From 39a584dc90324b7323424d7450df8586ab2a0ca1 Mon Sep 17 00:00:00 2001 From: Peter Eisentraut Date: Thu, 29 Jun 2023 09:14:55 +0200 Subject: [PATCH] Error message wording improvements --- src/backend/commands/user.c | 20 ++++++++++---------- src/backend/storage/ipc/signalfuncs.c | 4 ++-- src/backend/utils/init/postinit.c | 2 +- src/test/regress/expected/create_role.out | 14 +++++++------- 4 files changed, 20 insertions(+), 20 deletions(-) diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c index d63d3c58ca..6b42d4fc34 100644 --- a/src/backend/commands/user.c +++ b/src/backend/commands/user.c @@ -323,25 +323,25 @@ CreateRole(ParseState *pstate, CreateRoleStmt *stmt) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), errmsg("permission denied to create role"), - errdetail("Only roles with the %s attribute may create roles with %s.", + errdetail("Only roles with the %s attribute may create roles with the %s attribute.", "SUPERUSER", "SUPERUSER"))); if (createdb && !have_createdb_privilege()) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), errmsg("permission denied to create role"), - errdetail("Only roles with the %s attribute may create roles with %s.", + errdetail("Only roles with the %s attribute may create roles with the %s attribute.", "CREATEDB", "CREATEDB"))); if (isreplication && !has_rolreplication(currentUserId)) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), errmsg("permission denied to create role"), - errdetail("Only roles with the %s attribute may create roles with %s.", + errdetail("Only roles with the %s attribute may create roles with the %s attribute.", "REPLICATION", "REPLICATION"))); if (bypassrls && !has_bypassrls_privilege(currentUserId)) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), errmsg("permission denied to create role"), - errdetail("Only roles with the %s attribute may create roles with %s.", + errdetail("Only roles with the %s attribute may create roles with the %s attribute.", "BYPASSRLS", "BYPASSRLS"))); } @@ -758,7 +758,7 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), errmsg("permission denied to alter role"), - errdetail("Only roles with the %s attribute may alter roles with %s.", + errdetail("Only roles with the %s attribute may alter roles with the %s attribute.", "SUPERUSER", "SUPERUSER"))); if (!superuser() && dissuper) ereport(ERROR, @@ -1031,7 +1031,7 @@ AlterRoleSet(AlterRoleSetStmt *stmt) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), errmsg("permission denied to alter role"), - errdetail("Only roles with the %s attribute may alter roles with %s.", + errdetail("Only roles with the %s attribute may alter roles with the %s attribute.", "SUPERUSER", "SUPERUSER"))); } else @@ -1171,7 +1171,7 @@ DropRole(DropRoleStmt *stmt) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), errmsg("permission denied to drop role"), - errdetail("Only roles with the %s attribute may drop roles with %s.", + errdetail("Only roles with the %s attribute may drop roles with the %s attribute.", "SUPERUSER", "SUPERUSER"))); if (!is_admin_of_role(GetUserId(), roleid)) ereport(ERROR, @@ -1426,7 +1426,7 @@ RenameRole(const char *oldname, const char *newname) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), errmsg("permission denied to rename role"), - errdetail("Only roles with the %s attribute may rename roles with %s.", + errdetail("Only roles with the %s attribute may rename roles with the %s attribute.", "SUPERUSER", "SUPERUSER"))); } else @@ -2141,14 +2141,14 @@ check_role_membership_authorization(Oid currentUserId, Oid roleid, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), errmsg("permission denied to grant role \"%s\"", GetUserNameFromId(roleid, false)), - errdetail("Only roles with the %s attribute may grant roles with %s.", + errdetail("Only roles with the %s attribute may grant roles with the %s attribute.", "SUPERUSER", "SUPERUSER"))); else ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), errmsg("permission denied to revoke role \"%s\"", GetUserNameFromId(roleid, false)), - errdetail("Only roles with the %s attribute may revoke roles with %s.", + errdetail("Only roles with the %s attribute may revoke roles with the %s attribute.", "SUPERUSER", "SUPERUSER"))); } } diff --git a/src/backend/storage/ipc/signalfuncs.c b/src/backend/storage/ipc/signalfuncs.c index eabb68a9e1..94ae553b94 100644 --- a/src/backend/storage/ipc/signalfuncs.c +++ b/src/backend/storage/ipc/signalfuncs.c @@ -122,7 +122,7 @@ pg_cancel_backend(PG_FUNCTION_ARGS) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), errmsg("permission denied to cancel query"), - errdetail("Only roles with the %s attribute may cancel queries of roles with %s.", + errdetail("Only roles with the %s attribute may cancel queries of roles with the %s attribute.", "SUPERUSER", "SUPERUSER"))); if (r == SIGNAL_BACKEND_NOPERMISSION) @@ -228,7 +228,7 @@ pg_terminate_backend(PG_FUNCTION_ARGS) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), errmsg("permission denied to terminate process"), - errdetail("Only roles with the %s attribute may terminate processes of roles with %s.", + errdetail("Only roles with the %s attribute may terminate processes of roles with the %s attribute.", "SUPERUSER", "SUPERUSER"))); if (r == SIGNAL_BACKEND_NOPERMISSION) diff --git a/src/backend/utils/init/postinit.c b/src/backend/utils/init/postinit.c index 561bd13ed2..0f9b92b32e 100644 --- a/src/backend/utils/init/postinit.c +++ b/src/backend/utils/init/postinit.c @@ -946,7 +946,7 @@ InitPostgres(const char *in_dbname, Oid dboid, if (nfree < SuperuserReservedConnections) ereport(FATAL, (errcode(ERRCODE_TOO_MANY_CONNECTIONS), - errmsg("remaining connection slots are reserved for roles with %s", + errmsg("remaining connection slots are reserved for roles with the %s attribute", "SUPERUSER"))); if (!has_privs_of_role(GetUserId(), ROLE_PG_USE_RESERVED_CONNECTIONS)) diff --git a/src/test/regress/expected/create_role.out b/src/test/regress/expected/create_role.out index 5526e34a7f..7117e943c2 100644 --- a/src/test/regress/expected/create_role.out +++ b/src/test/regress/expected/create_role.out @@ -8,19 +8,19 @@ CREATE ROLE regress_role_normal; SET SESSION AUTHORIZATION regress_role_limited_admin; CREATE ROLE regress_nosuch_superuser SUPERUSER; ERROR: permission denied to create role -DETAIL: Only roles with the SUPERUSER attribute may create roles with SUPERUSER. +DETAIL: Only roles with the SUPERUSER attribute may create roles with the SUPERUSER attribute. CREATE ROLE regress_nosuch_replication_bypassrls REPLICATION BYPASSRLS; ERROR: permission denied to create role -DETAIL: Only roles with the REPLICATION attribute may create roles with REPLICATION. +DETAIL: Only roles with the REPLICATION attribute may create roles with the REPLICATION attribute. CREATE ROLE regress_nosuch_replication REPLICATION; ERROR: permission denied to create role -DETAIL: Only roles with the REPLICATION attribute may create roles with REPLICATION. +DETAIL: Only roles with the REPLICATION attribute may create roles with the REPLICATION attribute. CREATE ROLE regress_nosuch_bypassrls BYPASSRLS; ERROR: permission denied to create role -DETAIL: Only roles with the BYPASSRLS attribute may create roles with BYPASSRLS. +DETAIL: Only roles with the BYPASSRLS attribute may create roles with the BYPASSRLS attribute. CREATE ROLE regress_nosuch_createdb CREATEDB; ERROR: permission denied to create role -DETAIL: Only roles with the CREATEDB attribute may create roles with CREATEDB. +DETAIL: Only roles with the CREATEDB attribute may create roles with the CREATEDB attribute. -- ok, can create a role without any special attributes CREATE ROLE regress_role_limited; -- fail, can't give it in any of the restricted attributes @@ -71,7 +71,7 @@ NOTICE: SYSID can no longer be specified -- fail, cannot grant membership in superuser role CREATE ROLE regress_nosuch_super IN ROLE regress_role_super; ERROR: permission denied to grant role "regress_role_super" -DETAIL: Only roles with the SUPERUSER attribute may grant roles with SUPERUSER. +DETAIL: Only roles with the SUPERUSER attribute may grant roles with the SUPERUSER attribute. -- fail, database owner cannot have members CREATE ROLE regress_nosuch_dbowner IN ROLE pg_database_owner; ERROR: role "pg_database_owner" cannot have explicit members @@ -238,7 +238,7 @@ DROP ROLE regress_adminroles; -- fail, cannot drop ourself, nor superusers or roles we lack ADMIN for DROP ROLE regress_role_super; ERROR: permission denied to drop role -DETAIL: Only roles with the SUPERUSER attribute may drop roles with SUPERUSER. +DETAIL: Only roles with the SUPERUSER attribute may drop roles with the SUPERUSER attribute. DROP ROLE regress_role_admin; ERROR: current user cannot be dropped DROP ROLE regress_rolecreator;