Only allow to modify roles on which the session user as admin_option #47
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rdunklau
force-pushed
the
rdunklau/prevent_random_role_changes
branch
from
3da9d2b to
d2087e3
Compare
rdunklau
force-pushed
the
rdunklau/prevent_random_role_changes
branch
from
d2087e3 to
a2bb2f3
Compare
jankatins
reviewed
May 16, 2024
| END IF; | ||
| WITH RECURSIVE tree AS ( | ||
| -- Start with the possibly admin_role | ||
| SELECT member AS base_role, roleid, admin_option, member FROM pg_auth_members |
There was a problem hiding this comment.
Shouldn't the WHERE base_role = session_user::regrole::oid be applied in the initial set? At least if I read this right, you start with all rows in pg_auth_members and then add even more rows to it by adding the rows again which have members, only to drop all rows which are not having the above condition.
rdunklau
force-pushed
the
rdunklau/prevent_random_role_changes
branch
from
1f675a5 to
01e145b
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Only checking that the user was not a superuser was fine, but with PG16 more granular philosophy of restricting operations on roles on which we have ADMIN membership, we should do the same here.