From 1e5755cf73341779953405f0c4e58f1f79454f30 Mon Sep 17 00:00:00 2001 From: "Marc G. Fournier" Date: Thu, 23 Jan 1997 19:33:31 +0000 Subject: [PATCH] Patch from Massimo Dal Zotto The first patch changes the behavior of aclcheck for groups. Currently an user can access a table only if he has the required permission for ALL the groups defined for that table. With my patch he can access a table if he has the permission for ONE of the groups, which seems to me a more useful thing. If you think this should be the correct behavior of the acl group check feel free to remove the #ifdef, if not please add a commented line to config.h. --- src/backend/tcop/aclchk.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/backend/tcop/aclchk.c b/src/backend/tcop/aclchk.c index 32e6314ae1..b58a750343 100644 --- a/src/backend/tcop/aclchk.c +++ b/src/backend/tcop/aclchk.c @@ -7,7 +7,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/tcop/Attic/aclchk.c,v 1.5 1996/11/30 18:06:45 momjian Exp $ + * $Header: /cvsroot/pgsql/src/backend/tcop/Attic/aclchk.c,v 1.6 1997/01/23 19:33:31 scrappy Exp $ * * NOTES * See acl.h. @@ -291,6 +291,12 @@ aclcheck(Acl *acl, AclId id, AclIdType idtype, AclMode mode) i < num && aip->ai_idtype == ACL_IDTYPE_GID; ++i, ++aip) { if (in_group(id, aip->ai_id)) { +#ifdef ACLGROUP_PATCH + if (aip->ai_mode & mode) { + found_group = 1; + break; + } +#else if (aip->ai_mode & mode) ++found_group; else { @@ -300,6 +306,7 @@ aclcheck(Acl *acl, AclId id, AclIdType idtype, AclMode mode) #endif return(0); } +#endif } } if (found_group) { -- 2.40.0