enable regression tests again, use GetUserId() instead of GetAuthenticatedUserId(), improve error message emitted by check_security_policy_internal()

funbringer · funbringer · commit a92624df10b2 · 2016-10-07T19:55:54.000+03:00
diff --git a/Makefile b/Makefile
@@ -12,13 +12,12 @@ EXTVERSION = 1.0
 DATA_built = $(EXTENSION)--$(EXTVERSION).sql
 PGFILEDESC = "pg_pathman - partitioning tool"
 
-# REGRESS = pathman_basic \
-# 		  pathman_runtime_nodes \
-# 		  pathman_callbacks \
-# 		  pathman_domains \
-# 		  pathman_foreign_keys \
-# 		  pathman_permissions
-REGRESS = pathman_permissions
+REGRESS = pathman_basic \
+		  pathman_runtime_nodes \
+		  pathman_callbacks \
+		  pathman_domains \
+		  pathman_foreign_keys \
+		  pathman_permissions
 EXTRA_REGRESS_OPTS=--temp-config=$(top_srcdir)/$(subdir)/conf.add
 EXTRA_CLEAN = $(EXTENSION)--$(EXTVERSION).sql ./isolation_output
 
diff --git a/expected/pathman_permissions.out b/expected/pathman_permissions.out
@@ -22,9 +22,9 @@ NOTICE:  sequence "user1_table_seq" does not exist, skipping
 SET ROLE user2;
 /* Try to change partitioning parameters for user1_table */
 SELECT set_enable_parent('user1_table', true);
-ERROR:  Only table owner or superuser can change partitioning configuration
+ERROR:  only the owner or superuser can change partitioning configuration of table "user1_table"
 SELECT set_auto('user1_table', false);
-ERROR:  Only table owner or superuser can change partitioning configuration
+ERROR:  only the owner or superuser can change partitioning configuration of table "user1_table"
 /*
  * Check that user is able to propagate partitions by inserting rows that
  * doesn't fit into range
diff --git a/src/pathman_workers.c b/src/pathman_workers.c
@@ -632,7 +632,7 @@ partition_table_concurrently(PG_FUNCTION_ARGS)
 	{
 		/* Initialize concurrent part slot */
 		InitConcurrentPartSlot(&concurrent_part_slots[empty_slot_idx],
-							   GetAuthenticatedUserId(), CPS_WORKING,
+							   GetUserId(), CPS_WORKING,
 							   MyDatabaseId, relid, 1000, 1.0);
 
 		/* Now we can safely unlock slot for new BGWorker */
diff --git a/src/pl_funcs.c b/src/pl_funcs.c
@@ -848,19 +848,14 @@ invoke_on_partition_created_callback(PG_FUNCTION_ARGS)
 }
 
 /*
- * Check if user can alter/drop specified relation. This function is used to
- * make sure that current user can change pg_pathman's config. Returns true
- * if user can manage relation, false otherwise.
- *
- * XXX currently we just check if user is a table owner. Probably it's better to
- * check user permissions in order to let other users.
+ * Function to be used for RLS rules on PATHMAN_CONFIG and
+ * PATHMAN_CONFIG_PARAMS tables.
+ * NOTE: check_security_policy_internal() is used under the hood.
  */
 Datum
 check_security_policy(PG_FUNCTION_ARGS)
 {
-	Oid 		relid = PG_GETARG_OID(0);
-
-	PG_RETURN_BOOL(check_security_policy_internal(relid));
+	PG_RETURN_BOOL(check_security_policy_internal(PG_GETARG_OID(0)));
 }
 
 
diff --git a/src/utils.c b/src/utils.c
@@ -749,31 +749,31 @@ validate_on_part_init_cb(Oid procid, bool emit_error)
  * make sure that current user can change pg_pathman's config. Returns true
  * if user can manage relation, false otherwise.
  *
- * XXX currently we just check if user is a table owner. Probably it's better to
- * check user permissions in order to let other users.
+ * XXX currently we just check if user is a table owner. Probably it's
+ * better to check user permissions in order to let other users participate.
  */
 bool
 check_security_policy_internal(Oid relid)
 {
-	Oid 		owner;
+	Oid		owner;
 
-	/*
-	 * If user has superuser privileges then he or she can do whatever wants
-	 */
+	/* Superuser is allowed to do anything */
 	if (superuser())
 		return true;
 
 	/*
-	 * Sometimes the relation doesn't exist anymore but there is still a record
-	 * in config. It for example happens in event trigger function. So we
-	 * should be able to remove this record
+	 * Sometimes the relation doesn't exist anymore but there is still
+	 * a record in config. For instance, it happens in DDL event trigger.
+	 * Still we should be able to remove this record.
 	 */
 	if ((owner = get_rel_owner(relid)) == InvalidOid)
 		return true;
 
-	/* Check if current user is an owner of the relation */
+	/* Check if current user is the owner of the relation */
 	if (owner != GetUserId())
-		elog(ERROR, "Only table owner or superuser can change partitioning configuration");
+		elog(ERROR, "only the owner or superuser can change "
+					"partitioning configuration of table \"%s\"",
+			 get_rel_name_or_relid(relid));
 
 	return true;
 }

Original file line number	Diff line number	Diff line change
`@@ -632,7 +632,7 @@ partition_table_concurrently(PG_FUNCTION_ARGS)`
`632`	`632`	`{`
`633`	`633`	`/* Initialize concurrent part slot */`
`634`	`634`	`InitConcurrentPartSlot(&concurrent_part_slots[empty_slot_idx],`
`635`		`- GetAuthenticatedUserId(), CPS_WORKING,`
	`635`	`+ GetUserId(), CPS_WORKING,`
`636`	`636`	`MyDatabaseId, relid, 1000, 1.0);`
`637`	`637`
`638`	`638`	`/* Now we can safely unlock slot for new BGWorker */`