Greetings, * Magnus Hagander (mag...@hagander.net) wrote: > On Mon, Apr 20, 2020 at 12:43 PM Andrey M. Borodin <x4...@yandex-team.ru> > wrote: > > > 16 апр. 2020 г., в 17:46, Magnus Hagander <mag...@hagander.net> > > написал(а): > > > If we do that, it may be better that we define "PGSTAT_VIEW_PRIV()" or > > > something like and replace the all occurances of the idiomatic > > > condition with it. > > > > > > You mean something like the attached? > > > > > > <allow_read_all_stats3.diff> > > > > Is it correct that we use DEFAULT_ROLE_READ_ALL_STATS regardless of > > inheritance? I'm not familiar with what is inherited and what is not, so I > > think it's better to ask explicitly. > > > > +#define HAS_PGSTAT_PERMISSIONS(role) (is_member_of_role(GetUserId(), > > DEFAULT_ROLE_READ_ALL_STATS) || has_privs_of_role(GetUserId(), role)) > > It is consistent with all the other uses of DEFAULT_ROLE_READ_ALL_STATS > that I can find.
Ugh. That doesn't make it correct though.. We really should be using has_privs_of_role() for these cases (and that goes for all of the default role cases- some of which are correct and others are not, it seems). Thanks, Stephen
signature.asc
Description: PGP signature