Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement database_privileges.list_direct RPC endpoint. #3750

Merged
merged 3 commits into from
Aug 13, 2024
Merged

Implement database_privileges.list_direct RPC endpoint. #3750

merged 3 commits into from
Aug 13, 2024

Conversation

Anish9901
Copy link
Member

Fixes #3662

Checklist

  • My pull request has a descriptive title (not a vague title like Update index.md).
  • My pull request targets the develop branch of the repository
  • My commit messages follow best practices.
  • My code follows the established code style of the repository.
  • I added tests for the changes I made (if applicable).
  • I added or updated documentation (if applicable).
  • I tried running the project locally and verified that there are no
    visible errors.

Developer Certificate of Origin

Developer Certificate of Origin 
Developer Certificate of Origin
Version 1.1

Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
1 Letterman Drive
Suite D4700
San Francisco, CA, 94129

Everyone is permitted to copy and distribute verbatim copies of this
license document, but changing it is not allowed.


Developer's Certificate of Origin 1.1

By making a contribution to this project, I certify that:

(a) The contribution was created in whole or in part by me and I
    have the right to submit it under the open source license
    indicated in the file; or

(b) The contribution is based upon previous work that, to the best
    of my knowledge, is covered under an appropriate open source
    license and I have the right under that license to submit that
    work with modifications, whether created in whole or in part
    by me, under the same open source license (unless I am
    permitted to submit under a different license), as indicated
    in the file; or

(c) The contribution was provided directly to me by some other
    person who certified (a), (b) or (c) and I have not modified
    it.

(d) I understand and agree that this project and the contribution
    are public and that a record of the contribution (including all
    personal information I submit with it, including my sign-off) is
    maintained indefinitely and may be redistributed consistent with
    this project or the open source license(s) involved.

@Anish9901
Copy link
Member Author

@pavish Assuming that owners are considered a direct role, I have made a slight tweak to the response suggested in the issue, the tweak being that the direct list would include either the direct privilege or the default privilege for the owning role.

  • Is this behavior beneficial in any way?
  • Should the response include a union of privileges for both the direct role as well as owning role?

@pavish
Copy link
Member

pavish commented Aug 12, 2024
edited
Loading

@Anish9901

I think it's fine to add the default privileges of the owning role to the response when acl is null.

Is this behavior beneficial in any way?

For the beta, based on the UX we have, this isn't required. We will have the owner information from get_basic which we'll use to display access. I see no harm in having it in the response though.

Should the response include a union of privileges for both the direct role as well as owning role?

This would make it more consistent but I don't think we need to do this for the beta.

pavish
pavish reviewed Aug 12, 2024
View reviewed changes
db/sql/00_msar.sql Outdated
pg_catalog.pg_roles AS pgr,
pg_catalog.pg_database AS pgd,
aclexplode(COALESCE(pgd.datacl, acldefault('d', pgd.datdba))) AS acl
WHERE pgd.oid=msar.get_db_oid(db_name) AND pgr.oid = acl.grantee AND pgr.rolname NOT LIKE 'pg_'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we require an additional call here?

We could use pgd.datname = db_name instead of pgd.oid=msar.get_db_oid(db_name).

@Anish9901 Anish9901 requested a review from mathemancer August 12, 2024 10:02
mathemancer
mathemancer approved these changes Aug 13, 2024
View reviewed changes
Copy link
Contributor

@mathemancer mathemancer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Really nice work, @Anish9901 !

@mathemancer mathemancer added this pull request to the merge queue Aug 13, 2024
Merged via the queue into develop with commit 4729b6f Aug 13, 2024
37 checks passed
@mathemancer mathemancer deleted the list_direct branch August 13, 2024 07:33
@kgodey kgodey added this to the Pre-beta test build #1 milestone Sep 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pavish pavish pavish left review comments

@mathemancer mathemancer mathemancer approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v0.2.0-testing.1
Development

Successfully merging this pull request may close these issues.

databases_privileges.list_direct
4 participants
@Anish9901 @pavish @mathemancer @kgodey