Merge pull request #2218 from citusdata/fix/session-user

refactor grantee serialization for reuse
2018-06-14 12:49:54 +02:00 · 2018-06-14 12:49:54 +02:00 · 1c36ade64d
parent 95e546ba5f 73efcb22c4
commit 1c36ade64d
2 changed files with 43 additions and 17 deletions
--- a/src/backend/distributed/executor/multi_utility.c
+++ b/src/backend/distributed/executor/multi_utility.c
@ -3514,7 +3514,7 @@ PlanGrantStmt(GrantStmt *grantStmt)
 		}
 	}

-	/* deparse the privileges */
+	/* deparse the grantees */
 	isFirst = true;
 	foreach(granteeCell, grantStmt->grantees)
 	{
@ -3526,22 +3526,7 @@ PlanGrantStmt(GrantStmt *grantStmt)
 		}
 		isFirst = false;

-		if (spec->roletype == ROLESPEC_CSTRING)
-		{
-			appendStringInfoString(&granteesString, quote_identifier(spec->rolename));
-		}
-		else if (spec->roletype == ROLESPEC_CURRENT_USER)
-		{
-			appendStringInfoString(&granteesString, "CURRENT_USER");
-		}
-		else if (spec->roletype == ROLESPEC_SESSION_USER)
-		{
-			appendStringInfoString(&granteesString, "SESSION_USER");
-		}
-		else if (spec->roletype == ROLESPEC_PUBLIC)
-		{
-			appendStringInfoString(&granteesString, "PUBLIC");
-		}
+		appendStringInfoString(&granteesString, RoleSpecString(spec));
 	}

 	/*
@ -3671,6 +3656,46 @@ CollectGrantTableIdList(GrantStmt *grantStmt)
 }


+/*
+ * RoleSpecString resolves the role specification to its string form that is suitable for transport to a worker node.
+ * This function resolves the following identifiers from the current context so they are safe to transfer.
+ *
+ * CURRENT_USER - resolved to the user name of the current role being used
+ * SESSION_USER - resolved to the user name of the user that opened the session
+ */
+const char *
+RoleSpecString(RoleSpec *spec)
+{
+	switch (spec->roletype)
+	{
+		case ROLESPEC_CSTRING:
+		{
+			return quote_identifier(spec->rolename);
+		}
+
+		case ROLESPEC_CURRENT_USER:
+		{
+			return quote_identifier(GetUserNameFromId(GetUserId(), false));
+		}
+
+		case ROLESPEC_SESSION_USER:
+		{
+			return quote_identifier(GetUserNameFromId(GetSessionUserId(), false));
+		}
+
+		case ROLESPEC_PUBLIC:
+		{
+			return "PUBLIC";
+		}
+
+		default:
+		{
+			elog(ERROR, "unexpected role type %d", spec->roletype);
+		}
+	}
+}
+
+
 /*
 * ProcessDropTableStmt processes DROP TABLE commands for partitioned tables.
 * If we are trying to DROP partitioned tables, we first need to go to MX nodes
--- a/src/include/distributed/multi_utility.h
+++ b/src/include/distributed/multi_utility.h
@ -50,5 +50,6 @@ extern void ErrorIfUnsupportedConstraint(Relation relation, char distributionMet
 extern Datum master_drop_all_shards(PG_FUNCTION_ARGS);
 extern Datum master_modify_multiple_shards(PG_FUNCTION_ARGS);

+extern const char * RoleSpecString(RoleSpec *spec);

 #endif /* MULTI_UTILITY_H */