/ Check-in [fc293bcb34]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Invoke the authorizer for ALTER TABLE RENAME COLUMN.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | alter-table-rename-column
Files: files | file ages | folders
SHA3-256: fc293bcb3402f049fb9e22aacfb4fdcd13f8609edf29c97d6cb95ce351363873
User & Date: drh 2018-08-25 16:14:46
Context
2018-08-25
16:22
Fix a minor issue in the altercol.test script so that it runs on Windows. check-in: 62089c6daf user: drh tags: alter-table-rename-column
16:14
Invoke the authorizer for ALTER TABLE RENAME COLUMN. check-in: fc293bcb34 user: drh tags: alter-table-rename-column
03:29
Remove an unnecessary IN_RENAME_COLUMN macro from resolve.c. check-in: 5858c0bde7 user: drh tags: alter-table-rename-column
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/alter.c.

851
852
853
854
855
856
857







858
859
860
861
862
863
864
  if( SQLITE_OK!=isSystemTable(pParse, pTab->zName) ) goto exit_rename_column;
  if( SQLITE_OK!=isRealTable(pParse, pTab) ) goto exit_rename_column;

  /* Which schema holds the table to be altered */  
  iSchema = sqlite3SchemaToIndex(db, pTab->pSchema);
  assert( iSchema>=0 );
  zDb = db->aDb[iSchema].zDbSName;








  /* Make sure the old name really is a column name in the table to be
  ** altered.  Set iCol to be the index of the column being renamed */
  zOld = sqlite3NameFromToken(db, pOld);
  if( !zOld ) goto exit_rename_column;
  for(iCol=0; iCol<pTab->nCol; iCol++){
    if( 0==sqlite3StrICmp(pTab->aCol[iCol].zName, zOld) ) break;







>
>
>
>
>
>
>







851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
  if( SQLITE_OK!=isSystemTable(pParse, pTab->zName) ) goto exit_rename_column;
  if( SQLITE_OK!=isRealTable(pParse, pTab) ) goto exit_rename_column;

  /* Which schema holds the table to be altered */  
  iSchema = sqlite3SchemaToIndex(db, pTab->pSchema);
  assert( iSchema>=0 );
  zDb = db->aDb[iSchema].zDbSName;

#ifndef SQLITE_OMIT_AUTHORIZATION
  /* Invoke the authorization callback. */
  if( sqlite3AuthCheck(pParse, SQLITE_ALTER_TABLE, zDb, pTab->zName, 0) ){
    goto exit_rename_column;
  }
#endif

  /* Make sure the old name really is a column name in the table to be
  ** altered.  Set iCol to be the index of the column being renamed */
  zOld = sqlite3NameFromToken(db, pOld);
  if( !zOld ) goto exit_rename_column;
  for(iCol=0; iCol<pTab->nCol; iCol++){
    if( 0==sqlite3StrICmp(pTab->aCol[iCol].zName, zOld) ) break;

Changes to test/auth.test.

2128
2129
2130
2131
2132
2133
2134





































































2135
2136
2137
2138
2139
2140
2141
  } {0 {1 2 3 4 5 6}}
  do_catchsql_test auth-1.314 {
    WITH RECURSIVE
       auth1314(x) AS (VALUES(1) UNION ALL SELECT x+1 FROM auth1314 WHERE x<5)
    SELECT * FROM t1 LEFT JOIN auth1314;
  } {1 {not authorized}}
} ;# ifcapable cte






































































do_test auth-2.1 {
  proc auth {code arg1 arg2 arg3 arg4 args} {
    if {$code=="SQLITE_READ" && $arg1=="t3" && $arg2=="x"} {
      return SQLITE_DENY
    }
    return SQLITE_OK







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
  } {0 {1 2 3 4 5 6}}
  do_catchsql_test auth-1.314 {
    WITH RECURSIVE
       auth1314(x) AS (VALUES(1) UNION ALL SELECT x+1 FROM auth1314 WHERE x<5)
    SELECT * FROM t1 LEFT JOIN auth1314;
  } {1 {not authorized}}
} ;# ifcapable cte

#
# db eval {SELECT sql FROM temp.sqlite_master} {puts "TEMP: $sql;"}
# db eval {SELECT sql FROM main.sqlite_master} {puts "MAIN: $sql;"}
#
#    MAIN: CREATE TABLE "t2"(a,b,c);
#    MAIN: CREATE TABLE t4(a,b,c);
#    MAIN: CREATE INDEX t4i1 ON t4(a);
#    MAIN: CREATE INDEX t4i2 ON t4(b,a,c);
#    MAIN: CREATE TABLE sqlite_stat1(tbl,idx,stat);
#    MAIN: CREATE TABLE t1(a,b);
#
ifcapable altertable {
  do_test 1.350 {
    proc auth {code arg1 arg2 arg3 arg4 args} {
      if {$code=="SQLITE_ALTER_TABLE"} {
        set ::authargs [list $arg1 $arg2 $arg3 $arg4]
        return SQLITE_OK
      }
      return SQLITE_OK
    }
    catchsql {
      ALTER TABLE t1 RENAME COLUMN b TO bcdefg;
    }
  } {0 {}}
  do_execsql_test auth-1.351 {
    SELECT name FROM pragma_table_info('t1') ORDER BY cid;
  } {a bcdefg}
  do_test auth-1.352 {
    set authargs
  } {main t1 {} {}}
  do_test 1.353 {
    proc auth {code arg1 arg2 arg3 arg4 args} {
      if {$code=="SQLITE_ALTER_TABLE"} {
        set ::authargs [list $arg1 $arg2 $arg3 $arg4]
        return SQLITE_IGNORE
      }
      return SQLITE_OK
    }
    catchsql {
      ALTER TABLE t1 RENAME COLUMN bcdefg TO b;
    }
  } {0 {}}
  do_execsql_test auth-1.354 {
    SELECT name FROM pragma_table_info('t1') ORDER BY cid;
  } {a bcdefg}
  do_test auth-1.355 {
    set authargs
  } {main t1 {} {}}
  do_test 1.356 {
    proc auth {code arg1 arg2 arg3 arg4 args} {
      if {$code=="SQLITE_ALTER_TABLE"} {
        set ::authargs [list $arg1 $arg2 $arg3 $arg4]
        return SQLITE_DENY
      }
      return SQLITE_OK
    }
    catchsql {
      ALTER TABLE t1 RENAME COLUMN bcdefg TO b;
    }
  } {1 {not authorized}}
  do_execsql_test auth-1.356 {
    SELECT name FROM pragma_table_info('t1') ORDER BY cid;
  } {a bcdefg}
  do_test auth-1.357 {
    set authargs
  } {main t1 {} {}}
}


do_test auth-2.1 {
  proc auth {code arg1 arg2 arg3 arg4 args} {
    if {$code=="SQLITE_READ" && $arg1=="t3" && $arg2=="x"} {
      return SQLITE_DENY
    }
    return SQLITE_OK