On 5/11/21 11:37 AM, Bruce Momjian wrote:
> On Tue, May 11, 2021 at 11:26:48AM -0400, Joe Conway wrote:
>> On 5/11/21 11:11 AM, Bruce Momjian wrote:
>> > > Previously existence of such columns were ignored when caller had table
>> > > level privileges.
>> >
>> > I can't reproduce the NULL using column name text:
>>
>> > test=> SELECT has_column_privilege('test', 'z', 'SELECT');
>> > ERROR: column "z" of relation "test" does not exist
>>
>> That is the way it is supposed to work when the column is specified by name.
>> The patch did not change that in any way.
>
> I am just confused why attribute numbers are handled differently than
> attribute names.
I am not entirely sure, but that boat sailed a long time ago and really
has nothing to do with this patch ;-)
This is the code comment that predates the patch but is the reason
behind the change:
------------
/*
* has_any_column_privilege variants
* These are all named "has_any_column_privilege" at the SQL level.
* They take various combinations of relation name, relation OID,
* user name, user OID, or implicit user = current_user.
*
* The result is a boolean value: true if user has the indicated
* privilege for any column of the table, false if not. The variants
* that take a relation OID return NULL if the OID doesn't exist.
*/
------------
The patch made that last sentence true in the corner cases.
Joe
--
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development
