Add test around grant permissions and accessing registered tables

2019-11-05 18:07:11 +01:00
parent e6f07d4f96
commit e98b18fd25
4 changed files with 113 additions and 7 deletions
--- a/scripts-available/CDB_FederatedServer.sql
+++ b/scripts-available/CDB_FederatedServer.sql
@@ -357,7 +357,14 @@ BEGIN
    IF (db_role IS NULL) THEN
        RAISE EXCEPTION 'User role "%" cannot be NULL', username;
    END IF;
-    EXECUTE format('GRANT %I TO %I', server_role_name, db_role);
+    BEGIN
+        EXECUTE format('GRANT %I TO %I', server_role_name, db_role);
+    EXCEPTION
+    WHEN insufficient_privilege THEN
+        RAISE EXCEPTION 'You do not have rights to grant access on "%"', server;
+    WHEN OTHERS THEN
+        RAISE EXCEPTION 'Could not grant access on "%" to "%": %', server, db_role, SQLERRM;
+    END;
 END
 $$
 LANGUAGE PLPGSQL VOLATILE PARALLEL UNSAFE;
@@ -375,7 +382,14 @@ BEGIN
    IF (db_role IS NULL) THEN
        RAISE EXCEPTION 'User role "%" cannot be NULL', username;
    END IF;
-    EXECUTE format('REVOKE %I FROM %I', server_role_name, db_role);
+    BEGIN
+        EXECUTE format('REVOKE %I FROM %I', server_role_name, db_role);
+    EXCEPTION
+    WHEN insufficient_privilege THEN
+        RAISE EXCEPTION 'You do not have rights to revoke access on "%"', server;
+    WHEN OTHERS THEN
+        RAISE EXCEPTION 'Could not revoke access on "%" to "%": %', server, db_role, SQLERRM;
+    END;
 END
 $$
 LANGUAGE PLPGSQL VOLATILE PARALLEL UNSAFE;