Provide a sequence for "permission_target"

It is an improvement to have generated primary keys. Idea by Srikanth Medikonda.
cybertec-postgresql · May 3, 2019 · 0038773 · 0038773
1 parent 6aea80c
commit 0038773
Show file tree

Hide file tree

Showing 7 changed files with 526 additions and 75 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1 +1,2 @@
 results
+regression.*
diff --git a/README.md b/README.md
@@ -18,35 +18,35 @@ Let's assume we have a schema `appschema`, and `appuser` should have
 views in that schema:
 
     INSERT INTO public.permission_target
-       (id, role_name, permissions,
+       (role_name, permissions,
         object_type, schema_name)
     VALUES
-       (1, 'appuser', '{SELECT,INSERT,UPDATE,DELETE}',
+       ('appuser', '{SELECT,INSERT,UPDATE,DELETE}',
         'TABLE', 'appschema');
     INSERT INTO public.permission_target
-       (id, role_name, permissions,
+       (role_name, permissions,
         object_type, schema_name)
     VALUES
-       (2, 'appuser', '{SELECT,INSERT,UPDATE,DELETE}',
+       ('appuser', '{SELECT,INSERT,UPDATE,DELETE}',
         'VIEW', 'appschema');
 
 Of course, the user will need the `USAGE` privilege on the schema:
 
     INSERT INTO public.permission_target
-       (id, role_name, permissions,i
+       (role_name, permissions,i
         object_type, schema_name)
     VALUES
-       (3, 'appuser', '{USAGE}',
+       ('appuser', '{USAGE}',
         'SCHEMA', 'appschema');
 
 The user also needs `USAGE` privileges on the `appseq` sequence in
 that schema:
 
     INSERT INTO public.permission_target
-       (id, role_name, permissions,
+       (role_name, permissions,
         object_type, schema_name, object_name)
     VALUES
-       (4, 'appuser', '{USAGE}',
+       ('appuser', '{USAGE}',
         'SEQUENCE', 'appschema', 'appseq');
 
 Now we can review which permissions are missing and which additional

diff --git a/expected/sample.out b/expected/sample.out
@@ -6,14 +6,14 @@ CREATE ROLE user2 LOGIN IN ROLE users;
 /* database */
 -- desired permissions
 INSERT INTO permission_target
-   (id, role_name, permissions, object_type, schema_name, object_name, column_name)
-VALUES (1, 'users', ARRAY['CONNECT','TEMPORARY']::perm_type[], 'DATABASE', NULL, NULL, NULL),
-       (2, 'user1', ARRAY['CONNECT','TEMPORARY']::perm_type[], 'DATABASE', NULL, NULL, NULL),
-       (3, 'user2', ARRAY['CONNECT','TEMPORARY']::perm_type[], 'DATABASE', NULL, NULL, NULL);
+   (role_name, permissions, object_type, schema_name, object_name, column_name)
+VALUES ('users', ARRAY['CONNECT','TEMPORARY']::perm_type[], 'DATABASE', NULL, NULL, NULL),
+       ('user1', ARRAY['CONNECT','TEMPORARY']::perm_type[], 'DATABASE', NULL, NULL, NULL),
+       ('user2', ARRAY['CONNECT','TEMPORARY']::perm_type[], 'DATABASE', NULL, NULL, NULL);
 -- this should fail
 INSERT INTO permission_target
-   (id, role_name, permissions, object_type, schema_name, object_name, column_name)
-VALUES (4, 'user2', ARRAY['CREATE']::perm_type[], 'DATABASE', 'public', NULL, NULL);
+   (role_name, permissions, object_type, schema_name, object_name, column_name)
+VALUES ('user2', ARRAY['CREATE']::perm_type[], 'DATABASE', 'public', NULL, NULL);
 ERROR:  new row for relation "permission_target" violates check constraint "permission_target_valid"
 DETAIL:  Failing row contains (4, user2, {CREATE}, DATABASE, public, null, null).
 -- actual permissions
@@ -23,14 +23,14 @@ GRANT CREATE ON DATABASE contrib_regression TO user2; -- too much
 /* schema */
 -- desired permissions
 INSERT INTO permission_target
-   (id, role_name, permissions, object_type, schema_name, object_name, column_name)
-VALUES (5, 'users', ARRAY['USAGE']::perm_type[], 'SCHEMA', 'appschema', NULL, NULL),
-       (6, 'user1', ARRAY['USAGE','CREATE']::perm_type[], 'SCHEMA', 'appschema', NULL, NULL),
-       (7, 'user2', ARRAY['USAGE']::perm_type[], 'SCHEMA', 'appschema', NULL, NULL);
+   (role_name, permissions, object_type, schema_name, object_name, column_name)
+VALUES ('users', ARRAY['USAGE']::perm_type[], 'SCHEMA', 'appschema', NULL, NULL),
+       ('user1', ARRAY['USAGE','CREATE']::perm_type[], 'SCHEMA', 'appschema', NULL, NULL),
+       ('user2', ARRAY['USAGE']::perm_type[], 'SCHEMA', 'appschema', NULL, NULL);
 -- this should fail
 INSERT INTO permission_target
-   (id, role_name, permissions, object_type, schema_name, object_name, column_name)
-VALUES (8, 'user2', ARRAY['CREATE']::perm_type[], 'SCHEMA', 'appschema', 'sometable', NULL);
+   (role_name, permissions, object_type, schema_name, object_name, column_name)
+VALUES ('user2', ARRAY['CREATE']::perm_type[], 'SCHEMA', 'appschema', 'sometable', NULL);
 ERROR:  new row for relation "permission_target" violates check constraint "permission_target_valid"
 DETAIL:  Failing row contains (8, user2, {CREATE}, SCHEMA, appschema, sometable, null).
 -- actual permissions
@@ -40,13 +40,13 @@ GRANT CREATE ON SCHEMA appschema TO user2; -- too much
 /* table */
 -- desired permissions
 INSERT INTO permission_target
-   (id, role_name, permissions, object_type, schema_name, object_name, column_name)
-VALUES (9,  'user1', ARRAY['SELECT','INSERT','UPDATE','DELETE']::perm_type[], 'TABLE', 'appschema', NULL, NULL),
-       (10, 'user2', ARRAY['SELECT']::perm_type[], 'TABLE', 'appschema', NULL, NULL);
+   (role_name, permissions, object_type, schema_name, object_name, column_name)
+VALUES ('user1', ARRAY['SELECT','INSERT','UPDATE','DELETE']::perm_type[], 'TABLE', 'appschema', NULL, NULL),
+       ('user2', ARRAY['SELECT']::perm_type[], 'TABLE', 'appschema', NULL, NULL);
 -- this should fail
 INSERT INTO permission_target
-   (id, role_name, permissions, object_type, schema_name, object_name, column_name)
-VALUES (11, 'user2', ARRAY['INSERT']::perm_type[], 'TABLE', 'appschema', 'apptable', 'acolumn');
+   (role_name, permissions, object_type, schema_name, object_name, column_name)
+VALUES ('user2', ARRAY['INSERT']::perm_type[], 'TABLE', 'appschema', 'apptable', 'acolumn');
 ERROR:  new row for relation "permission_target" violates check constraint "permission_target_valid"
 DETAIL:  Failing row contains (11, user2, {INSERT}, TABLE, appschema, apptable, acolumn).
 -- actual permissions
@@ -65,12 +65,12 @@ GRANT SELECT, INSERT ON appschema.apptable TO user2; -- extra privilege INSERT
 /* column */
 -- desired permissions
 INSERT INTO permission_target
-   (id, role_name, permissions, object_type, schema_name, object_name, column_name)
-VALUES (12, 'user1', ARRAY['SELECT','INSERT','UPDATE','REFERENCES']::perm_type[], 'COLUMN', 'appschema', 'apptable2', 'val');
+   (role_name, permissions, object_type, schema_name, object_name, column_name)
+VALUES ('user1', ARRAY['SELECT','INSERT','UPDATE','REFERENCES']::perm_type[], 'COLUMN', 'appschema', 'apptable2', 'val');
 -- this should fail
 INSERT INTO permission_target
-   (id, role_name, permissions, object_type, schema_name, object_name, column_name)
-VALUES (13, 'user2', ARRAY['DELETE']::perm_type[], 'COLUMN', 'appschema', 'apptable2', 'val');
+   (role_name, permissions, object_type, schema_name, object_name, column_name)
+VALUES ('user2', ARRAY['DELETE']::perm_type[], 'COLUMN', 'appschema', 'apptable2', 'val');
 ERROR:  new row for relation "permission_target" violates check constraint "permission_target_valid"
 DETAIL:  Failing row contains (13, user2, {DELETE}, COLUMN, appschema, apptable2, val).
 -- actual permissions
@@ -79,9 +79,9 @@ GRANT UPDATE (val) ON appschema.apptable2 TO user2; -- extra privilege UPDATE
 /* view */
 -- desired permissions
 INSERT INTO permission_target
-   (id, role_name, permissions, object_type, schema_name, object_name, column_name)
-VALUES (14, 'user1', ARRAY['SELECT','INSERT','UPDATE','DELETE']::perm_type[], 'VIEW', 'appschema', 'appview', NULL),
-       (15, 'user2', ARRAY['SELECT']::perm_type[], 'VIEW', 'appschema', 'appview', NULL);
+   (role_name, permissions, object_type, schema_name, object_name, column_name)
+VALUES ('user1', ARRAY['SELECT','INSERT','UPDATE','DELETE']::perm_type[], 'VIEW', 'appschema', 'appview', NULL),
+       ('user2', ARRAY['SELECT']::perm_type[], 'VIEW', 'appschema', 'appview', NULL);
 -- actual permissions
 CREATE VIEW appschema.appview AS
 SELECT id, val FROM appschema.apptable;
@@ -90,24 +90,24 @@ GRANT INSERT, DELETE ON appschema.appview TO user1; -- missing UPDATE
 /* sequence */
 -- desired permissions
 INSERT INTO permission_target
-   (id, role_name, permissions, object_type, schema_name, object_name, column_name)
-VALUES (16, 'users', ARRAY['USAGE']::perm_type[], 'SEQUENCE', 'appschema', 'appseq', NULL),
-       (17, 'user1', ARRAY['USAGE','SELECT']::perm_type[], 'SEQUENCE', 'appschema', 'appseq', NULL),
-       (18, 'user2', ARRAY['USAGE']::perm_type[], 'SEQUENCE', 'appschema', 'appseq', NULL);
+   (role_name, permissions, object_type, schema_name, object_name, column_name)
+VALUES ('users', ARRAY['USAGE']::perm_type[], 'SEQUENCE', 'appschema', 'appseq', NULL),
+       ('user1', ARRAY['USAGE','SELECT']::perm_type[], 'SEQUENCE', 'appschema', 'appseq', NULL),
+       ('user2', ARRAY['USAGE']::perm_type[], 'SEQUENCE', 'appschema', 'appseq', NULL);
 -- actual permissions
 CREATE SEQUENCE appschema.appseq;
 GRANT USAGE ON SEQUENCE appschema.appseq TO users; -- missing SELECT for user1
 GRANT UPDATE ON SEQUENCE appschema.appseq TO user2; -- extra permission UPDATE
 /* function */
 -- desired permissions
 INSERT INTO permission_target
-   (id, role_name, permissions, object_type, schema_name, object_name, column_name)
-VALUES (19, 'user1', ARRAY['EXECUTE']::perm_type[], 'FUNCTION', 'appschema', 'appfun(integer)', NULL),
-       (20, 'user2', ARRAY['EXECUTE']::perm_type[], 'FUNCTION', 'appschema', 'appfun(integer)', NULL);
+   (role_name, permissions, object_type, schema_name, object_name, column_name)
+VALUES ('user1', ARRAY['EXECUTE']::perm_type[], 'FUNCTION', 'appschema', 'appfun(integer)', NULL),
+       ('user2', ARRAY['EXECUTE']::perm_type[], 'FUNCTION', 'appschema', 'appfun(integer)', NULL);
 -- this should fail
 INSERT INTO permission_target
-   (id, role_name, permissions, object_type, schema_name, object_name, column_name)
-VALUES (21, 'users', ARRAY['UPDATE']::perm_type[], 'FUNCTION', 'appschema', 'appfun(integer)', NULL);
+   (role_name, permissions, object_type, schema_name, object_name, column_name)
+VALUES ('users', ARRAY['UPDATE']::perm_type[], 'FUNCTION', 'appschema', 'appfun(integer)', NULL);
 ERROR:  new row for relation "permission_target" violates check constraint "permission_target_valid"
 DETAIL:  Failing row contains (21, users, {UPDATE}, FUNCTION, appschema, appfun(integer), null).
 -- actual permissions

diff --git a/pg_permissions--1.1--1.2.sql b/pg_permissions--1.1--1.2.sql
@@ -0,0 +1,10 @@
+-- complain if script is sourced in psql, rather than via CREATE EXTENSION
+\echo Use "ALTER EXTENSION pg_permissions UPDATE" to load this file. \quit
+
+CREATE SEQUENCE permission_target_id_seq OWNED BY permission_target.id;
+ALTER TABLE permission_target ALTER id
+   SET DEFAULT nextval('permission_target_id_seq'::regclass);
+
+GRANT USAGE ON SEQUENCE permission_target_id_seq TO PUBLIC;
+
+SELECT pg_catalog.pg_extension_config_dump('permission_target_id_seq', '');