hi.
+ if (!OidIsValid(varid))
+ AcceptInvalidationMessages();
+ else if (OidIsValid(varid))
+ LockDatabaseObject(VariableRelationId, varid, 0, AccessShareLock);
we can change it to
+ if (!OidIsValid(varid))
+ AcceptInvalidationMessages();
+ else
+ LockDatabaseObject(VariableRelationId, varid, 0, AccessShareLock);
inval_count didn't explain at all, other places did actually explain it.
Can we add some text explaining inval_count? (i didn't fully understand
this part, that is why i am asking..)
seems IdentifyVariable all these three ereport(ERROR...) don't have
regress tests,
i think we should have it. Am I missing something?
create variable v2 as int;
let v2.a = 1;
ERROR: type "integer" of target session variable "public.v2" is not a
composite type
LINE 1: let v2.a = 1;
^
the error messages look weird.
IMO, it should either be
"type of session variable "public.v2" is not a composite type"
or
"session variable "public.v2" don't have attribute "a"
also, the above can be as a regress test for:
+ if (attrname && !is_rowtype)
+ ereport(ERROR,
+ (errcode(ERRCODE_WRONG_OBJECT_TYPE),
+ errmsg("type \"%s\" of target session variable \"%s.%s\" is not a
composite type",
+ format_type_be(typid),
+ get_namespace_name(get_session_variable_namespace(varid)),
+ get_session_variable_name(varid)),
+ parser_errposition(pstate, stmt->location)));
since we don't have coverage tests for it.
+ if (coerced_expr == NULL)
+ ereport(ERROR,
+ (errcode(ERRCODE_DATATYPE_MISMATCH),
+ errmsg("variable \"%s.%s\" is of type %s,"
+ " but expression is of type %s",
+ get_namespace_name(get_session_variable_namespace(varid)),
+ get_session_variable_name(varid),
+ format_type_be(typid),
+ format_type_be(exprtypid)),
+ errhint("You will need to rewrite or cast the expression."),
+ parser_errposition(pstate, exprLocation((Node *) expr))));
generally, errmsg(...) should put it into one line for better grep-ability
so we can change it to:
+errmsg("variable \"%s.%s\" is of type %s, but expression is of type %s"...)
also no coverage tests?
simple test case for it:
create variable v2 as int;
let v2 = '1'::jsonb;
---------------<<<>>>--------------
+let_target:
+ ColId opt_indirection
+ {
+ $$ = list_make1(makeString($1));
+ if ($2)
+ $$ = list_concat($$,
+ check_indirection($2, yyscanner));
+ }
if you look closely, it seems the indentation level is wrong in
line "$$ = list_concat($$,"?
---------------<<<>>>--------------
i did some refactoring in session_variables.sql for privilege check.
make the tests more neat, please check attached.
diff --git a/src/test/regress/expected/session_variables.out b/src/test/regress/expected/session_variables.out
index 9f75128c42..4873ac5438 100644
--- a/src/test/regress/expected/session_variables.out
+++ b/src/test/regress/expected/session_variables.out
@@ -115,85 +115,126 @@ ALTER DEFAULT PRIVILEGES
SET ROLE TO regress_variable_owner;
CREATE VARIABLE svartest.var1 AS int;
SET ROLE TO DEFAULT;
-\dV+ svartest.var1
- List of variables
- Schema | Name | Type | Collation | Owner | Access privileges | Description
-----------+------+---------+-----------+------------------------+--------------------------------------------------+-------------
- svartest | var1 | integer | | regress_variable_owner | regress_variable_owner=rw/regress_variable_owner+|
- | | | | | regress_variable_reader=r/regress_variable_owner |
+--should be ok. since ALTER DEFAULT PRIVILEGES
+--allow regress_variable_reader to have SELECT priviledge
+SELECT has_session_variable_privilege('regress_variable_reader', 'svartest.var1', 'SELECT'); -- t
+ has_session_variable_privilege
+--------------------------------
+ t
(1 row)
DROP VARIABLE svartest.var1;
DROP SCHEMA svartest;
DROP ROLE regress_variable_reader;
--- check WITH GRANT OPTION
+-----begin of check GRANT WITH GRANT OPTION and REVOKE GRANTED BY
CREATE ROLE regress_variable_r1;
CREATE ROLE regress_variable_r2;
SET ROLE TO regress_variable_owner;
-CREATE VARIABLE var1 AS int;
+CREATE VARIABLE var1 AS int; --var1 will owned by regress_variable_owner
GRANT SELECT ON VARIABLE var1 TO regress_variable_r1 WITH GRANT OPTION;
SET ROLE TO regress_variable_r1;
GRANT SELECT ON VARIABLE var1 TO regress_variable_r2 WITH GRANT OPTION;
SET ROLE TO DEFAULT;
-SELECT varacl FROM pg_variable WHERE varname = 'var1';
- varacl
----------------------------------------------------------------------------------------------------------------------------------------------
- {regress_variable_owner=rw/regress_variable_owner,regress_variable_r1=r*/regress_variable_owner,regress_variable_r2=r*/regress_variable_r1}
+SELECT has_session_variable_privilege('regress_variable_r1', 'public.var1', 'SELECT'); -- t
+ has_session_variable_privilege
+--------------------------------
+ t
+(1 row)
+
+SELECT has_session_variable_privilege('regress_variable_r2', 'public.var1', 'SELECT'); -- t
+ has_session_variable_privilege
+--------------------------------
+ t
(1 row)
REVOKE ALL PRIVILEGES ON VARIABLE var1 FROM regress_variable_r1 CASCADE;
-SELECT varacl FROM pg_variable WHERE varname = 'var1';
- varacl
-----------------------------------------------------
- {regress_variable_owner=rw/regress_variable_owner}
+SELECT has_session_variable_privilege('regress_variable_r1', 'public.var1', 'SELECT'); -- f
+ has_session_variable_privilege
+--------------------------------
+ f
+(1 row)
+
+SELECT has_session_variable_privilege('regress_variable_r2', 'public.var1', 'SELECT'); -- f
+ has_session_variable_privilege
+--------------------------------
+ f
(1 row)
-SET ROLE TO regress_variable_owner;
-GRANT SELECT ON VARIABLE var1 TO regress_variable_r1 WITH GRANT OPTION;
-SET ROLE TO regress_variable_r1;
-GRANT SELECT ON VARIABLE var1 TO regress_variable_r2 WITH GRANT OPTION;
SET ROLE TO regress_variable_owner;
GRANT SELECT ON VARIABLE var1 TO regress_variable_r2;
-SELECT varacl FROM pg_variable WHERE varname = 'var1';
- varacl
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
- {regress_variable_owner=rw/regress_variable_owner,regress_variable_r1=r*/regress_variable_owner,regress_variable_r2=r*/regress_variable_r1,regress_variable_r2=r/regress_variable_owner}
+SELECT has_session_variable_privilege('regress_variable_r1', 'public.var1', 'SELECT'); -- f
+ has_session_variable_privilege
+--------------------------------
+ f
+(1 row)
+
+SELECT has_session_variable_privilege('regress_variable_r2', 'public.var1', 'SELECT'); -- t
+ has_session_variable_privilege
+--------------------------------
+ t
(1 row)
REVOKE ALL ON VARIABLE var1 FROM regress_variable_r2 GRANTED BY regress_variable_owner;
-SELECT varacl FROM pg_variable WHERE varname = 'var1';
- varacl
----------------------------------------------------------------------------------------------------------------------------------------------
- {regress_variable_owner=rw/regress_variable_owner,regress_variable_r1=r*/regress_variable_owner,regress_variable_r2=r*/regress_variable_r1}
+SELECT has_session_variable_privilege('regress_variable_r1', 'public.var1', 'SELECT'); -- f
+ has_session_variable_privilege
+--------------------------------
+ f
+(1 row)
+
+SELECT has_session_variable_privilege('regress_variable_r2', 'public.var1', 'SELECT'); -- f
+ has_session_variable_privilege
+--------------------------------
+ f
+(1 row)
+
+SELECT has_session_variable_privilege('regress_variable_owner', 'public.var1', 'SELECT'); -- t
+ has_session_variable_privilege
+--------------------------------
+ t
(1 row)
SET ROLE TO DEFAULT;
DROP VARIABLE var1;
+-----end of check GRANT WITH GRANT OPTION and REVOKE GRANTED BY
+-------begin of test: GRANT|REVOKE SELECT|UPDATE ON ALL VARIABLES IN SCHEMA
CREATE SCHEMA svartest;
GRANT ALL ON SCHEMA svartest TO regress_variable_owner;
SET ROLE TO regress_variable_owner;
CREATE VARIABLE svartest.var1 AS int;
CREATE VARIABLE svartest.var2 AS int;
GRANT SELECT ON ALL VARIABLES IN SCHEMA svartest TO regress_variable_r1;
-SELECT varacl FROM pg_variable WHERE varname IN ('var1', 'var2');
- varacl
--------------------------------------------------------------------------------------------------
- {regress_variable_owner=rw/regress_variable_owner,regress_variable_r1=r/regress_variable_owner}
- {regress_variable_owner=rw/regress_variable_owner,regress_variable_r1=r/regress_variable_owner}
-(2 rows)
+SELECT has_session_variable_privilege('regress_variable_r1', 'svartest.var1', 'SELECT'); -- t
+ has_session_variable_privilege
+--------------------------------
+ t
+(1 row)
+
+SELECT has_session_variable_privilege('regress_variable_r1', 'svartest.var2', 'SELECT'); -- t
+ has_session_variable_privilege
+--------------------------------
+ t
+(1 row)
REVOKE SELECT ON ALL VARIABLES IN SCHEMA svartest FROM regress_variable_r1;
-SELECT varacl FROM pg_variable WHERE varname IN ('var1', 'var2');
- varacl
-----------------------------------------------------
- {regress_variable_owner=rw/regress_variable_owner}
- {regress_variable_owner=rw/regress_variable_owner}
-(2 rows)
+SELECT has_session_variable_privilege('regress_variable_r1', 'svartest.var1', 'SELECT'); -- f
+ has_session_variable_privilege
+--------------------------------
+ f
+(1 row)
+
+SELECT has_session_variable_privilege('regress_variable_r1', 'svartest.var2', 'SELECT'); -- f
+ has_session_variable_privilege
+--------------------------------
+ f
+(1 row)
SET ROLE TO DEFAULT;
DROP VARIABLE svartest.var1;
DROP VARIABLE svartest.var2;
DROP SCHEMA svartest;
+-------end of test: GRANT|REVOKE SELECT|UPDATE ON ALL VARIABLES IN SCHEMA
+---function has_session_variable_privilege have various kind of signature.
+---the following are extensive test for it.
SET ROLE TO regress_variable_owner;
CREATE VARIABLE public.var1 AS int;
SET search_path TO public;
@@ -353,6 +394,7 @@ DROP VARIABLE public.var1;
DROP ROLE regress_variable_r1;
DROP ROLE regress_variable_r2;
DROP ROLE regress_variable_owner;
+---end of function has_session_variable_privilege tests.
-- check access rights
CREATE ROLE regress_noowner;
CREATE VARIABLE var1 AS int;
diff --git a/src/test/regress/sql/session_variables.sql b/src/test/regress/sql/session_variables.sql
index 24e897a8c4..3680ec29dd 100644
--- a/src/test/regress/sql/session_variables.sql
+++ b/src/test/regress/sql/session_variables.sql
@@ -137,54 +137,55 @@ SET ROLE TO regress_variable_owner;
CREATE VARIABLE svartest.var1 AS int;
SET ROLE TO DEFAULT;
-\dV+ svartest.var1
+--should be ok. since ALTER DEFAULT PRIVILEGES
+--allow regress_variable_reader to have SELECT priviledge
+SELECT has_session_variable_privilege('regress_variable_reader', 'svartest.var1', 'SELECT'); -- t
DROP VARIABLE svartest.var1;
-
DROP SCHEMA svartest;
DROP ROLE regress_variable_reader;
--- check WITH GRANT OPTION
+
+-----begin of check GRANT WITH GRANT OPTION and REVOKE GRANTED BY
CREATE ROLE regress_variable_r1;
CREATE ROLE regress_variable_r2;
SET ROLE TO regress_variable_owner;
-CREATE VARIABLE var1 AS int;
+CREATE VARIABLE var1 AS int; --var1 will owned by regress_variable_owner
GRANT SELECT ON VARIABLE var1 TO regress_variable_r1 WITH GRANT OPTION;
SET ROLE TO regress_variable_r1;
GRANT SELECT ON VARIABLE var1 TO regress_variable_r2 WITH GRANT OPTION;
SET ROLE TO DEFAULT;
-SELECT varacl FROM pg_variable WHERE varname = 'var1';
+SELECT has_session_variable_privilege('regress_variable_r1', 'public.var1', 'SELECT'); -- t
+SELECT has_session_variable_privilege('regress_variable_r2', 'public.var1', 'SELECT'); -- t
REVOKE ALL PRIVILEGES ON VARIABLE var1 FROM regress_variable_r1 CASCADE;
-SELECT varacl FROM pg_variable WHERE varname = 'var1';
-
-SET ROLE TO regress_variable_owner;
-
-GRANT SELECT ON VARIABLE var1 TO regress_variable_r1 WITH GRANT OPTION;
-SET ROLE TO regress_variable_r1;
-GRANT SELECT ON VARIABLE var1 TO regress_variable_r2 WITH GRANT OPTION;
+SELECT has_session_variable_privilege('regress_variable_r1', 'public.var1', 'SELECT'); -- f
+SELECT has_session_variable_privilege('regress_variable_r2', 'public.var1', 'SELECT'); -- f
SET ROLE TO regress_variable_owner;
GRANT SELECT ON VARIABLE var1 TO regress_variable_r2;
-SELECT varacl FROM pg_variable WHERE varname = 'var1';
+SELECT has_session_variable_privilege('regress_variable_r1', 'public.var1', 'SELECT'); -- f
+SELECT has_session_variable_privilege('regress_variable_r2', 'public.var1', 'SELECT'); -- t
REVOKE ALL ON VARIABLE var1 FROM regress_variable_r2 GRANTED BY regress_variable_owner;
-SELECT varacl FROM pg_variable WHERE varname = 'var1';
-
+SELECT has_session_variable_privilege('regress_variable_r1', 'public.var1', 'SELECT'); -- f
+SELECT has_session_variable_privilege('regress_variable_r2', 'public.var1', 'SELECT'); -- f
+SELECT has_session_variable_privilege('regress_variable_owner', 'public.var1', 'SELECT'); -- t
SET ROLE TO DEFAULT;
DROP VARIABLE var1;
+-----end of check GRANT WITH GRANT OPTION and REVOKE GRANTED BY
-CREATE SCHEMA svartest;
+-------begin of test: GRANT|REVOKE SELECT|UPDATE ON ALL VARIABLES IN SCHEMA
+CREATE SCHEMA svartest;
GRANT ALL ON SCHEMA svartest TO regress_variable_owner;
-
SET ROLE TO regress_variable_owner;
CREATE VARIABLE svartest.var1 AS int;
@@ -192,19 +193,23 @@ CREATE VARIABLE svartest.var2 AS int;
GRANT SELECT ON ALL VARIABLES IN SCHEMA svartest TO regress_variable_r1;
-SELECT varacl FROM pg_variable WHERE varname IN ('var1', 'var2');
+SELECT has_session_variable_privilege('regress_variable_r1', 'svartest.var1', 'SELECT'); -- t
+SELECT has_session_variable_privilege('regress_variable_r1', 'svartest.var2', 'SELECT'); -- t
REVOKE SELECT ON ALL VARIABLES IN SCHEMA svartest FROM regress_variable_r1;
-SELECT varacl FROM pg_variable WHERE varname IN ('var1', 'var2');
+SELECT has_session_variable_privilege('regress_variable_r1', 'svartest.var1', 'SELECT'); -- f
+SELECT has_session_variable_privilege('regress_variable_r1', 'svartest.var2', 'SELECT'); -- f
SET ROLE TO DEFAULT;
-
DROP VARIABLE svartest.var1;
DROP VARIABLE svartest.var2;
-
DROP SCHEMA svartest;
+-------end of test: GRANT|REVOKE SELECT|UPDATE ON ALL VARIABLES IN SCHEMA
+
+---function has_session_variable_privilege have various kind of signature.
+---the following are extensive test for it.
SET ROLE TO regress_variable_owner;
CREATE VARIABLE public.var1 AS int;
@@ -261,6 +266,7 @@ DROP ROLE regress_variable_r1;
DROP ROLE regress_variable_r2;
DROP ROLE regress_variable_owner;
+---end of function has_session_variable_privilege tests.
-- check access rights
CREATE ROLE regress_noowner;
