From 315a9ca32e0de215f9822aec1e4cbe52c94fe09c Mon Sep 17 00:00:00 2001
From: Peter Eisentraut <peter_e@gmx.net>
Date: Sun, 18 Aug 2002 11:20:05 +0000
Subject: [PATCH] Make CREATE CONSTRAINT TRIGGER check for REFERENCES privilege
 on both master and slave tables.

---
 src/backend/commands/trigger.c | 39 +++++++++++++++++++++++++---------
 1 file changed, 29 insertions(+), 10 deletions(-)

diff --git a/src/backend/commands/trigger.c b/src/backend/commands/trigger.c
index d386fe5665f..312bad43525 100644
--- a/src/backend/commands/trigger.c
+++ b/src/backend/commands/trigger.c
@@ -7,7 +7,7 @@
  * Portions Copyright (c) 1994, Regents of the University of California
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/commands/trigger.c,v 1.126 2002/08/17 12:15:48 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/commands/trigger.c,v 1.127 2002/08/18 11:20:05 petere Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -86,6 +86,11 @@ CreateTrigger(CreateTrigStmt *stmt, bool forConstraint)
 
 	rel = heap_openrv(stmt->relation, AccessExclusiveLock);
 
+	if (stmt->constrrel != NULL)
+		constrrelid = RangeVarGetRelid(stmt->constrrel, false);
+	else
+		constrrelid = InvalidOid;
+
 	if (rel->rd_rel->relkind != RELKIND_RELATION)
 		elog(ERROR, "CreateTrigger: relation \"%s\" is not a table",
 			 stmt->relation->relname);
@@ -94,10 +99,29 @@ CreateTrigger(CreateTrigStmt *stmt, bool forConstraint)
 		elog(ERROR, "CreateTrigger: can't create trigger for system relation %s",
 			stmt->relation->relname);
 
-	aclresult = pg_class_aclcheck(RelationGetRelid(rel), GetUserId(),
-						  stmt->isconstraint ? ACL_REFERENCES : ACL_TRIGGER);
-	if (aclresult != ACLCHECK_OK)
-		aclcheck_error(aclresult, RelationGetRelationName(rel));
+	/* permission checks */
+
+	if (stmt->isconstraint)
+	{
+		/* foreign key constraint trigger */
+
+		aclresult = pg_class_aclcheck(RelationGetRelid(rel), GetUserId(), ACL_REFERENCES);
+		if (aclresult != ACLCHECK_OK)
+			aclcheck_error(aclresult, RelationGetRelationName(rel));
+		if (constrrelid != InvalidOid)
+		{
+			aclresult = pg_class_aclcheck(constrrelid, GetUserId(), ACL_REFERENCES);
+			if (aclresult != ACLCHECK_OK)
+				aclcheck_error(aclresult, get_rel_name(constrrelid));
+		}
+	}
+	else
+	{
+		/* real trigger */
+		aclresult = pg_class_aclcheck(RelationGetRelid(rel), GetUserId(), ACL_TRIGGER);
+		if (aclresult != ACLCHECK_OK)
+			aclcheck_error(aclresult, RelationGetRelationName(rel));
+	}
 
 	/*
 	 * Generate the trigger's OID now, so that we can use it in the name
@@ -124,11 +148,6 @@ CreateTrigger(CreateTrigStmt *stmt, bool forConstraint)
 		constrname = "";
 	}
 
-	if (stmt->constrrel != NULL)
-		constrrelid = RangeVarGetRelid(stmt->constrrel, false);
-	else
-		constrrelid = InvalidOid;
-
 	TRIGGER_CLEAR_TYPE(tgtype);
 	if (stmt->before)
 		TRIGGER_SETT_BEFORE(tgtype);
-- 
GitLab