From 170ca82fa7b74cc9102582cdf48042131d5ae016 Mon Sep 17 00:00:00 2001 From: Erik Wienhold Date: Sun, 17 Sep 2023 20:54:48 +0200 Subject: [PATCH v2] Fix output of empty privileges in psql Print "(none)" for empty privileges instead of nothing so that the user is able to distinguish empty from default privileges. This affects the following meta commands: \db+ \dD+ \des+ \dew+ \df+ \dL+ \dl+ \dn+ \dp \dT+ \l Default privileges start as NULL::aclitem[] in various catalog columns but revoking the default privileges leaves an empty aclitem array. Using \pset null '(null)' as a workaround to spot default privileges does not work because the meta commands ignore this setting. The privileges shown by \dconfig+ and \ddp as well as the column privileges shown by \dp are not affected by this change because the respective aclitem[] is reset to NULL or deleted from the catalog instead of leaving empty arrays. Commands \des+ and \dew+ are not covered in src/test/regress because no foreign data wrapper is available at this point to create a foreign server. --- doc/src/sgml/ddl.sgml | 4 +- src/bin/psql/describe.c | 6 +- src/test/regress/expected/psql.out | 94 ++++++++++++++++++++++++++++++ src/test/regress/sql/psql.sql | 45 ++++++++++++++ 4 files changed, 147 insertions(+), 2 deletions(-) diff --git a/doc/src/sgml/ddl.sgml b/doc/src/sgml/ddl.sgml index 075ff32991..1c17c4a967 100644 --- a/doc/src/sgml/ddl.sgml +++ b/doc/src/sgml/ddl.sgml @@ -2353,7 +2353,9 @@ GRANT SELECT (col1), UPDATE (col1) ON mytable TO miriam_rw; If the Access privileges column is empty for a given object, it means the object has default privileges (that is, its - privileges entry in the relevant system catalog is null). Default + privileges entry in the relevant system catalog is null). The column shows + (none) for empty privileges (that is, no privileges at + all, even for the object owner — a rare occurrence). Default privileges always include all privileges for the owner, and can include some privileges for PUBLIC depending on the object type, as explained above. The first GRANT diff --git a/src/bin/psql/describe.c b/src/bin/psql/describe.c index bac94a338c..154d244d97 100644 --- a/src/bin/psql/describe.c +++ b/src/bin/psql/describe.c @@ -6718,7 +6718,11 @@ static void printACLColumn(PQExpBuffer buf, const char *colname) { appendPQExpBuffer(buf, - "pg_catalog.array_to_string(%s, E'\\n') AS \"%s\"", + "CASE pg_catalog.cardinality(%s)\n" + " WHEN 0 THEN '%s'\n" + " ELSE pg_catalog.array_to_string(%s, E'\\n')\n" + "END AS \"%s\"", + colname, gettext_noop("(none)"), colname, gettext_noop("Access privileges")); } diff --git a/src/test/regress/expected/psql.out b/src/test/regress/expected/psql.out index c70205b98a..08f854d0a8 100644 --- a/src/test/regress/expected/psql.out +++ b/src/test/regress/expected/psql.out @@ -6663,3 +6663,97 @@ DROP ROLE regress_du_role0; DROP ROLE regress_du_role1; DROP ROLE regress_du_role2; DROP ROLE regress_du_admin; +-- Test empty privileges. +BEGIN; +WARNING: there is already a transaction in progress +-- Create an owner for tested objects because output contains owner info. +-- Must be superuser to be owner of tablespace. +CREATE ROLE regress_zeropriv_owner SUPERUSER; +SET LOCAL ROLE regress_zeropriv_owner; +ALTER TABLESPACE regress_tblspace OWNER TO CURRENT_USER; +REVOKE ALL ON TABLESPACE regress_tblspace FROM CURRENT_USER; +\db+ regress_tblspace + List of tablespaces + Name | Owner | Location | Access privileges | Options | Size | Description +------------------+------------------------+-----------------+-------------------+---------+---------+------------- + regress_tblspace | regress_zeropriv_owner | pg_tblspc/16385 | (none) | | 0 bytes | +(1 row) + +CREATE DOMAIN regress_zeropriv_domain AS int; +REVOKE ALL ON DOMAIN regress_zeropriv_domain FROM CURRENT_USER, PUBLIC; +\dD+ regress_zeropriv_domain + List of domains + Schema | Name | Type | Collation | Nullable | Default | Check | Access privileges | Description +--------+-------------------------+---------+-----------+----------+---------+-------+-------------------+------------- + public | regress_zeropriv_domain | integer | | | | | (none) | +(1 row) + +CREATE PROCEDURE regress_zeropriv_proc() LANGUAGE sql AS ''; +REVOKE ALL ON PROCEDURE regress_zeropriv_proc() FROM CURRENT_USER, PUBLIC; +\df+ regress_zeropriv_proc + List of functions + Schema | Name | Result data type | Argument data types | Type | Volatility | Parallel | Owner | Security | Access privileges | Language | Internal name | Description +--------+-----------------------+------------------+---------------------+------+------------+----------+------------------------+----------+-------------------+----------+---------------+------------- + public | regress_zeropriv_proc | | | proc | volatile | unsafe | regress_zeropriv_owner | invoker | (none) | sql | | +(1 row) + +ALTER LANGUAGE plpgsql OWNER TO CURRENT_USER; +REVOKE ALL ON LANGUAGE plpgsql FROM CURRENT_USER, PUBLIC; +\dL+ plpgsql + List of languages + Name | Owner | Trusted | Internal language | Call handler | Validator | Inline handler | Access privileges | Description +---------+------------------------+---------+-------------------+------------------------+------------------------+----------------------------------+-------------------+------------------------------ + plpgsql | regress_zeropriv_owner | t | f | plpgsql_call_handler() | plpgsql_validator(oid) | plpgsql_inline_handler(internal) | (none) | PL/pgSQL procedural language +(1 row) + +SELECT lo_create(3001); + lo_create +----------- + 3001 +(1 row) + +REVOKE ALL ON LARGE OBJECT 3001 FROM CURRENT_USER; +\dl+ + Large objects + ID | Owner | Access privileges | Description +------+------------------------+-------------------+------------- + 3001 | regress_zeropriv_owner | (none) | +(1 row) + +CREATE SCHEMA regress_zeropriv_schema; +REVOKE ALL ON SCHEMA regress_zeropriv_schema FROM CURRENT_USER; +\dn+ regress_zeropriv_schema + List of schemas + Name | Owner | Access privileges | Description +-------------------------+------------------------+-------------------+------------- + regress_zeropriv_schema | regress_zeropriv_owner | (none) | +(1 row) + +CREATE TABLE regress_zeropriv_tbl (a int); +REVOKE ALL ON TABLE regress_zeropriv_tbl FROM CURRENT_USER; +\dp regress_zeropriv_tbl + Access privileges + Schema | Name | Type | Access privileges | Column privileges | Policies +--------+----------------------+-------+-------------------+-------------------+---------- + public | regress_zeropriv_tbl | table | (none) | | +(1 row) + +CREATE TYPE regress_zeropriv_type AS (a int); +REVOKE ALL ON TYPE regress_zeropriv_type FROM CURRENT_USER, PUBLIC; +\dT+ regress_zeropriv_type + List of data types + Schema | Name | Internal name | Size | Elements | Owner | Access privileges | Description +--------+-----------------------+-----------------------+-------+----------+------------------------+-------------------+------------- + public | regress_zeropriv_type | regress_zeropriv_type | tuple | | regress_zeropriv_owner | (none) | +(1 row) + +ALTER DATABASE :"DBNAME" OWNER TO CURRENT_USER; +REVOKE ALL ON DATABASE :"DBNAME" FROM CURRENT_USER, PUBLIC; +\l :"DBNAME" + List of databases + Name | Owner | Encoding | Locale Provider | Collate | Ctype | ICU Locale | ICU Rules | Access privileges +------------+------------------------+-----------+-----------------+---------+-------+------------+-----------+------------------- + regression | regress_zeropriv_owner | SQL_ASCII | libc | C | C | | | (none) +(1 row) + +ROLLBACK; diff --git a/src/test/regress/sql/psql.sql b/src/test/regress/sql/psql.sql index 66ff64a160..a8fcb898ba 100644 --- a/src/test/regress/sql/psql.sql +++ b/src/test/regress/sql/psql.sql @@ -1853,3 +1853,48 @@ DROP ROLE regress_du_role0; DROP ROLE regress_du_role1; DROP ROLE regress_du_role2; DROP ROLE regress_du_admin; + +-- Test empty privileges. +BEGIN; +-- Create an owner for tested objects because output contains owner info. +-- Must be superuser to be owner of tablespace. +CREATE ROLE regress_zeropriv_owner SUPERUSER; +SET LOCAL ROLE regress_zeropriv_owner; + +ALTER TABLESPACE regress_tblspace OWNER TO CURRENT_USER; +REVOKE ALL ON TABLESPACE regress_tblspace FROM CURRENT_USER; +\db+ regress_tblspace + +CREATE DOMAIN regress_zeropriv_domain AS int; +REVOKE ALL ON DOMAIN regress_zeropriv_domain FROM CURRENT_USER, PUBLIC; +\dD+ regress_zeropriv_domain + +CREATE PROCEDURE regress_zeropriv_proc() LANGUAGE sql AS ''; +REVOKE ALL ON PROCEDURE regress_zeropriv_proc() FROM CURRENT_USER, PUBLIC; +\df+ regress_zeropriv_proc + +ALTER LANGUAGE plpgsql OWNER TO CURRENT_USER; +REVOKE ALL ON LANGUAGE plpgsql FROM CURRENT_USER, PUBLIC; +\dL+ plpgsql + +SELECT lo_create(3001); +REVOKE ALL ON LARGE OBJECT 3001 FROM CURRENT_USER; +\dl+ + +CREATE SCHEMA regress_zeropriv_schema; +REVOKE ALL ON SCHEMA regress_zeropriv_schema FROM CURRENT_USER; +\dn+ regress_zeropriv_schema + +CREATE TABLE regress_zeropriv_tbl (a int); +REVOKE ALL ON TABLE regress_zeropriv_tbl FROM CURRENT_USER; +\dp regress_zeropriv_tbl + +CREATE TYPE regress_zeropriv_type AS (a int); +REVOKE ALL ON TYPE regress_zeropriv_type FROM CURRENT_USER, PUBLIC; +\dT+ regress_zeropriv_type + +ALTER DATABASE :"DBNAME" OWNER TO CURRENT_USER; +REVOKE ALL ON DATABASE :"DBNAME" FROM CURRENT_USER, PUBLIC; +\l :"DBNAME" + +ROLLBACK; -- 2.42.0