diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2022-07-03 16:49:12 -0400 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2022-07-03 16:49:24 -0400 |
| commit | b762bbde30d21d6a091d44cc2cbbfb1c9550be52 (patch) | |
| tree | 6e0ad942b1746a0670560fce3b48964f3f1def02 /src/test | |
| parent | b6a5158f98fd5158f66943d721061418f183b370 (diff) | |
Allow makeaclitem() to accept multiple privilege names.
Interpret its privileges argument as a comma-separated list of
privilege names, as in has_table_privilege and other functions.
This is actually net less code, since the support routine to
parse that already exists, and we can drop convert_priv_string()
which had no other use-case.
Robins Tharakan
Discussion: https://postgr.es/m/e5a05dc54ba64408b3dd260171c1abaf@EX13D05UWC001.ant.amazon.com
Diffstat (limited to 'src/test')
| -rw-r--r-- | src/test/regress/expected/privileges.out | 18 | ||||
| -rw-r--r-- | src/test/regress/sql/privileges.sql | 8 |
2 files changed, 26 insertions, 0 deletions
diff --git a/src/test/regress/expected/privileges.out b/src/test/regress/expected/privileges.out index 03df567d50f..e10dd6f9ae5 100644 --- a/src/test/regress/expected/privileges.out +++ b/src/test/regress/expected/privileges.out @@ -2099,6 +2099,24 @@ SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); - ALTER DEFAULT PRIVILEGES FOR ROLE regress_priv_user1 REVOKE EXECUTE ON FUNCTIONS FROM public; ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT USAGE ON SCHEMAS TO regress_priv_user2; -- error ERROR: cannot use IN SCHEMA clause when using GRANT/REVOKE ON SCHEMAS +-- Test makeaclitem() +SELECT makeaclitem('regress_priv_user1'::regrole, 'regress_priv_user2'::regrole, + 'SELECT', TRUE); -- single privilege + makeaclitem +------------------------------------------ + regress_priv_user1=r*/regress_priv_user2 +(1 row) + +SELECT makeaclitem('regress_priv_user1'::regrole, 'regress_priv_user2'::regrole, + 'SELECT, INSERT, UPDATE , DELETE ', FALSE); -- multiple privileges + makeaclitem +-------------------------------------------- + regress_priv_user1=arwd/regress_priv_user2 +(1 row) + +SELECT makeaclitem('regress_priv_user1'::regrole, 'regress_priv_user2'::regrole, + 'SELECT, fake_privilege', FALSE); -- error +ERROR: unrecognized privilege type: "fake_privilege" -- -- Testing blanket default grants is very hazardous since it might change -- the privileges attached to objects created by concurrent regression tests. diff --git a/src/test/regress/sql/privileges.sql b/src/test/regress/sql/privileges.sql index 2a6ba38e523..6d1fd3391a2 100644 --- a/src/test/regress/sql/privileges.sql +++ b/src/test/regress/sql/privileges.sql @@ -1339,6 +1339,14 @@ ALTER DEFAULT PRIVILEGES FOR ROLE regress_priv_user1 REVOKE EXECUTE ON FUNCTIONS ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT USAGE ON SCHEMAS TO regress_priv_user2; -- error +-- Test makeaclitem() +SELECT makeaclitem('regress_priv_user1'::regrole, 'regress_priv_user2'::regrole, + 'SELECT', TRUE); -- single privilege +SELECT makeaclitem('regress_priv_user1'::regrole, 'regress_priv_user2'::regrole, + 'SELECT, INSERT, UPDATE , DELETE ', FALSE); -- multiple privileges +SELECT makeaclitem('regress_priv_user1'::regrole, 'regress_priv_user2'::regrole, + 'SELECT, fake_privilege', FALSE); -- error + -- -- Testing blanket default grants is very hazardous since it might change -- the privileges attached to objects created by concurrent regression tests. |