Use has_privs_for_roles for predefined role checks: round 2
Similar to commit 6198420ad
, replace is_member_of_role with
has_privs_for_role for predefined role access checks in recently
committed basebackup code. In passing fix a double-word error
in a nearby comment.
Discussion: https://postgr.es/m/flat/CAGB+Vh4Zv_TvKt2tv3QNS6tUM_F_9icmuj0zjywwcgVi4PAhFA@mail.gmail.com
This commit is contained in:
parent
cfdd03f45e
commit
9752436f04
|
@ -90,7 +90,7 @@ _PG_init(void)
|
|||
}
|
||||
|
||||
/*
|
||||
* We choose to defer sanity sanity checking until shell_get_sink(), and so
|
||||
* We choose to defer sanity checking until shell_get_sink(), and so
|
||||
* just pass the target detail through without doing anything. However, we do
|
||||
* permissions checks here, before any real work has been done.
|
||||
*/
|
||||
|
@ -103,7 +103,7 @@ shell_check_detail(char *target, char *target_detail)
|
|||
|
||||
StartTransactionCommand();
|
||||
roleid = get_role_oid(shell_required_role, true);
|
||||
if (!is_member_of_role(GetUserId(), roleid))
|
||||
if (!has_privs_of_role(GetUserId(), roleid))
|
||||
ereport(ERROR,
|
||||
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
||||
errmsg("permission denied to use basebackup_to_shell")));
|
||||
|
|
|
@ -237,7 +237,7 @@ PostgreSQL documentation
|
|||
<literal>server:/some/path</literal>, the backup will be stored on
|
||||
the machine where the server is running in the
|
||||
<literal>/some/path</literal> directory. Storing a backup on the
|
||||
server requires superuser privileges or being granted the
|
||||
server requires superuser privileges or having privileges of the
|
||||
<literal>pg_write_server_files</literal> role. If the target is set to
|
||||
<literal>blackhole</literal>, the contents are discarded and not
|
||||
stored anywhere. This should only be used for testing purposes, as you
|
||||
|
|
|
@ -69,10 +69,10 @@ bbsink_server_new(bbsink *next, char *pathname)
|
|||
|
||||
/* Replication permission is not sufficient in this case. */
|
||||
StartTransactionCommand();
|
||||
if (!is_member_of_role(GetUserId(), ROLE_PG_WRITE_SERVER_FILES))
|
||||
if (!has_privs_of_role(GetUserId(), ROLE_PG_WRITE_SERVER_FILES))
|
||||
ereport(ERROR,
|
||||
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
||||
errmsg("must be superuser or a member of the pg_write_server_files role to create server backup")));
|
||||
errmsg("must be superuser or a role with privileges of the pg_write_server_files role to create server backup")));
|
||||
CommitTransactionCommand();
|
||||
|
||||
/*
|
||||
|
|
Loading…
Reference in New Issue