Re: Bug / shortcoming in has_*_privilege

(2010/09/07 6:16), Alvaro Herrera wrote:
> Excerpts from Jim Nasby's message of jue jun 10 17:54:43 -0400 2010:
>> test_us(at)workbook=# select has_table_privilege( 'public', 'test', 'SELECT' );
>> ERROR: role "public" does not exist
>
> Here's a patch implementing this idea.
>
I checked this patch.

It seems to me it replaces whole of get_role_oid() in has_*_privilege
functions by the new get_role_oid_or_public(), so this patch allows
to accept the pseudo "public" user in consistent way.

The pg_has_role_*() functions are exception. It will raise an error
with error message of "role "public" does not exist".
Is it an expected bahavior, isn't it?

> I'm not too sure about the wording in the doc changes. If somebody
> wants to propose something better, I'm all ears. To facilitate
> bikeshedding, here's a relevant extract:
>
> has_table_privilege checks whether a user can access a table in
> a particular way. The user can be specified by name; as public,
> to indicate the PUBLIC pseudo-role; by OID (pg_authid.oid), or,
> if the argument is omitted, current_user is assumed.
>
> (the first appearance of public is<literal>public</>. I had first made
> it<quote> but that didn't feel right.)
>
It seems to me fair enough, but I'm not a native in English.

> Another thing that could raise eyebrows is that I chose to remove the
> "missing_ok" argument from get_role_oid_or_public, so it's not a perfect
> mirror of it. None of the current callers need it, but perhaps people
> would like these functions to be consistent.
>
Tom Lane suggested to add missing_ok argument, although it is not a must-
requirement.

Thanks,
--
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>