On Tue, Dec 06, 2022 at 11:47:50AM +0000, Dagfinn Ilmari Mannsåker wrote: > These checks are getting rather repetitive, how about a data-driven > approach, along the lines of the below patch? I'm not quite happy with > the naming of the struct and its members (and maybe it should be in a > header?), suggestions welcome.
+1. I wonder if we should also consider checking all the bits at once before we start checking for the predefined roles. I'm thinking of something a bit like this: role_mask = ACL_SELECT | ACL_INSERT | ACL_UPDATE | ACL_DELETE | ACL_VACUUM | ACL_ANALYZE; if (mask & role_mask != result & role_mask) { ... existing checks here ... } I'm skeptical this actually produces any measurable benefit, but presumably the predefined roles list will continue to grow, so maybe it's still worth adding a fast path. -- Nathan Bossart Amazon Web Services: https://aws.amazon.com