Hi,
Currently, there are many has_*_privilege functions for table, column,
function, type, role, database, schema, language, server, foreign data
wrapper, parameter, and so on. However, large object is not supported yet.
I can find a way to check the privilege on a large object in the regression
test, in which whether a function call such as lo_open(lowrite(..)) raises
an error or not is checked. However, I think it is not good that we need to
try to write to a large object to check we can write it, and also the
transaction will be aborted due to a permission error when the user doesn't
have the privilege. So, I would like to propose to add
has_large_object_function for checking if a user has the privilege on a large
object.
I attached two files of patches.
0001 makes a bit refactoring on large object codes. To check if a large
object exists, myLargeObjectExists() function has to be used rather than
public LargeObjectExists(), because we need to use different snapshots between
read and write cases to make the behavior compatible to lo_open. However,
myLargeObjectExists() was static function, so I made it public and renamed it
to LargeObjectExistsWIthSnapshot(). Also, since these two functions are almost
same except to whether snapshot can be specified, I rewrote LargeObjectExists to
call LargeObjectExistsWIthSnapshot internally. I am not sure why these
duplicated codes have been left for long time, and there might be some reasons.
However, otherwise, I think this deduplication also could reduce possible
maintenance cost in future.
0002 adds has_large_object_privilege function.There are three variations whose
arguments are combinations of large object OID with user name, user OID, or
implicit user (current_user). It returns NULL if not-existing large object id is
specified, and false if non-existing user id is specified, and raises an error if
non-existing user name is specified. These behavior is similar with has_table_privilege.
The regression test is also included.
Regards,
Yugo Nagata
--
Yugo NAGATA <nagata@sraoss.co.jp>