On Wed, Oct 27, 2021 at 1:12 PM Mark Dilger
<mark.dilger@enterprisedb.com> wrote:
>
>
>
> > On Oct 27, 2021, at 9:26 AM, Joshua Brindle <joshua.brindle@crunchydata.com> wrote:
> >
> > As a follow-on to Conflation of member/privs for predefined roles,
> > this removes is_member_of_role from the header to dissuade it's use
> > for privilege checking. Since SET ROLE must use membership rather than
> > privileges a new, explicitly named can_set_role() function is
> > exported.
> >
> > is_member_of_role_nosuper() still exists for the following purposes:
> > - membership loop checking in user.c
> > - membership matching for pg_hba.conf in hba.c
> >
> > Other uses of is_member_of_role_nosuper() should be avoided.
> > <0001-unexport-is_member_of_role-add-can_set_role.patch>
>
> I don't understand the purpose of this. You are defining can_set_role(member,role) as a simple wrapper around
is_member_of_role(member,role). Couldn't the comment:
>
> + *
> + * Do not use this for privilege checking, instead use has_privs_of_role()
>
> be added to the header for is_member_of_role() without needing the new wrapper function?
It could be, but the intent is to dissuade it from being used, so
getting rid of it and making an explicit version that has a sole use
seemed useful.
It's possible that it's being used inappropriately out-of-tree so this
would also prevent that.