diff options
| author | Daniel Gustafsson <dgustafsson@postgresql.org> | 2021-12-30 13:23:47 +0100 |
|---|---|---|
| committer | Daniel Gustafsson <dgustafsson@postgresql.org> | 2021-12-30 13:23:47 +0100 |
| commit | cb4f1be43ad2c60ea80b07d3345d8a52ca9f763f (patch) | |
| tree | 89aca558bb716339f11782336bbd419d7c072dd5 | |
| parent | f7d7ac23d19240a90bbb8d91cb231ef7f883dd02 (diff) | |
| download | postgresql-cb4f1be43ad2c60ea80b07d3345d8a52ca9f763f.tar.gz postgresql-cb4f1be43ad2c60ea80b07d3345d8a52ca9f763f.zip | |
Revert b2a459edf "Fix GRANTED BY support in REVOKE ROLE statements"
The reverted commit attempted to fix SQL specification compliance for
the cases which 6aaaa76bb left. This however broke existing behavior
which takes precedence over spec compliance so revert. The introduced
tests are left after the revert since the codepath isn't well covered.
Per bug report 17346. Backpatch down to 14 where it was introduced.
Reported-by: Andrew Bille <andrewbille@gmail.com>
Discussion: https://postgr.es/m/17346-f72b28bd1a341060@postgresql.org
| -rw-r--r-- | src/backend/commands/user.c | 11 | ||||
| -rw-r--r-- | src/backend/parser/gram.y | 2 | ||||
| -rw-r--r-- | src/test/regress/expected/privileges.out | 2 |
3 files changed, 0 insertions, 15 deletions
diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c index b9cca41a7d3..65bb7339589 100644 --- a/src/backend/commands/user.c +++ b/src/backend/commands/user.c @@ -1319,18 +1319,7 @@ GrantRole(GrantRoleStmt *stmt) ListCell *item; if (stmt->grantor) - { grantor = get_rolespec_oid(stmt->grantor, false); - - /* - * Currently, this clause is only for SQL compatibility, not very - * interesting otherwise. - */ - if (grantor != GetUserId()) - ereport(ERROR, - (errcode(ERRCODE_FEATURE_NOT_SUPPORTED), - errmsg("grantor must be current user"))); - } else grantor = GetUserId(); diff --git a/src/backend/parser/gram.y b/src/backend/parser/gram.y index 1b7494f0df8..fe2af568c91 100644 --- a/src/backend/parser/gram.y +++ b/src/backend/parser/gram.y @@ -7181,7 +7181,6 @@ RevokeRoleStmt: n->admin_opt = false; n->granted_roles = $2; n->grantee_roles = $4; - n->grantor = $5; n->behavior = $6; $$ = (Node*)n; } @@ -7192,7 +7191,6 @@ RevokeRoleStmt: n->admin_opt = true; n->granted_roles = $5; n->grantee_roles = $7; - n->grantor = $8; n->behavior = $9; $$ = (Node*)n; } diff --git a/src/test/regress/expected/privileges.out b/src/test/regress/expected/privileges.out index d106733dcc6..e91c501a95d 100644 --- a/src/test/regress/expected/privileges.out +++ b/src/test/regress/expected/privileges.out @@ -47,9 +47,7 @@ ALTER FUNCTION leak(integer,integer) OWNER TO regress_priv_user1; -- test owner privileges GRANT regress_priv_role TO regress_priv_user1 WITH ADMIN OPTION GRANTED BY CURRENT_ROLE; REVOKE ADMIN OPTION FOR regress_priv_role FROM regress_priv_user1 GRANTED BY foo; -- error -ERROR: role "foo" does not exist REVOKE ADMIN OPTION FOR regress_priv_role FROM regress_priv_user1 GRANTED BY regress_priv_user2; -- error -ERROR: grantor must be current user REVOKE ADMIN OPTION FOR regress_priv_role FROM regress_priv_user1 GRANTED BY CURRENT_USER; REVOKE regress_priv_role FROM regress_priv_user1 GRANTED BY CURRENT_ROLE; DROP ROLE regress_priv_role; |