Integrate superuser check into has_rolreplication()

This makes it consistent with similar functions like has_createrole_privilege() and allows removing some explicit superuser checks. Author: Nathan Bossart <nathandbossart@gmail.com> Discussion: https://www.postgresql.org/message-id/20230310000313.GA3992372%40nathanxps13
2023-03-16 15:43:33 +01:00 · 2023-03-16 15:43:33 +01:00 · 442f870065
parent 3b7cd8c690
commit 442f870065
3 changed files with 6 additions and 2 deletions
--- a/src/backend/replication/slot.c
+++ b/src/backend/replication/slot.c
@ -1140,7 +1140,7 @@ CheckSlotRequirements(void)
 void
 CheckSlotPermissions(void)
 {
-	if (!superuser() && !has_rolreplication(GetUserId()))
+	if (!has_rolreplication(GetUserId()))
 		ereport(ERROR,
 				(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
 				 errmsg("must be superuser or replication role to use replication slots")));
--- a/src/backend/utils/init/miscinit.c
+++ b/src/backend/utils/init/miscinit.c
@ -709,6 +709,10 @@ has_rolreplication(Oid roleid)
 	bool		result = false;
 	HeapTuple	utup;

+	/* Superusers bypass all permission checking. */
+	if (superuser_arg(roleid))
+		return true;
+
 	utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
 	if (HeapTupleIsValid(utup))
 	{
--- a/src/backend/utils/init/postinit.c
+++ b/src/backend/utils/init/postinit.c
@ -962,7 +962,7 @@ InitPostgres(const char *in_dbname, Oid dboid,
 	{
 		Assert(!bootstrap);

-		if (!superuser() && !has_rolreplication(GetUserId()))
+		if (!has_rolreplication(GetUserId()))
 			ereport(FATAL,
 					(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
 					 errmsg("must be superuser or replication role to start walsender")));