Add has_large_object_privilege function
| От | Yugo NAGATA |
|---|---|
| Тема | Add has_large_object_privilege function |
| Дата | |
| Msg-id | 20240702163444.ab586f6075e502eb84f11b1a@sranhm.sraoss.co.jp обсуждение исходный текст |
| Ответы |
Re: Add has_large_object_privilege function
|
| Список | pgsql-hackers |
Hi, Currently, there are many has_*_privilege functions for table, column, function, type, role, database, schema, language, server, foreign data wrapper, parameter, and so on. However, large object is not supported yet. I can find a way to check the privilege on a large object in the regression test, in which whether a function call such as lo_open(lowrite(..)) raises an error or not is checked. However, I think it is not good that we need to try to write to a large object to check we can write it, and also the transaction will be aborted due to a permission error when the user doesn't have the privilege. So, I would like to propose to add has_large_object_function for checking if a user has the privilege on a large object. I attached two files of patches. 0001 makes a bit refactoring on large object codes. To check if a large object exists, myLargeObjectExists() function has to be used rather than public LargeObjectExists(), because we need to use different snapshots between read and write cases to make the behavior compatible to lo_open. However, myLargeObjectExists() was static function, so I made it public and renamed it to LargeObjectExistsWIthSnapshot(). Also, since these two functions are almost same except to whether snapshot can be specified, I rewrote LargeObjectExists to call LargeObjectExistsWIthSnapshot internally. I am not sure why these duplicated codes have been left for long time, and there might be some reasons. However, otherwise, I think this deduplication also could reduce possible maintenance cost in future. 0002 adds has_large_object_privilege function.There are three variations whose arguments are combinations of large object OID with user name, user OID, or implicit user (current_user). It returns NULL if not-existing large object id is specified, and false if non-existing user id is specified, and raises an error if non-existing user name is specified. These behavior is similar with has_table_privilege. The regression test is also included. Regards, Yugo Nagata -- Yugo NAGATA <nagata@sraoss.co.jp>
Вложения
В списке pgsql-hackers по дате отправления: