Commit bb9145f7 authored by Stan Hu's avatar Stan Hu

Merge branch 'fix-postgresql-table-grant' into 'master'

Use has_table_privilege for TRIGGER on PostgreSQL

Closes #38634

See merge request gitlab-org/gitlab-ce!16618
parents 13330e05 15b92e7c
---
title: Use has_table_privilege for TRIGGER on PostgreSQL
merge_request:
author:
type: fixed
...@@ -12,10 +12,22 @@ module Gitlab ...@@ -12,10 +12,22 @@ module Gitlab
# Returns true if the current user can create and execute triggers on the # Returns true if the current user can create and execute triggers on the
# given table. # given table.
def self.create_and_execute_trigger?(table) def self.create_and_execute_trigger?(table)
priv =
if Database.postgresql? if Database.postgresql?
where(privilege_type: 'TRIGGER', table_name: table) # We _must not_ use quote_table_name as this will produce double
.where('grantee = user') # quotes on PostgreSQL and for "has_table_privilege" we need single
# quotes.
quoted_table = connection.quote(table)
begin
from(nil)
.pluck("has_table_privilege(#{quoted_table}, 'TRIGGER')")
.first
rescue ActiveRecord::StatementInvalid
# This error is raised when using a non-existing table name. In this
# case we just want to return false as a user technically can't
# create triggers for such a table.
false
end
else else
queries = [ queries = [
Grant.select(1) Grant.select(1)
...@@ -32,10 +44,8 @@ module Gitlab ...@@ -32,10 +44,8 @@ module Gitlab
union = SQL::Union.new(queries).to_sql union = SQL::Union.new(queries).to_sql
Grant.from("(#{union}) privs") Grant.from("(#{union}) privs").any?
end end
priv.any?
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment