rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Error message wording improvements

This commit is contained in:
Peter Eisentraut 2023-06-29 09:14:55 +02:00
parent dda9f8e7bc
commit 39a584dc90
4 changed files with 20 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/backend/commands/user.c
View File

@ -323,25 +323,25 @@ CreateRole(ParseState *pstate, CreateRoleStmt *stmt)
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("permission denied to create role"),
errdetail("Only roles with the %s attribute may create roles with %s.",
errdetail("Only roles with the %s attribute may create roles with the %s attribute.",
"SUPERUSER", "SUPERUSER")));
if (createdb && !have_createdb_privilege())
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("permission denied to create role"),
errdetail("Only roles with the %s attribute may create roles with %s.",
errdetail("Only roles with the %s attribute may create roles with the %s attribute.",
"CREATEDB", "CREATEDB")));
if (isreplication && !has_rolreplication(currentUserId))
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("permission denied to create role"),
errdetail("Only roles with the %s attribute may create roles with %s.",
errdetail("Only roles with the %s attribute may create roles with the %s attribute.",
"REPLICATION", "REPLICATION")));
if (bypassrls && !has_bypassrls_privilege(currentUserId))
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("permission denied to create role"),
errdetail("Only roles with the %s attribute may create roles with %s.",
errdetail("Only roles with the %s attribute may create roles with the %s attribute.",
"BYPASSRLS", "BYPASSRLS")));
}
@ -758,7 +758,7 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt)
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("permission denied to alter role"),
errdetail("Only roles with the %s attribute may alter roles with %s.",
errdetail("Only roles with the %s attribute may alter roles with the %s attribute.",
"SUPERUSER", "SUPERUSER")));
if (!superuser() && dissuper)
ereport(ERROR,
@ -1031,7 +1031,7 @@ AlterRoleSet(AlterRoleSetStmt *stmt)
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("permission denied to alter role"),
errdetail("Only roles with the %s attribute may alter roles with %s.",
errdetail("Only roles with the %s attribute may alter roles with the %s attribute.",
"SUPERUSER", "SUPERUSER")));
}
else
@ -1171,7 +1171,7 @@ DropRole(DropRoleStmt *stmt)
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("permission denied to drop role"),
errdetail("Only roles with the %s attribute may drop roles with %s.",
errdetail("Only roles with the %s attribute may drop roles with the %s attribute.",
"SUPERUSER", "SUPERUSER")));
if (!is_admin_of_role(GetUserId(), roleid))
ereport(ERROR,
@ -1426,7 +1426,7 @@ RenameRole(const char *oldname, const char *newname)
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("permission denied to rename role"),
errdetail("Only roles with the %s attribute may rename roles with %s.",
errdetail("Only roles with the %s attribute may rename roles with the %s attribute.",
"SUPERUSER", "SUPERUSER")));
}
else
@ -2141,14 +2141,14 @@ check_role_membership_authorization(Oid currentUserId, Oid roleid,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("permission denied to grant role \"%s\"",
GetUserNameFromId(roleid, false)),
errdetail("Only roles with the %s attribute may grant roles with %s.",
errdetail("Only roles with the %s attribute may grant roles with the %s attribute.",
"SUPERUSER", "SUPERUSER")));
else
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("permission denied to revoke role \"%s\"",
GetUserNameFromId(roleid, false)),
errdetail("Only roles with the %s attribute may revoke roles with %s.",
errdetail("Only roles with the %s attribute may revoke roles with the %s attribute.",
"SUPERUSER", "SUPERUSER")));
}
}

4
src/backend/storage/ipc/signalfuncs.c
View File

@ -122,7 +122,7 @@ pg_cancel_backend(PG_FUNCTION_ARGS)
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("permission denied to cancel query"),
errdetail("Only roles with the %s attribute may cancel queries of roles with %s.",
errdetail("Only roles with the %s attribute may cancel queries of roles with the %s attribute.",
"SUPERUSER", "SUPERUSER")));
if (r == SIGNAL_BACKEND_NOPERMISSION)
@ -228,7 +228,7 @@ pg_terminate_backend(PG_FUNCTION_ARGS)
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("permission denied to terminate process"),
errdetail("Only roles with the %s attribute may terminate processes of roles with %s.",
errdetail("Only roles with the %s attribute may terminate processes of roles with the %s attribute.",
"SUPERUSER", "SUPERUSER")));
if (r == SIGNAL_BACKEND_NOPERMISSION)

2
src/backend/utils/init/postinit.c
View File

@ -946,7 +946,7 @@ InitPostgres(const char *in_dbname, Oid dboid,
if (nfree < SuperuserReservedConnections)
ereport(FATAL,
(errcode(ERRCODE_TOO_MANY_CONNECTIONS),
errmsg("remaining connection slots are reserved for roles with %s",
errmsg("remaining connection slots are reserved for roles with the %s attribute",
"SUPERUSER")));
if (!has_privs_of_role(GetUserId(), ROLE_PG_USE_RESERVED_CONNECTIONS))

14
src/test/regress/expected/create_role.out
View File

@ -8,19 +8,19 @@ CREATE ROLE regress_role_normal;
SET SESSION AUTHORIZATION regress_role_limited_admin;
CREATE ROLE regress_nosuch_superuser SUPERUSER;
ERROR: permission denied to create role
DETAIL: Only roles with the SUPERUSER attribute may create roles with SUPERUSER.
DETAIL: Only roles with the SUPERUSER attribute may create roles with the SUPERUSER attribute.
CREATE ROLE regress_nosuch_replication_bypassrls REPLICATION BYPASSRLS;
ERROR: permission denied to create role
DETAIL: Only roles with the REPLICATION attribute may create roles with REPLICATION.
DETAIL: Only roles with the REPLICATION attribute may create roles with the REPLICATION attribute.
CREATE ROLE regress_nosuch_replication REPLICATION;
ERROR: permission denied to create role
DETAIL: Only roles with the REPLICATION attribute may create roles with REPLICATION.
DETAIL: Only roles with the REPLICATION attribute may create roles with the REPLICATION attribute.
CREATE ROLE regress_nosuch_bypassrls BYPASSRLS;
ERROR: permission denied to create role
DETAIL: Only roles with the BYPASSRLS attribute may create roles with BYPASSRLS.
DETAIL: Only roles with the BYPASSRLS attribute may create roles with the BYPASSRLS attribute.
CREATE ROLE regress_nosuch_createdb CREATEDB;
ERROR: permission denied to create role
DETAIL: Only roles with the CREATEDB attribute may create roles with CREATEDB.
DETAIL: Only roles with the CREATEDB attribute may create roles with the CREATEDB attribute.
-- ok, can create a role without any special attributes
CREATE ROLE regress_role_limited;
-- fail, can't give it in any of the restricted attributes
@ -71,7 +71,7 @@ NOTICE: SYSID can no longer be specified
-- fail, cannot grant membership in superuser role
CREATE ROLE regress_nosuch_super IN ROLE regress_role_super;
ERROR: permission denied to grant role "regress_role_super"
DETAIL: Only roles with the SUPERUSER attribute may grant roles with SUPERUSER.
DETAIL: Only roles with the SUPERUSER attribute may grant roles with the SUPERUSER attribute.
-- fail, database owner cannot have members
CREATE ROLE regress_nosuch_dbowner IN ROLE pg_database_owner;
ERROR: role "pg_database_owner" cannot have explicit members
@ -238,7 +238,7 @@ DROP ROLE regress_adminroles;
-- fail, cannot drop ourself, nor superusers or roles we lack ADMIN for
DROP ROLE regress_role_super;
ERROR: permission denied to drop role
DETAIL: Only roles with the SUPERUSER attribute may drop roles with SUPERUSER.
DETAIL: Only roles with the SUPERUSER attribute may drop roles with the SUPERUSER attribute.
DROP ROLE regress_role_admin;
ERROR: current user cannot be dropped
DROP ROLE regress_rolecreator;