Skip to content

Commit 442f870

Browse files
peterepetere
committed
Integrate superuser check into has_rolreplication()
This makes it consistent with similar functions like has_createrole_privilege() and allows removing some explicit superuser checks. Author: Nathan Bossart <nathandbossart@gmail.com> Discussion: https://www.postgresql.org/message-id/20230310000313.GA3992372%40nathanxps13
1 parent 3b7cd8c commit 442f870

File tree

3 files changed

+6
-2
lines changed

3 files changed

+6
-2
lines changed

src/backend/replication/slot.c

+1-1
Original file line numberDiff line numberDiff line change
@@ -1140,7 +1140,7 @@ CheckSlotRequirements(void)
11401140
void
11411141
CheckSlotPermissions(void)
11421142
{
1143-
if (!superuser() && !has_rolreplication(GetUserId()))
1143+
if (!has_rolreplication(GetUserId()))
11441144
ereport(ERROR,
11451145
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
11461146
errmsg("must be superuser or replication role to use replication slots")));

src/backend/utils/init/miscinit.c

+4
Original file line numberDiff line numberDiff line change
@@ -709,6 +709,10 @@ has_rolreplication(Oid roleid)
709709
bool result = false;
710710
HeapTuple utup;
711711

712+
/* Superusers bypass all permission checking. */
713+
if (superuser_arg(roleid))
714+
return true;
715+
712716
utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
713717
if (HeapTupleIsValid(utup))
714718
{

src/backend/utils/init/postinit.c

+1-1
Original file line numberDiff line numberDiff line change
@@ -962,7 +962,7 @@ InitPostgres(const char *in_dbname, Oid dboid,
962962
{
963963
Assert(!bootstrap);
964964

965-
if (!superuser() && !has_rolreplication(GetUserId()))
965+
if (!has_rolreplication(GetUserId()))
966966
ereport(FATAL,
967967
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
968968
errmsg("must be superuser or replication role to start walsender")));

0 commit comments

Comments
 (0)