From 255fc96c0b636f0cd233425d5d02f513315e0ba6 Mon Sep 17 00:00:00 2001
From: ChangAo Chen <cca5507@qq.com>
Date: Wed, 8 Jan 2025 16:27:55 +0800
Subject: [PATCH] Fix a wrong errmsg in AlterRole().

---
 src/backend/commands/user.c | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c
index 266635d5e2..42fabc51dc 100644
--- a/src/backend/commands/user.c
+++ b/src/backend/commands/user.c
@@ -817,13 +817,22 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt)
 							   "BYPASSRLS", "BYPASSRLS")));
 	}
 
-	/* To add members to a role, you need ADMIN OPTION. */
+	/* To add/drop members to/from a role, you need ADMIN OPTION. */
 	if (drolemembers && !is_admin_of_role(currentUserId, roleid))
-		ereport(ERROR,
-				(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
-				 errmsg("permission denied to alter role"),
-				 errdetail("Only roles with the %s option on role \"%s\" may add members.",
-						   "ADMIN", rolename)));
+	{
+		if (stmt->action == +1)
+			ereport(ERROR,
+					(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+					 errmsg("permission denied to alter role"),
+					 errdetail("Only roles with the %s option on role \"%s\" may add members.",
+							   "ADMIN", rolename)));
+		else if (stmt->action == -1)
+			ereport(ERROR,
+					(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+					 errmsg("permission denied to alter role"),
+					 errdetail("Only roles with the %s option on role \"%s\" may drop members.",
+							   "ADMIN", rolename)));
+	}
 
 	/* Convert validuntil to internal form */
 	if (dvalidUntil)
-- 
2.34.1