From 09076924c07c4b4516a4f344b746060687e80b93 Mon Sep 17 00:00:00 2001
From: Esther Lozano <esloho@gmail.com>
Date: Wed, 6 Nov 2019 21:12:44 +0100
Subject: [PATCH] Functions are selectable by all roles but not dropable

---
 test/CDB_OAuth.sql    | 27 ++++++++++++---------------
 test/CDB_OAuth_expect | 16 ++++++++--------
 2 files changed, 20 insertions(+), 23 deletions(-)

diff --git a/test/CDB_OAuth.sql b/test/CDB_OAuth.sql
index bca61d7..9b5c45d 100644
--- a/test/CDB_OAuth.sql
+++ b/test/CDB_OAuth.sql
@@ -4,7 +4,7 @@ SET client_min_messages TO error;
 
 -- The permission error changed between pre PG11 and post 11 (before everythin "relation", now it's "view", "table" and so on
 CREATE OR REPLACE FUNCTION catch_permission_error(query text)
-RETURNS bool
+    RETURNS bool
 AS $$
 BEGIN
     EXECUTE query;
@@ -43,7 +43,7 @@ SELECT * FROM test_tablesas;
 SELECT * FROM test_view;
 SELECT * FROM test_mview;
 SELECT * FROM test_selectinto;
-DROP FUNCTION test_function;
+SELECT test_function();
 
 \set QUIET on
 SET SESSION AUTHORIZATION "ownership_role";
@@ -54,7 +54,7 @@ SELECT 'denied_tableas', catch_permission_error($$SELECT * FROM test_tablesas;$$
 SELECT 'denied_view', catch_permission_error($$SELECT * FROM test_view;$$);
 SELECT 'denied_mview', catch_permission_error($$SELECT * FROM test_mview;$$);
 SELECT 'denied_selectinto', catch_permission_error($$SELECT * FROM test_selectinto;$$);
-SELECT 'denied_function', catch_permission_error($$DROP FUNCTION test_function;$$);
+SELECT 'denied_function', catch_permission_error($$SELECT test_function();$$);
 
 \set QUIET on
 SET SESSION AUTHORIZATION "creator_role";
@@ -65,7 +65,7 @@ DROP VIEW test_view;
 DROP MATERIALIZED VIEW test_mview;
 DROP TABLE test_selectinto;
 DROP TABLE test;
-DROP FUNCTION test_function;
+DROP FUNCTION test_function();
 
 -- Second part with event trigger but without ownership_role_name in cdb_conf
 
@@ -88,10 +88,9 @@ SELECT * FROM test2_tablesas;
 SELECT * FROM test2_view;
 SELECT * FROM test2_mview;
 SELECT * FROM test2_selectinto;
-DROP FUNCTION test2_function;
+SELECT test2_function();
 
 \set QUIET on
-CREATE FUNCTION test2_function() RETURNS integer AS $$ BEGIN RETURN 1; END; $$ LANGUAGE PLPGSQL;
 SET SESSION AUTHORIZATION "ownership_role";
 \set QUIET off
 
@@ -100,7 +99,7 @@ SELECT 'denied_tableas2', catch_permission_error($$SELECT * FROM test2_tablesas;
 SELECT 'denied_view2', catch_permission_error($$SELECT * FROM test2_view;$$);
 SELECT 'denied_mview2', catch_permission_error($$SELECT * FROM test2_mview;$$);
 SELECT 'denied_selectinto2', catch_permission_error($$SELECT * FROM test2_selectinto;$$);
-SELECT 'denied_function2', catch_permission_error($$DROP FUNCTION public.test2_function;$$);
+SELECT 'denied_function2', catch_permission_error($$SELECT test2_function();$$);
 
 \set QUIET on
 SET SESSION AUTHORIZATION "creator_role";
@@ -111,7 +110,7 @@ DROP VIEW test2_view;
 DROP MATERIALIZED VIEW test2_mview;
 DROP TABLE test2_selectinto;
 DROP TABLE test2;
-DROP FUNCTION test2_function;
+DROP FUNCTION test2_function();
 
 -- Third part with event trigger but with empty ownership_role_name in cdb_conf
 
@@ -134,10 +133,9 @@ SELECT * FROM test3_tablesas;
 SELECT * FROM test3_view;
 SELECT * FROM test3_mview;
 SELECT * FROM test3_selectinto;
-DROP FUNCTION test3_function;
+SELECT test3_function();
 
 \set QUIET on
-CREATE FUNCTION test3_function() RETURNS integer AS $$ BEGIN RETURN 1; END; $$ LANGUAGE PLPGSQL;
 SET SESSION AUTHORIZATION "ownership_role";
 \set QUIET off
 
@@ -146,7 +144,7 @@ SELECT 'denied_tableas3', catch_permission_error($$SELECT * FROM test3_tablesas;
 SELECT 'denied_view3', catch_permission_error($$SELECT * FROM test3_view;$$);
 SELECT 'denied_mview3', catch_permission_error($$SELECT * FROM test3_mview;$$);
 SELECT 'denied_selectinto3', catch_permission_error($$SELECT * FROM test3_selectinto;$$);
-SELECT 'denied_function3', catch_permission_error($$DROP FUNCTION public.test3_function;$$);
+SELECT 'denied_function3', catch_permission_error($$SELECT test3_function();$$);
 
 \set QUIET on
 SET SESSION AUTHORIZATION "creator_role";
@@ -157,7 +155,7 @@ DROP VIEW test3_view;
 DROP MATERIALIZED VIEW test3_mview;
 DROP TABLE test3_selectinto;
 DROP TABLE test3;
-DROP FUNCTION test3_function;
+DROP FUNCTION test3_function();
 
 -- Fourth part with the event trigger active and configured
 
@@ -180,10 +178,9 @@ SELECT * FROM test4_tablesas;
 SELECT * FROM test4_view;
 SELECT * FROM test4_mview;
 SELECT * FROM test4_selectinto;
-DROP FUNCTION test4_function;
+SELECT test4_function();
 
 \set QUIET on
-CREATE FUNCTION test4_function() RETURNS integer AS $$ BEGIN RETURN 1; END; $$ LANGUAGE PLPGSQL;
 SET SESSION AUTHORIZATION "ownership_role";
 \set QUIET off
 
@@ -200,7 +197,7 @@ DROP VIEW test4_view;
 DROP MATERIALIZED VIEW test4_mview;
 DROP TABLE test4_selectinto;
 DROP TABLE test4;
-DROP FUNCTION test4_function;
+DROP FUNCTION test4_function();
 
 -- Cleanup
 \set QUIET on
diff --git a/test/CDB_OAuth_expect b/test/CDB_OAuth_expect
index eb41d0a..9229f74 100644
--- a/test/CDB_OAuth_expect
+++ b/test/CDB_OAuth_expect
@@ -11,13 +11,13 @@ CREATE FUNCTION
 1
 1
 1
-DROP FUNCTION
+1
 denied_table|t
 denied_tableas|t
 denied_view|t
 denied_mview|t
 denied_selectinto|t
-denied_function|t
+denied_function|f
 DROP TABLE
 DROP VIEW
 DROP MATERIALIZED VIEW
@@ -38,13 +38,13 @@ CREATE FUNCTION
 1
 1
 1
-DROP FUNCTION
+1
 denied_table2|t
 denied_tableas2|t
 denied_view2|t
 denied_mview2|t
 denied_selectinto2|t
-denied_function2|t
+denied_function2|f
 DROP TABLE
 DROP VIEW
 DROP MATERIALIZED VIEW
@@ -64,13 +64,13 @@ CREATE FUNCTION
 1
 1
 1
-DROP FUNCTION
+1
 denied_table3|t
 denied_tableas3|t
 denied_view3|t
 denied_mview3|t
 denied_selectinto3|t
-denied_function3|t
+denied_function3|f
 DROP TABLE
 DROP VIEW
 DROP MATERIALIZED VIEW
@@ -90,13 +90,13 @@ CREATE FUNCTION
 1
 1
 1
-DROP FUNCTION
 1
 1
 1
 1
 1
-DROP FUNCTION
+1
+1
 DROP TABLE
 DROP VIEW
 DROP MATERIALIZED VIEW