Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to content

Commit 7967d10

Browse files
Remove redundant privilege check from pg_sequences system view.
This commit adjusts pg_sequence_last_value() to return NULL instead of ERROR-ing for sequences for which the current user lacks privileges. This allows us to remove the call to has_sequence_privilege() in the definition of the pg_sequences system view. Bumps catversion. Suggested-by: Michael Paquier Reviewed-by: Michael Paquier, Tom Lane Discussion: https://postgr.es/m/20240501005730.GA594666%40nathanxps13
1 parent 1afe31f commit 7967d10

File tree

4 files changed

+7
-18
lines changed

4 files changed

+7
-18
lines changed

src/backend/catalog/system_views.sql

+1-5
Original file line numberDiff line numberDiff line change
@@ -176,11 +176,7 @@ CREATE VIEW pg_sequences AS
176176
S.seqincrement AS increment_by,
177177
S.seqcycle AS cycle,
178178
S.seqcache AS cache_size,
179-
CASE
180-
WHEN has_sequence_privilege(C.oid, 'SELECT,USAGE'::text)
181-
THEN pg_sequence_last_value(C.oid)
182-
ELSE NULL
183-
END AS last_value
179+
pg_sequence_last_value(C.oid) AS last_value
184180
FROM pg_sequence S JOIN pg_class C ON (C.oid = S.seqrelid)
185181
LEFT JOIN pg_namespace N ON (N.oid = C.relnamespace)
186182
WHERE NOT pg_is_other_temp_schema(N.oid)

src/backend/commands/sequence.c

+4-8
Original file line numberDiff line numberDiff line change
@@ -1790,21 +1790,17 @@ pg_sequence_last_value(PG_FUNCTION_ARGS)
17901790
/* open and lock sequence */
17911791
init_sequence(relid, &elm, &seqrel);
17921792

1793-
if (pg_class_aclcheck(relid, GetUserId(), ACL_SELECT | ACL_USAGE) != ACLCHECK_OK)
1794-
ereport(ERROR,
1795-
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
1796-
errmsg("permission denied for sequence %s",
1797-
RelationGetRelationName(seqrel))));
1798-
17991793
/*
18001794
* We return NULL for other sessions' temporary sequences. The
18011795
* pg_sequences system view already filters those out, but this offers a
18021796
* defense against ERRORs in case someone invokes this function directly.
18031797
*
18041798
* Also, for the benefit of the pg_sequences view, we return NULL for
1805-
* unlogged sequences on standbys instead of throwing an error.
1799+
* unlogged sequences on standbys and for sequences for which the current
1800+
* user lacks privileges instead of throwing an error.
18061801
*/
1807-
if (!RELATION_IS_OTHER_TEMP(seqrel) &&
1802+
if (pg_class_aclcheck(relid, GetUserId(), ACL_SELECT | ACL_USAGE) == ACLCHECK_OK &&
1803+
!RELATION_IS_OTHER_TEMP(seqrel) &&
18081804
(RelationIsPermanent(seqrel) || !RecoveryInProgress()))
18091805
{
18101806
Buffer buf;

src/include/catalog/catversion.h

+1-1
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,6 @@
5757
*/
5858

5959
/* yyyymmddN */
60-
#define CATALOG_VERSION_NO 202407011
60+
#define CATALOG_VERSION_NO 202407012
6161

6262
#endif

src/test/regress/expected/rules.out

+1-4
Original file line numberDiff line numberDiff line change
@@ -1700,10 +1700,7 @@ pg_sequences| SELECT n.nspname AS schemaname,
17001700
s.seqincrement AS increment_by,
17011701
s.seqcycle AS cycle,
17021702
s.seqcache AS cache_size,
1703-
CASE
1704-
WHEN has_sequence_privilege(c.oid, 'SELECT,USAGE'::text) THEN pg_sequence_last_value((c.oid)::regclass)
1705-
ELSE NULL::bigint
1706-
END AS last_value
1703+
pg_sequence_last_value((c.oid)::regclass) AS last_value
17071704
FROM ((pg_sequence s
17081705
JOIN pg_class c ON ((c.oid = s.seqrelid)))
17091706
LEFT JOIN pg_namespace n ON ((n.oid = c.relnamespace)))

0 commit comments

Comments
 (0)