external
/
citus
mirror of https://github.com/citusdata/citus.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Ensure table owner when using alter_columnar_table_set/alter_columnar_table_reset (#4748)

pull/4747/head
Onur Tirtir 2021-02-26 12:27:51 +03:00 committed by GitHub
parent fbeb747006
commit 5ed954844c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 33 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/backend/columnar/cstore_tableam.c
View File

@ -1662,6 +1662,8 @@ alter_columnar_table_set(PG_FUNCTION_ARGS)
quote_identifier(RelationGetRelationName(rel))))); quote_identifier(RelationGetRelationName(rel)))));
} }
EnsureTableOwner(relationId);
ColumnarOptions options = { 0 }; ColumnarOptions options = { 0 };
if (!ReadColumnarOptions(relationId, &options)) if (!ReadColumnarOptions(relationId, &options))
{ {
@ -1769,6 +1771,8 @@ alter_columnar_table_reset(PG_FUNCTION_ARGS)
quote_identifier(RelationGetRelationName(rel))))); quote_identifier(RelationGetRelationName(rel)))));
} }
EnsureTableOwner(relationId);
ColumnarOptions options = { 0 }; ColumnarOptions options = { 0 };
if (!ReadColumnarOptions(relationId, &options)) if (!ReadColumnarOptions(relationId, &options))
{ {

16
src/test/regress/expected/pg12.out
View File

@ -650,8 +650,22 @@ SELECT citus_remove_node('localhost', :master_port);
(1 row) (1 row)
CREATE TABLE superuser_columnar_table (a int) USING columnar;
CREATE USER read_access;
NOTICE: not propagating CREATE ROLE/USER commands to worker nodes
HINT: Connect to worker nodes directly to manually create all necessary users and roles.
SET ROLE read_access;
-- user shouldn't be able to execute alter_columnar_table_set
-- or alter_columnar_table_reset for a columnar table that it
-- doesn't own
SELECT alter_columnar_table_set('test_pg12.superuser_columnar_table', chunk_group_row_limit => 100);
ERROR: permission denied for schema test_pg12
SELECT alter_columnar_table_reset('test_pg12.superuser_columnar_table');
ERROR: permission denied for schema test_pg12
RESET ROLE;
DROP USER read_access;
\set VERBOSITY terse \set VERBOSITY terse
drop schema test_pg12 cascade; drop schema test_pg12 cascade;
NOTICE: drop cascades to 15 other objects NOTICE: drop cascades to 16 other objects
\set VERBOSITY default \set VERBOSITY default
SET citus.shard_replication_factor to 2; SET citus.shard_replication_factor to 2;

14
src/test/regress/sql/pg12.sql
View File

@ -383,6 +383,20 @@ ROLLBACK;
RESET citus.replicate_reference_tables_on_activate; RESET citus.replicate_reference_tables_on_activate;
SELECT citus_remove_node('localhost', :master_port); SELECT citus_remove_node('localhost', :master_port);
CREATE TABLE superuser_columnar_table (a int) USING columnar;
CREATE USER read_access;
SET ROLE read_access;
-- user shouldn't be able to execute alter_columnar_table_set
-- or alter_columnar_table_reset for a columnar table that it
-- doesn't own
SELECT alter_columnar_table_set('test_pg12.superuser_columnar_table', chunk_group_row_limit => 100);
SELECT alter_columnar_table_reset('test_pg12.superuser_columnar_table');
RESET ROLE;
DROP USER read_access;
\set VERBOSITY terse \set VERBOSITY terse
drop schema test_pg12 cascade; drop schema test_pg12 cascade;
\set VERBOSITY default \set VERBOSITY default