Revert b2a459edf "Fix GRANTED BY support in REVOKE ROLE statements"

The reverted commit attempted to fix SQL specification compliance for
the cases which 6aaaa76bb left.  This however broke existing behavior
which takes precedence over spec compliance so revert. The introduced
tests are left after the revert since the codepath isn't well covered.
Per bug report 17346. Backpatch down to 14 where it was introduced.

Reported-by: Andrew Bille <andrewbille@gmail.com>
Discussion: https://postgr.es/m/17346-f72b28bd1a341060@postgresql.org

diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c
index c8c0dd0dd5368f9c6e6aa9ab18abf4f1207d23db..aa69821be496367a563a5eab9904762b03e5f813 100644 (file)
--- a/src/backend/commands/user.c
+++ b/src/backend/commands/user.c
@@ -1259,18 +1259,7 @@ GrantRole(GrantRoleStmt *stmt)
        ListCell   *item;
 
        if (stmt->grantor)
-       {
                grantor = get_rolespec_oid(stmt->grantor, false);
-
-               /*
-                * Currently, this clause is only for SQL compatibility, not very
-                * interesting otherwise.
-                */
-               if (grantor != GetUserId())
-                       ereport(ERROR,
-                                       (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
-                                        errmsg("grantor must be current user")));
-       }
        else
                grantor = GetUserId();
 

diff --git a/src/backend/parser/gram.y b/src/backend/parser/gram.y
index 3d4dd43e47bcdfea3de5869b5c429815a76c440f..2a319eecda0cd30dd79de6ff4f9ff0586b63f6ae 100644 (file)
--- a/src/backend/parser/gram.y
+++ b/src/backend/parser/gram.y
@@ -7284,7 +7284,6 @@ RevokeRoleStmt:
                                        n->admin_opt = false;
                                        n->granted_roles = $2;
                                        n->grantee_roles = $4;
-                                       n->grantor = $5;
                                        n->behavior = $6;
                                        $$ = (Node*)n;
                                }
@@ -7295,7 +7294,6 @@ RevokeRoleStmt:
                                        n->admin_opt = true;
                                        n->granted_roles = $5;
                                        n->grantee_roles = $7;
-                                       n->grantor = $8;
                                        n->behavior = $9;
                                        $$ = (Node*)n;
                                }

diff --git a/src/test/regress/expected/privileges.out b/src/test/regress/expected/privileges.out
index 0bc79be03d9fdcd7646c1fe10961d153016b3f7a..291e21d7a63cd462a53c76f99749a207e715ca1d 100644 (file)
--- a/src/test/regress/expected/privileges.out
+++ b/src/test/regress/expected/privileges.out
@@ -69,9 +69,7 @@ ALTER FUNCTION leak(integer,integer) OWNER TO regress_priv_user1;
 -- test owner privileges
 GRANT regress_priv_role TO regress_priv_user1 WITH ADMIN OPTION GRANTED BY CURRENT_ROLE;
 REVOKE ADMIN OPTION FOR regress_priv_role FROM regress_priv_user1 GRANTED BY foo; -- error
-ERROR:  role "foo" does not exist
 REVOKE ADMIN OPTION FOR regress_priv_role FROM regress_priv_user1 GRANTED BY regress_priv_user2; -- error
-ERROR:  grantor must be current user
 REVOKE ADMIN OPTION FOR regress_priv_role FROM regress_priv_user1 GRANTED BY CURRENT_USER;
 REVOKE regress_priv_role FROM regress_priv_user1 GRANTED BY CURRENT_ROLE;
 DROP ROLE regress_priv_role;