Re: Error messages on duplicate schema names

2021-01-19 Thread Michael Paquier 
On Tue, Jan 19, 2021 at 05:37:51PM -0300, Alvaro Herrera wrote:
> I guess you could make the case that the CCI call should be in the
> callers where we actually loop (SetDefaultACLsInSchemas,
> RemoveRoleFromObjectACL), but it's hard to get excited about the added
> clutter.

Yeah, that matches my thoughts.  And I did not see any harm in putting
the CCI in SetDefaultACL() even for the case of pg_default_acl with
DROP OWNED BY.  So applied and backpatched.  Thanks, Alvaro and
Andrus.
--
Michael


signature.asc
Description: PGP signature

Re: Error messages on duplicate schema names

2021-01-19 Thread Alvaro Herrera 
On 2021-Jan-15, Michael Paquier wrote:

> On Wed, Jan 06, 2021 at 07:15:24PM +0200, Andrus wrote:
> > Should duplicate schema names accepted or should their usage throw better
> > error messages.
> 
> This means that we are one call of CommandCounterIncrement() short for
> such queries, and similar safeguards already exist in this area for
> GRANT/REVOKE.  The spot where I would put this new CCI is at the end
> of SetDefaultACL(), like in the attached with a test added to
> privileges.sql.
> 
> Any thoughts from others?

Looks to match what we do in ExecGrant_Relation() et al, so +1.

I guess you could make the case that the CCI call should be in the
callers where we actually loop (SetDefaultACLsInSchemas,
RemoveRoleFromObjectACL), but it's hard to get excited about the added
clutter.

-- 
Álvaro Herrera   Valdivia, Chile

Re: Error messages on duplicate schema names

2021-01-14 Thread Michael Paquier 
On Wed, Jan 06, 2021 at 07:15:24PM +0200, Andrus wrote:
> Should duplicate schema names accepted or should their usage throw better
> error messages.

This means that we are one call of CommandCounterIncrement() short for
such queries, and similar safeguards already exist in this area for
GRANT/REVOKE.  The spot where I would put this new CCI is at the end
of SetDefaultACL(), like in the attached with a test added to
privileges.sql.

Any thoughts from others?
--
Michael
diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c
index 1a81e768ec..f3c1ca18ae 100644
--- a/src/backend/catalog/aclchk.c
+++ b/src/backend/catalog/aclchk.c
@@ -1365,6 +1365,9 @@ SetDefaultACL(InternalDefaultACL *iacls)
 		ReleaseSysCache(tuple);
 
 	table_close(rel, RowExclusiveLock);
+
+	/* prevent error when processing duplicate objects */
+	CommandCounterIncrement();
 }
 
 
diff --git a/src/test/regress/expected/privileges.out b/src/test/regress/expected/privileges.out
index 7754c20db4..5e5f98ac68 100644
--- a/src/test/regress/expected/privileges.out
+++ b/src/test/regress/expected/privileges.out
@@ -1649,7 +1649,8 @@ SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -
  f
 (1 row)
 
-ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT SELECT ON TABLES TO public;
+-- placeholder for test with duplicated schema and role names
+ALTER DEFAULT PRIVILEGES IN SCHEMA testns,testns GRANT SELECT ON TABLES TO public,public;
 SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- no
  has_table_privilege 
 -
diff --git a/src/test/regress/sql/privileges.sql b/src/test/regress/sql/privileges.sql
index 4911ad4add..fff76e0bd0 100644
--- a/src/test/regress/sql/privileges.sql
+++ b/src/test/regress/sql/privileges.sql
@@ -985,7 +985,8 @@ CREATE TABLE testns.acltest1 (x int);
 SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- no
 SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -- no
 
-ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT SELECT ON TABLES TO public;
+-- placeholder for test with duplicated schema and role names
+ALTER DEFAULT PRIVILEGES IN SCHEMA testns,testns GRANT SELECT ON TABLES TO public,public;
 
 SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- no
 SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -- no


signature.asc
Description: PGP signature

Error messages on duplicate schema names

2021-01-06 Thread Andrus 

Hi!

ALTER DEFAULT PRIVILEGES IN SCHEMA public,public   GRANT all ON TABLES 
TO testoig;


Throws strange error

Tuple already updated by self

In other case which I posted duplicate schema causes another strange error

duplicate key value violates unique constraint 
"pg_default_acl_role_nsp_obj_index"DETAIL: Key (defaclrole, 
defaclnamespace, defaclobjtype)=(30152, 186783649, r) already exists.


Should duplicate schema names accepted or should their usage throw 
better error messages.


Andrus.