• Joe Conway's avatar
    Fix has_column_privilege function corner case · b12bd486
    Joe Conway authored
    According to the comments, when an invalid or dropped column oid is passed
    to has_column_privilege(), the intention has always been to return NULL.
    However, when the caller had table level privilege the invalid/missing
    column was never discovered, because table permissions were checked first.
    
    Fix that by introducing extended versions of pg_attribute_acl(check|mask)
    and pg_class_acl(check|mask) which take a new argument, is_missing. When
    is_missing is NULL, the old behavior is preserved. But when is_missing is
    passed by the caller, no ERROR is thrown for dropped or missing
    columns/relations, and is_missing is flipped to true. This in turn allows
    has_column_privilege to check for column privileges first, providing the
    desired semantics.
    
    Not backpatched since it is a user visible behavioral change with no previous
    complaints, and the fix is a bit on the invasive side.
    
    Author: Joe Conway
    Reviewed-By: Tom Lane
    Reported by: Ian Barwick
    Discussion: https://postgr.es/m/flat/9b5f4311-157b-4164-7fe7-077b4fe8ed84%40joeconway.com
    b12bd486
privileges.sql 53.2 KB