Menu
▾
▴
[Firebird-checkins] SF.net SVN: firebird:[59872] firebird/trunk
|
From: <rom...@us...> - 2014-07-14 13:12:15
|
Revision: 59872
http://sourceforge.net/p/firebird/code/59872
Author: roman-simakov
Date: 2014-07-14 13:12:12 +0000 (Mon, 14 Jul 2014)
Log Message:
-----------
Improved description of DDL access control operations.
Fixed DB and DDL triggers handling. Thanks to Adriano.
Modified Paths:
--------------
firebird/trunk/doc/sql.extensions/README.ddl_access.txt
firebird/trunk/src/dsql/DdlNodes.epp
Modified: firebird/trunk/doc/sql.extensions/README.ddl_access.txt
===================================================================
--- firebird/trunk/doc/sql.extensions/README.ddl_access.txt 2014-07-14 00:27:26 UTC (rev 59871)
+++ firebird/trunk/doc/sql.extensions/README.ddl_access.txt 2014-07-14 13:12:12 UTC (rev 59872)
@@ -7,13 +7,13 @@
Syntax is:
-GRANT CREATE <OBJECT> TO USER|ROLE [with grant option];
-GRANT ALTER ANY <OBJECT> TO USER|ROLE [with grant option];
-GRANT DROP ANY <OBJECT> TO USER|ROLE [with grant option];
+GRANT CREATE <OBJECT> TO [USER | ROLE] <user/role name> [with grant option];
+GRANT ALTER ANY <OBJECT> TO [USER | ROLE] <user/role name> [with grant option];
+GRANT DROP ANY <OBJECT> TO [USER | ROLE] <user/role name> [with grant option];
-REVOKE [grant option for] CREATE <OBJECT> FROM USER|ROLE;
-REVOKE [grant option for] ALTER ANY <OBJECT> FROM USER|ROLE;
-REVOKE [grant option for] DROP ANY <OBJECT> FROM USER|ROLE;
+REVOKE [grant option for] CREATE <OBJECT> FROM [USER | ROLE] <user/role name>;
+REVOKE [grant option for] ALTER ANY <OBJECT> FROM [USER | ROLE] <user/role name>;
+REVOKE [grant option for] DROP ANY <OBJECT> FROM [USER | ROLE] <user/role name>;
Where <OBJECT> could be:
TABLE, VIEW, PROCEDURE, FUNCTION, PACKAGE, GENERATOR, SEQUENCE, DOMAIN,
Modified: firebird/trunk/src/dsql/DdlNodes.epp
===================================================================
--- firebird/trunk/src/dsql/DdlNodes.epp 2014-07-14 00:27:26 UTC (rev 59871)
+++ firebird/trunk/src/dsql/DdlNodes.epp 2014-07-14 13:12:12 UTC (rev 59872)
@@ -3157,9 +3157,16 @@
bool CreateAlterTriggerNode::checkPermission(thread_db* tdbb, jrd_tra* transaction)
{
- dsc dscName;
- dscName.makeText(relationName.length(), CS_METADATA, (UCHAR*) relationName.c_str());
- SCL_check_relation(tdbb, &dscName, SCL_alter);
+ if (relationName.hasData())
+ {
+ dsc dscName;
+ dscName.makeText(relationName.length(), CS_METADATA, (UCHAR*) relationName.c_str());
+ SCL_check_relation(tdbb, &dscName, SCL_alter);
+ }
+ else
+ {
+ SCL_check_database(tdbb, SCL_alter);
+ }
return true;
}
@@ -3335,7 +3342,6 @@
bool DropTriggerNode::checkPermission(thread_db* tdbb, jrd_tra* transaction)
{
- dsc dscName;
MetaName relationName;
AutoCacheRequest request(tdbb, drq_l_trigger_relname, DYN_REQUESTS);
@@ -3350,12 +3356,15 @@
if (relationName.isEmpty())
{
- // msg 48: "Index not found"
- status_exception::raise(Arg::PrivateDyn(48));
+ SCL_check_database(tdbb, SCL_alter);
}
+ else
+ {
+ dsc dscName;
+ dscName.makeText(relationName.length(), CS_METADATA, (UCHAR*) relationName.c_str());
+ SCL_check_relation(tdbb, &dscName, SCL_alter);
+ }
- dscName.makeText(relationName.length(), CS_METADATA, (UCHAR*) relationName.c_str());
- SCL_check_relation(tdbb, &dscName, SCL_alter);
return true;
}
@@ -3390,9 +3399,6 @@
break;
}
- if (X.RDB$RELATION_NAME.NULL && !transaction->getAttachment()->locksmith())
- status_exception::raise(Arg::Gds(isc_adm_task_denied));
-
executeDdlTrigger(tdbb, dsqlScratch, transaction, DTW_BEFORE, DDL_TRIGGER_DROP_TRIGGER, name);
relationName = X.RDB$RELATION_NAME;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
