diff options
| author | Joe Conway | 2022-04-02 17:24:38 +0000 |
|---|---|---|
| committer | Joe Conway | 2022-04-02 17:24:38 +0000 |
| commit | 9752436f049430428464e22dcf837e9c6fa4e513 (patch) | |
| tree | 9ce8eb15160e8237f868f379f973c5706925a49d | |
| parent | cfdd03f45e6afc632fbe70519250ec19167d6765 (diff) | |
Use has_privs_for_roles for predefined role checks: round 2
Similar to commit 6198420ad, replace is_member_of_role with
has_privs_for_role for predefined role access checks in recently
committed basebackup code. In passing fix a double-word error
in a nearby comment.
Discussion: https://postgr.es/m/flat/CAGB+Vh4Zv_TvKt2tv3QNS6tUM_F_9icmuj0zjywwcgVi4PAhFA@mail.gmail.com
| -rw-r--r-- | contrib/basebackup_to_shell/basebackup_to_shell.c | 4 | ||||
| -rw-r--r-- | doc/src/sgml/ref/pg_basebackup.sgml | 2 | ||||
| -rw-r--r-- | src/backend/replication/basebackup_server.c | 4 |
3 files changed, 5 insertions, 5 deletions
diff --git a/contrib/basebackup_to_shell/basebackup_to_shell.c b/contrib/basebackup_to_shell/basebackup_to_shell.c index d82cb6d13f..f0ddef1987 100644 --- a/contrib/basebackup_to_shell/basebackup_to_shell.c +++ b/contrib/basebackup_to_shell/basebackup_to_shell.c @@ -90,7 +90,7 @@ _PG_init(void) } /* - * We choose to defer sanity sanity checking until shell_get_sink(), and so + * We choose to defer sanity checking until shell_get_sink(), and so * just pass the target detail through without doing anything. However, we do * permissions checks here, before any real work has been done. */ @@ -103,7 +103,7 @@ shell_check_detail(char *target, char *target_detail) StartTransactionCommand(); roleid = get_role_oid(shell_required_role, true); - if (!is_member_of_role(GetUserId(), roleid)) + if (!has_privs_of_role(GetUserId(), roleid)) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), errmsg("permission denied to use basebackup_to_shell"))); diff --git a/doc/src/sgml/ref/pg_basebackup.sgml b/doc/src/sgml/ref/pg_basebackup.sgml index 82f5f60625..6468f45cf3 100644 --- a/doc/src/sgml/ref/pg_basebackup.sgml +++ b/doc/src/sgml/ref/pg_basebackup.sgml @@ -237,7 +237,7 @@ PostgreSQL documentation <literal>server:/some/path</literal>, the backup will be stored on the machine where the server is running in the <literal>/some/path</literal> directory. Storing a backup on the - server requires superuser privileges or being granted the + server requires superuser privileges or having privileges of the <literal>pg_write_server_files</literal> role. If the target is set to <literal>blackhole</literal>, the contents are discarded and not stored anywhere. This should only be used for testing purposes, as you diff --git a/src/backend/replication/basebackup_server.c b/src/backend/replication/basebackup_server.c index a878629668..bc16897b33 100644 --- a/src/backend/replication/basebackup_server.c +++ b/src/backend/replication/basebackup_server.c @@ -69,10 +69,10 @@ bbsink_server_new(bbsink *next, char *pathname) /* Replication permission is not sufficient in this case. */ StartTransactionCommand(); - if (!is_member_of_role(GetUserId(), ROLE_PG_WRITE_SERVER_FILES)) + if (!has_privs_of_role(GetUserId(), ROLE_PG_WRITE_SERVER_FILES)) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), - errmsg("must be superuser or a member of the pg_write_server_files role to create server backup"))); + errmsg("must be superuser or a role with privileges of the pg_write_server_files role to create server backup"))); CommitTransactionCommand(); /* |