Skip site navigation (1) Skip section navigation (2)

Re: Bug / shortcoming in has_*_privilege

From: KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
To: Alvaro Herrera <alvherre(at)commandprompt(dot)com>
Cc: Jim Nasby <jim(at)nasby(dot)net>, PGSQL Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Bug / shortcoming in has_*_privilege
Date: 2010-10-05 04:06:05
Message-ID: 4CAAA42D.3070502@ak.jp.nec.com (view raw or flat)
Thread:
Lists: pgsql-hackers
(2010/09/07 6:16), Alvaro Herrera wrote:
> Excerpts from Jim Nasby's message of jue jun 10 17:54:43 -0400 2010:
>> test_us(at)workbook=# select has_table_privilege( 'public', 'test', 'SELECT' );
>> ERROR:  role "public" does not exist
> 
> Here's a patch implementing this idea.
> 
I checked this patch.

It seems to me it replaces whole of get_role_oid() in has_*_privilege
functions by the new get_role_oid_or_public(), so this patch allows
to accept the pseudo "public" user in consistent way.

The pg_has_role_*() functions are exception. It will raise an error
with error message of "role "public" does not exist".
Is it an expected bahavior, isn't it?

> I'm not too sure about the wording in the doc changes.  If somebody
> wants to propose something better, I'm all ears.  To facilitate
> bikeshedding, here's a relevant extract:
> 
> 	has_table_privilege checks whether a user can access a table in
> 	a particular way. The user can be specified by name; as public,
> 	to indicate the PUBLIC pseudo-role; by OID (pg_authid.oid), or,
> 	if the argument is omitted, current_user is assumed.
> 
> (the first appearance of public is<literal>public</>.  I had first made
> it<quote>  but that didn't feel right.)
> 
It seems to me fair enough, but I'm not a native in English.

> Another thing that could raise eyebrows is that I chose to remove the
> "missing_ok" argument from get_role_oid_or_public, so it's not a perfect
> mirror of it.  None of the current callers need it, but perhaps people
> would like these functions to be consistent.
> 
Tom Lane suggested to add missing_ok argument, although it is not a must-
requirement.

Thanks,
-- 
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>

In response to

Responses

pgsql-hackers by date

Next:From: Fujii MasaoDate: 2010-10-05 04:09:56
Subject: Re: streaming replication question
Previous:From: Robert HaasDate: 2010-10-05 03:51:12
Subject: Re: Insertion of geometric type column with column[0], column[1] and etc.

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group