/*
* Ownership check for a largeobject (specified by OID)
*
- * Note that we have no candidate to call this routine with a certain
- * snapshot except for SnapshotNow, so we don't provide an interface
- * with _snapshot() version now.
+ * This is only used for operations like ALTER LARGE OBJECT that are always
+ * relative to SnapshotNow.
*/
bool
pg_largeobject_ownercheck(Oid lobj_oid, Oid roleid)
}
/*
- * Drop a large object having the given LO identifier.
- *
- * When we drop a large object, it is necessary to drop both of metadata
- * and data pages in same time.
+ * Drop a large object having the given LO identifier. Both the data pages
+ * and metadata must be dropped.
*/
void
LargeObjectDrop(Oid loid)
if (!superuser())
{
/*
- * The 'lo_compat_privileges' is not checked here, because we
- * don't have any access control features in the 8.4.x series
- * or earlier release.
- * So, it is not a place we can define a compatible behavior.
+ * lo_compat_privileges is not checked here, because ALTER
+ * LARGE OBJECT ... OWNER did not exist at all prior to
+ * PostgreSQL 8.5.
+ *
+ * We must be the owner of the existing object.
*/
-
- /* Otherwise, must be owner of the existing object */
if (!pg_largeobject_ownercheck(loid, GetUserId()))
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
/*
* LargeObjectExists
*
- * Currently, we don't use system cache to contain metadata of
- * large objects, because massive number of large objects can
- * consume not a small amount of process local memory.
+ * We don't use the system cache to for large object metadata, for fear of
+ * using too much local memory.
*
* Note that LargeObjectExists always scans the system catalog
* with SnapshotNow, so it is unavailable to use to check
*
* See the comment in the inv_create() which describes
* the reason why LargeObjectRelationId is used instead
- * of the LargeObjectMetadataRelationId.
+ * of LargeObjectMetadataRelationId.
*/
CreateComments(loid, LargeObjectRelationId, 0, comment);
}
owner_default = ACL_ALL_RIGHTS_LANGUAGE;
break;
case ACL_OBJECT_LARGEOBJECT:
- /* Grant SELECT,UPDATE by default, for now */
world_default = ACL_NO_RIGHTS;
owner_default = ACL_ALL_RIGHTS_LARGEOBJECT;
break;
{
{"lo_compat_privileges", PGC_SUSET, COMPAT_OPTIONS_PREVIOUS,
- gettext_noop("Enables backward compatibility in privilege checks on large objects"),
- gettext_noop("When turned on, privilege checks on large objects perform "
- "with backward compatibility as 8.4.x or earlier releases.")
+ gettext_noop("Enables backward compatibility mode for privilege checks on large objects"),
+ gettext_noop("Skips privilege checks when reading or modifying large objects, "
+ "for compatibility with PostgreSQL releases prior to 8.5.")
},
&lo_compat_privileges,
false, NULL, NULL
projects / users / andresfreund / postgres.git / commitdiff