Fix drop directory privilege check.

zhangwenchao-123 · my-ship-it · commit 2b8815bce07e · 2024-05-10T10:29:55.000+08:00
Now, when we drop directory table we will check whether current user
has tablespace's privilege which is not reasonable. In this
commit, we will check directory table's privilege in drop directory
table.
diff --git a/src/backend/catalog/storage_directory_table.c b/src/backend/catalog/storage_directory_table.c
@@ -94,11 +94,6 @@ DirectoryTableDropStorage(Relation rel)
 	tablespaceoid = spcform->oid;
 	tablespace_name = pstrdup(NameStr(((Form_pg_tablespace) GETSTRUCT(tuple))->spcname));
 
-	/* Must be tablespace owner */
-	if (!pg_tablespace_ownercheck(tablespaceoid, GetUserId()))
-		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_TABLESPACE,
-					   tablespace_name);
-
 	table_endscan(scandesc);
 	table_close(spcrel, RowExclusiveLock);
 
diff --git a/src/test/modules/directory_table/.gitignore b/src/test/modules/directory_table/.gitignore
@@ -0,0 +1,2 @@
+# Generated subdirectories
+/tmp_check/
diff --git a/src/test/modules/directory_table/Makefile b/src/test/modules/directory_table/Makefile
@@ -0,0 +1,17 @@
+# src/test/modules/directory_table/Makefile
+
+MODULE = directory_table
+PGFILEDESC = "directory_table - Test DDL of manipulating directory table"
+
+TAP_TESTS = 1
+
+ifdef USE_PGXS
+PG_CONFIG = pg_config
+PGXS := $(shell $(PG_CONFIG) --pgxs)
+include $(PGXS)
+else
+subdir = src/test/modules/directory_table
+top_builddir = ../../../..
+include $(top_builddir)/src/Makefile.global
+include $(top_srcdir)/contrib/contrib-global.mk
+endif
diff --git a/src/test/modules/directory_table/README b/src/test/modules/directory_table/README
@@ -0,0 +1 @@
+Test DDL of manipulating directory table
diff --git a/src/test/modules/directory_table/t/01_drop_directory_table.pl b/src/test/modules/directory_table/t/01_drop_directory_table.pl
@@ -0,0 +1,141 @@
+
+#  Copyright (c) 2024, Cloudberry Database, HashData Technology Limited.
+
+# Test drop directory table.
+#
+# This test can only run with Unix-domain sockets.
+
+use strict;
+use warnings;
+use PostgresNode;
+use TestLib;
+use Test::More;
+if (!$use_unix_sockets)
+{
+	plan skip_all =>
+	  "drop directory table tests cannot run without Unix-domain sockets";
+}
+else
+{
+	plan tests => 10;
+}
+
+# Delete pg_hba.conf from the given node, add a new entry to it
+# and then execute a reload to refresh it.
+sub reset_pg_hba
+{
+	my $node       = shift;
+	my $hba_method = shift;
+
+	unlink($node->data_dir . '/pg_hba.conf');
+	$node->append_conf('pg_hba.conf', "local all all $hba_method");
+	$node->reload;
+	return;
+}
+
+# Initialize primary node. Force UTF-8 encoding, so that we can use non-ASCII
+# characters in the passwords below.
+my $node = get_new_node('primary');
+my ($ret, $stdout, $stderr);
+$node->init(extra => [ '--locale=C', '--encoding=UTF8' ]);
+$node->append_conf('postgresql.conf', "log_connections = on\n");
+$node->start;
+
+# Create test directory table.
+$node->safe_psql(
+    'postgres',
+    "CREATE DIRECTORY TABLE test_dir1;
+CREATE DIRECTORY TABLE test_dir2;
+");
+
+# Create test roles.
+$node->safe_psql(
+	'postgres',
+	"SET client_encoding='utf8';
+CREATE USER test_user1;
+CREATE USER test_user2 SUPERUSER;
+");
+
+# Test CREATE DIRECTORY TABLE
+($ret, $stdout, $stderr) =
+$node->role_psql(
+    'test_user1',
+    'postgres',
+    "CREATE DIRECTORY TABLE test_dir3;"
+);
+is($ret, 0, 'create directory table succeed');
+
+($ret, $stdout, $stderr) =
+$node->role_psql(
+    'test_user2',
+    'postgres',
+    "CREATE DIRECTORY TABLE test_dir4;"
+);
+is($ret, 0, 'create directory table succeed');
+
+# Test DROP DIRECTORY TABLE
+($ret, $stdout, $stderr) =
+$node->role_psql(
+    'test_user1',
+    'postgres',
+    "DROP DIRECTORY TABLE test_dir1;"
+);
+is($ret, 3, 'user has no privileges to drop directory table');
+like(
+    $stderr,
+    qr/must be owner of directory table test_dir1/,
+    'expected error from user can not drop directory table'
+);
+
+($ret, $stdout, $stderr) =
+$node->role_psql(
+    'test_user2',
+    'postgres',
+    "DROP DIRECTORY TABLE test_dir2;"
+);
+is($ret, 0, 'drop directory table succeed');
+
+($ret, $stdout, $stderr) =
+$node->role_psql(
+    'test_user1',
+    'postgres',
+    "DROP DIRECTORY TABLE test_dir3;"
+);
+is($ret, 0, 'drop directory table succeed');
+
+($ret, $stdout, $stderr) =
+$node->role_psql(
+    'test_user1',
+    'postgres',
+    "DROP DIRECTORY TABLE test_dir4;"
+);
+is($ret, 3, 'user has no privileges to drop directory table');
+like(
+    $stderr,
+    qr/must be owner of directory table test_dir4/,
+    'expected error from user can not drop directory table'
+);
+
+($ret, $stdout, $stderr) =
+$node->role_psql(
+    'test_user2',
+    'postgres',
+    "DROP DIRECTORY TABLE test_dir4;"
+);
+is($ret, 0, 'drop directory table succeed');
+
+($ret, $stdout, $stderr) =
+$node->role_psql(
+    'test_user2',
+    'postgres',
+    "DROP DIRECTORY TABLE test_dir1;"
+);
+is($ret, 0, 'drop directory table succeed');
+
+# cleanup
+reset_pg_hba($node, 'trust');
+$node->safe_psql(
+    'postgres',
+    "DROP USER test_user1;
+    DROP USER test_user2;
+");

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+# Generated subdirectories`
	`2`	`+/tmp_check/`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+Test DDL of manipulating directory table`