50{
51 TriggerData *trigdata = (TriggerData *) fcinfo->context;
52 char *colname;
53 HeapTuple rettuple_ok;
54 HeapTuple rettuple_fail;
55 TupleDesc tupdesc;
56 int SPIcode;
57 char query[1024];
58 const char *pk_id = NULL;
59 SPITupleTable *tuptable;
60 HeapTuple tuple;
61 char *lockcode;
62 char *authtable = "authorization_table";
63 const char *op;
64 char err_msg[256];
65
66
67
68 if ( ! CALLED_AS_TRIGGER(fcinfo) )
69 {
70 elog(ERROR,"check_authorization: not fired by trigger manager");
71 }
72
73 if ( ! TRIGGER_FIRED_BEFORE(trigdata->tg_event) )
74 {
75 elog(ERROR,"check_authorization: not fired *before* event");
76 }
77
78 if ( TRIGGER_FIRED_BY_UPDATE(trigdata->tg_event) )
79 {
80 rettuple_ok = trigdata->tg_newtuple;
81 rettuple_fail = NULL;
82 op = "UPDATE";
83 }
84 else if ( TRIGGER_FIRED_BY_DELETE(trigdata->tg_event) )
85 {
86 rettuple_ok = trigdata->tg_trigtuple;
87 rettuple_fail = NULL;
88 op = "DELETE";
89 }
90 else
91 {
92 elog(ERROR,"check_authorization: not fired by update or delete");
93 PG_RETURN_NULL();
94 }
95
96
97 tupdesc = trigdata->tg_relation->rd_att;
98
99
100 SPIcode = SPI_connect();
101
102 if (SPIcode != SPI_OK_CONNECT)
103 {
104 elog(ERROR,"check_authorization: could not connect to SPI");
105 PG_RETURN_NULL() ;
106 }
107
108 colname = trigdata->tg_trigger->tgargs[0];
109 pk_id = SPI_getvalue(trigdata->tg_trigtuple, tupdesc,
110 SPI_fnumber(tupdesc, colname));
111
112 POSTGIS_DEBUG(3, "check_authorization called");
113
114 snprintf(query, sizeof(query), "SELECT authid FROM \"%s\" WHERE expires >= now() AND toid = '%d' AND rid = '%s'", authtable, trigdata->tg_relation->rd_id, pk_id);
115
116 POSTGIS_DEBUGF(3 ,"about to execute :%s", query);
117
118 SPIcode = SPI_exec(query,0);
119 if (SPIcode !=SPI_OK_SELECT )
120 elog(ERROR,"couldnt execute to test for lock :%s",query);
121
122 if (!SPI_processed )
123 {
124 POSTGIS_DEBUGF(3, "there is NO lock on row '%s'", pk_id);
125
126 SPI_finish();
127 return PointerGetDatum(rettuple_ok);
128 }
129
130
131
132 tuptable = SPI_tuptable;
133 tupdesc = tuptable->tupdesc;
134 tuple = tuptable->vals[0];
135 lockcode = SPI_getvalue(tuple, tupdesc, 1);
136
137 POSTGIS_DEBUGF(3, "there is a lock on row '%s' (auth: '%s').", pk_id, lockcode);
138
139
140
141
142
143 snprintf(query, sizeof(query), "SELECT * FROM pg_class WHERE relname = 'temp_lock_have_table'");
144 SPIcode = SPI_exec(query,0);
145 if (SPIcode != SPI_OK_SELECT )
146 elog(ERROR,"couldnt execute to test for lockkey temp table :%s",query);
147 if (SPI_processed==0)
148 {
149 goto fail;
150 }
151
152 snprintf(query, sizeof(query), "SELECT * FROM temp_lock_have_table WHERE xideq( transid, getTransactionID() ) AND lockcode ='%s'", lockcode);
153
154 POSTGIS_DEBUGF(3, "about to execute :%s", query);
155
156 SPIcode = SPI_exec(query,0);
157 if (SPIcode != SPI_OK_SELECT )
158 elog(ERROR, "couldnt execute to test for lock acquire: %s", query);
159
160 if (SPI_processed >0)
161 {
162 POSTGIS_DEBUG(3, "I own the lock - I can modify the row");
163
164 SPI_finish();
165 return PointerGetDatum(rettuple_ok);
166 }
167
168fail:
169
170 snprintf(err_msg, sizeof(err_msg), "%s where \"%s\" = '%s' requires authorization '%s'",
171 op, colname, pk_id, lockcode);
172 err_msg[sizeof(err_msg)-1] = '\0';
173
174#ifdef ABORT_ON_AUTH_FAILURE
175 elog(ERROR, "%s", err_msg);
176#else
177 elog(NOTICE, "%s", err_msg);
178#endif
179
180 SPI_finish();
181 return PointerGetDatum(rettuple_fail);
182
183
184}
1.9.8