-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sql: RequireSuperUser() swallows errors #32662
Comments
Are you referring to this function? I'm not sure where
comes into play since |
@knz: to summarize discussions in #38124:
What is still unclear: if there is no error, but the result is false - what should normally happen? return no error, or same would it make sense to leave the same old |
that's not what I suggested. What I suggest is:
yes, and it's simple: func RequireSuperUser(n) error {
ok, err := IsSuperUser(n)
if err != nil {
return err
}
if !ok {
return InsufficientPrivilege
}
return nil
}
yes!
every time this code looks like this: if err := p.RequireSuperUser(ctx, "RESTORE"); err != nil {
return err
} (i.e. the code returns the error produced by Then you would not change it -- the code is meant to fail. What needs to change is code like this: if err := p.RequireSuperUser(ctx, "revoke role"); err != nil {
// Not a superuser: check permissions on each role.
allRoles, err := p.MemberOfWithAdminOption(ctx, p.User()) (i.e. the code ignores the error) In that case you'd change it to this: isSuperUser, err := p.IsSuperUser(ctx, "revoke role")
if err != nil {
return err
} else if !isSuperUser {
// Not a superuser: check permissions on each role.
allRoles, err := p.MemberOfWithAdminOption(ctx, p.User()) does this make sense? |
@knz, makes perfect sense, I will do it (unless someone manages to do it faster) |
Go ahead
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
|
38454: sql: require super user return status r=knz a=Gurio Resolves #32662 as discussed with @knz (hopefully correctly) First commit is taken from #38124 which helped to find all the necessary places where code should be changed I didn’t check if it builds with the last fix-commit, so please don’t review until TeamCity succeeds. Co-authored-by: Arseni Lapunov <re.stage00101@gmail.com>
Describe the problem
The function
RequiresSuperUser()
returnserr
both to indicate errors in the underlying logic / SQL queries, and to indicate the current user is not a superuser.Subsequently, callers that which simply to know whether the current user is an admin will test the error return and silently drop it on the floor if non-nil.
Instead the function should return
(bool, error)
with the boolean indicating the admin status.The text was updated successfully, but these errors were encountered: