TABLES; CREATE ROLE normal_user LOGIN PASSWORD 'Abcdef@123'; SET SESSION AUTHORIZATION 'normal_user' PASSWORD 'Abcdef@123'; --- fail permission denied create publication p1; +ALTER PUBLICATION testpub RENAME TO testpub1; + +SET SESSION AUTHORIZATION 'regress_publication_user' PASSWORD 'Abcdef@123'; +DROP PUBLICATION testpub; RESET SESSION AUTHORIZATION; +DROP ROLE regress_publication_user; DROP ROLE normal_user; SELECT object_name,detail_info FROM pg_query_audit('2022-01-13 9:30:00', '2031-12-12 22:00:00') where type = 'ddl_publication_subscription'; diff --git a/src/test/regress/input/subscription.source b/src/test/regress/input/subscription.source index 3d43b99d43..30cd7a96b2 100644 --- a/src/test/regress/input/subscription.source +++ b/src/test/regress/input/subscription.source @@ -100,6 +100,13 @@ ALTER SUBSCRIPTION sub_len_999 SET (conninfo='host=192.16''''8.1.50 port=5432 us -- fail, set password len with 1000 ALTER SUBSCRIPTION sub_len_999 CONNECTION 'host=192.16''''8.1.50 port=5432 user=foo dbname=foodb password=xxin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leid'; +--- permission +CREATE ROLE normal_user LOGIN PASSWORD 'Abcdef@123'; +SET SESSION AUTHORIZATION 'normal_user' PASSWORD 'Abcdef@123'; +ALTER SUBSCRIPTION testsub_rename rename to testsub; + +SET SESSION AUTHORIZATION 'regress_subscription_user' PASSWORD 'Abcdef@123'; + --- drop subscription DROP SUBSCRIPTION IF EXISTS testsub_rename; DROP SUBSCRIPTION IF EXISTS testsub_maskconninfo; @@ -108,6 +115,7 @@ DROP SUBSCRIPTION IF EXISTS sub_len_999; RESET SESSION AUTHORIZATION; DROP ROLE regress_subscription_user; DROP ROLE regress_subscription_user2; +DROP ROLE normal_user; -- built-in function test select pg_replication_origin_create('origin_test'); diff --git a/src/test/regress/output/publication.source b/src/test/regress/output/publication.source index 96720bfee4..f1655df1f7 100644 --- a/src/test/regress/output/publication.source +++ b/src/test/regress/output/publication.source @@ -221,13 +221,22 @@ RESET SESSION AUTHORIZATION; DROP ROLE regress_publication_user; DROP ROLE regress_publication_user2; --- permission +CREATE ROLE regress_publication_user LOGIN SYSADMIN PASSWORD 'Abcdef@123'; +SET SESSION AUTHORIZATION 'regress_publication_user' PASSWORD 'Abcdef@123'; +CREATE PUBLICATION testpub FOR ALL TABLES; CREATE ROLE normal_user LOGIN PASSWORD 'Abcdef@123'; SET SESSION AUTHORIZATION 'normal_user' PASSWORD 'Abcdef@123'; --- fail permission denied create publication p1; ERROR: permission denied for database regression DETAIL: N/A +ALTER PUBLICATION testpub RENAME TO testpub1; +ERROR: must be owner of publication testpub +DETAIL: N/A +SET SESSION AUTHORIZATION 'regress_publication_user' PASSWORD 'Abcdef@123'; +DROP PUBLICATION testpub; RESET SESSION AUTHORIZATION; +DROP ROLE regress_publication_user; DROP ROLE normal_user; SELECT object_name,detail_info FROM pg_query_audit('2022-01-13 9:30:00', '2031-12-12 22:00:00') where type = 'ddl_publication_subscription'; object_name | detail_info @@ -251,7 +260,9 @@ SELECT object_name,detail_info FROM pg_query_audit('2022-01-13 9:30:00', '2031-1 testpub_only_tbl1 | DROP PUBLICATION IF EXISTS testpub_only_tbl1; testpub_only_insert | DROP PUBLICATION IF EXISTS testpub_only_insert; testpub_multitbls | DROP PUBLICATION IF EXISTS testpub_multitbls; -(19 rows) + testpub | CREATE PUBLICATION testpub FOR ALL TABLES; + testpub | DROP PUBLICATION testpub; +(21 rows) --clear audit log SELECT pg_delete_audit('1012-11-10', '3012-11-11'); diff --git a/src/test/regress/output/subscription.source b/src/test/regress/output/subscription.source index 2da18de9ac..7ef7842a12 100644 --- a/src/test/regress/output/subscription.source +++ b/src/test/regress/output/subscription.source @@ -189,6 +189,13 @@ ERROR: Password can't contain more than 999 characters. -- fail, set password len with 1000 ALTER SUBSCRIPTION sub_len_999 CONNECTION 'host=192.16''''8.1.50 port=5432 user=foo dbname=foodb password=xxin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leideyipi@123xin!@#$%^&*(!@#@$%^&*!@#$%^&*leid'; ERROR: Password can't contain more than 999 characters. +--- permission +CREATE ROLE normal_user LOGIN PASSWORD 'Abcdef@123'; +SET SESSION AUTHORIZATION 'normal_user' PASSWORD 'Abcdef@123'; +ALTER SUBSCRIPTION testsub_rename rename to testsub; +ERROR: must be owner of subscription testsub_rename +DETAIL: N/A +SET SESSION AUTHORIZATION 'regress_subscription_user' PASSWORD 'Abcdef@123'; --- drop subscription DROP SUBSCRIPTION IF EXISTS testsub_rename; DROP SUBSCRIPTION IF EXISTS testsub_maskconninfo; @@ -197,6 +204,7 @@ DROP SUBSCRIPTION IF EXISTS sub_len_999; RESET SESSION AUTHORIZATION; DROP ROLE regress_subscription_user; DROP ROLE regress_subscription_user2; +DROP ROLE normal_user; -- built-in function test select pg_replication_origin_create('origin_test'); pg_replication_origin_create -- Gitee