Re: [PATCH] remove is_member_of_role() from header, add can_set_role()

On 10/27/21, 10:22 AM, "Joshua Brindle" <joshua.brindle@crunchydata.com> wrote:
> On Wed, Oct 27, 2021 at 1:12 PM Mark Dilger
> <mark.dilger@enterprisedb.com> wrote:
>> I don't understand the purpose of this.  You are defining can_set_role(member,role) as a simple wrapper around
is_member_of_role(member,role). Couldn't the comment:
 
>>
>> + *
>> + * Do not use this for privilege checking, instead use has_privs_of_role()
>>
>> be added to the header for is_member_of_role() without needing the new wrapper function?
>
> It could be, but the intent is to dissuade it from being used, so
> getting rid of it and making an explicit version that has a sole use
> seemed useful.
>
> It's possible that it's being used inappropriately out-of-tree so this
> would also prevent that.

I think a comment about the intended usage is sufficient.  However,
renaming the function or replacing it with a wrapper might break
extensions and encourage the authors to reevaluate.  That could be a
good thing.

Nathan