Functions are selectable by all roles but not dropable

This commit is contained in:
Esther Lozano 2019-11-06 21:12:44 +01:00
parent e63f5040d9
commit 09076924c0
2 changed files with 20 additions and 23 deletions

View File

@ -4,7 +4,7 @@ SET client_min_messages TO error;
-- The permission error changed between pre PG11 and post 11 (before everythin "relation", now it's "view", "table" and so on
CREATE OR REPLACE FUNCTION catch_permission_error(query text)
RETURNS bool
RETURNS bool
AS $$
BEGIN
EXECUTE query;
@ -43,7 +43,7 @@ SELECT * FROM test_tablesas;
SELECT * FROM test_view;
SELECT * FROM test_mview;
SELECT * FROM test_selectinto;
DROP FUNCTION test_function;
SELECT test_function();
\set QUIET on
SET SESSION AUTHORIZATION "ownership_role";
@ -54,7 +54,7 @@ SELECT 'denied_tableas', catch_permission_error($$SELECT * FROM test_tablesas;$$
SELECT 'denied_view', catch_permission_error($$SELECT * FROM test_view;$$);
SELECT 'denied_mview', catch_permission_error($$SELECT * FROM test_mview;$$);
SELECT 'denied_selectinto', catch_permission_error($$SELECT * FROM test_selectinto;$$);
SELECT 'denied_function', catch_permission_error($$DROP FUNCTION test_function;$$);
SELECT 'denied_function', catch_permission_error($$SELECT test_function();$$);
\set QUIET on
SET SESSION AUTHORIZATION "creator_role";
@ -65,7 +65,7 @@ DROP VIEW test_view;
DROP MATERIALIZED VIEW test_mview;
DROP TABLE test_selectinto;
DROP TABLE test;
DROP FUNCTION test_function;
DROP FUNCTION test_function();
-- Second part with event trigger but without ownership_role_name in cdb_conf
@ -88,10 +88,9 @@ SELECT * FROM test2_tablesas;
SELECT * FROM test2_view;
SELECT * FROM test2_mview;
SELECT * FROM test2_selectinto;
DROP FUNCTION test2_function;
SELECT test2_function();
\set QUIET on
CREATE FUNCTION test2_function() RETURNS integer AS $$ BEGIN RETURN 1; END; $$ LANGUAGE PLPGSQL;
SET SESSION AUTHORIZATION "ownership_role";
\set QUIET off
@ -100,7 +99,7 @@ SELECT 'denied_tableas2', catch_permission_error($$SELECT * FROM test2_tablesas;
SELECT 'denied_view2', catch_permission_error($$SELECT * FROM test2_view;$$);
SELECT 'denied_mview2', catch_permission_error($$SELECT * FROM test2_mview;$$);
SELECT 'denied_selectinto2', catch_permission_error($$SELECT * FROM test2_selectinto;$$);
SELECT 'denied_function2', catch_permission_error($$DROP FUNCTION public.test2_function;$$);
SELECT 'denied_function2', catch_permission_error($$SELECT test2_function();$$);
\set QUIET on
SET SESSION AUTHORIZATION "creator_role";
@ -111,7 +110,7 @@ DROP VIEW test2_view;
DROP MATERIALIZED VIEW test2_mview;
DROP TABLE test2_selectinto;
DROP TABLE test2;
DROP FUNCTION test2_function;
DROP FUNCTION test2_function();
-- Third part with event trigger but with empty ownership_role_name in cdb_conf
@ -134,10 +133,9 @@ SELECT * FROM test3_tablesas;
SELECT * FROM test3_view;
SELECT * FROM test3_mview;
SELECT * FROM test3_selectinto;
DROP FUNCTION test3_function;
SELECT test3_function();
\set QUIET on
CREATE FUNCTION test3_function() RETURNS integer AS $$ BEGIN RETURN 1; END; $$ LANGUAGE PLPGSQL;
SET SESSION AUTHORIZATION "ownership_role";
\set QUIET off
@ -146,7 +144,7 @@ SELECT 'denied_tableas3', catch_permission_error($$SELECT * FROM test3_tablesas;
SELECT 'denied_view3', catch_permission_error($$SELECT * FROM test3_view;$$);
SELECT 'denied_mview3', catch_permission_error($$SELECT * FROM test3_mview;$$);
SELECT 'denied_selectinto3', catch_permission_error($$SELECT * FROM test3_selectinto;$$);
SELECT 'denied_function3', catch_permission_error($$DROP FUNCTION public.test3_function;$$);
SELECT 'denied_function3', catch_permission_error($$SELECT test3_function();$$);
\set QUIET on
SET SESSION AUTHORIZATION "creator_role";
@ -157,7 +155,7 @@ DROP VIEW test3_view;
DROP MATERIALIZED VIEW test3_mview;
DROP TABLE test3_selectinto;
DROP TABLE test3;
DROP FUNCTION test3_function;
DROP FUNCTION test3_function();
-- Fourth part with the event trigger active and configured
@ -180,10 +178,9 @@ SELECT * FROM test4_tablesas;
SELECT * FROM test4_view;
SELECT * FROM test4_mview;
SELECT * FROM test4_selectinto;
DROP FUNCTION test4_function;
SELECT test4_function();
\set QUIET on
CREATE FUNCTION test4_function() RETURNS integer AS $$ BEGIN RETURN 1; END; $$ LANGUAGE PLPGSQL;
SET SESSION AUTHORIZATION "ownership_role";
\set QUIET off
@ -200,7 +197,7 @@ DROP VIEW test4_view;
DROP MATERIALIZED VIEW test4_mview;
DROP TABLE test4_selectinto;
DROP TABLE test4;
DROP FUNCTION test4_function;
DROP FUNCTION test4_function();
-- Cleanup
\set QUIET on

View File

@ -11,13 +11,13 @@ CREATE FUNCTION
1
1
1
DROP FUNCTION
1
denied_table|t
denied_tableas|t
denied_view|t
denied_mview|t
denied_selectinto|t
denied_function|t
denied_function|f
DROP TABLE
DROP VIEW
DROP MATERIALIZED VIEW
@ -38,13 +38,13 @@ CREATE FUNCTION
1
1
1
DROP FUNCTION
1
denied_table2|t
denied_tableas2|t
denied_view2|t
denied_mview2|t
denied_selectinto2|t
denied_function2|t
denied_function2|f
DROP TABLE
DROP VIEW
DROP MATERIALIZED VIEW
@ -64,13 +64,13 @@ CREATE FUNCTION
1
1
1
DROP FUNCTION
1
denied_table3|t
denied_tableas3|t
denied_view3|t
denied_mview3|t
denied_selectinto3|t
denied_function3|t
denied_function3|f
DROP TABLE
DROP VIEW
DROP MATERIALIZED VIEW
@ -90,13 +90,13 @@ CREATE FUNCTION
1
1
1
DROP FUNCTION
1
1
1
1
1
DROP FUNCTION
1
1
DROP TABLE
DROP VIEW
DROP MATERIALIZED VIEW