Thread
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Make geometry cast functions error safe
- 45cdaf3665be 19 (unreleased) cited
-
[PATCH] Report column-level error when lacking privilege
Steve Chavez <steve@supabase.io> — 2026-03-30T01:07:31Z
Hello hackers, When a role `xx` has `grant select (name) on items to xx;`, a generic table-level error is given: select * from items; ERROR: permission denied for table items With this patch, we now give: select * from items; ERROR: permission denied for column "id" of relation "items" This only when the user has column-level privileges, if it doesn't have any the same regular table-level error is given. This makes the most sense and also keeps current tests mostly the same. * It also works for UPDATE and INSERT. * Clears the TODO mentioned on lines https://github.com/postgres/postgres/blob/45cdaf3665bedfbabb908bb84284f3db26781ad3/src/backend/executor/execMain.c#L691-L693 * This patch is on top of the patch mentioned on https://www.postgresql.org/message-id/CAGRrpzYP%2B3zEk__KZu-a5uWySfwgRFk6eoPXKrA5AdtBTXR%3Dng%40mail.gmail.com, which refactors the code to make it simpler to review. Best regards, Steve
-
Re: [PATCH] Report column-level error when lacking privilege
David G. Johnston <david.g.johnston@gmail.com> — 2026-03-30T03:34:56Z
On Sun, Mar 29, 2026 at 6:07 PM Steve Chavez <steve@supabase.io> wrote: > When a role `xx` has `grant select (name) on items to xx;`, a generic > table-level error is given: > > select * from items; > ERROR: permission denied for table items > > With this patch, we now give: > > select * from items; > ERROR: permission denied for column "id" of relation "items" > > Not too fond of picking one column as a representative for the error message. Better to say something like: ERROR: permission denied for column subset of table items Haven't looked but it should be doable to run a query for a given relation and role and report for each column whether a grant is available or not; which would be the one-stop shop for figuring out which columns at least don't have permissions granted. The user would still have to know which ones their query is actually using. David J.
-
Re: [PATCH] Report column-level error when lacking privilege
Ashutosh Bapat <ashutosh.bapat.oss@gmail.com> — 2026-03-30T15:21:40Z
Hi Steve, On Mon, Mar 30, 2026 at 6:37 AM Steve Chavez <steve@supabase.io> wrote: > > Hello hackers, > > When a role `xx` has `grant select (name) on items to xx;`, a generic table-level error is given: > > select * from items; > ERROR: permission denied for table items > > With this patch, we now give: > > select * from items; > ERROR: permission denied for column "id" of relation "items" > > This only when the user has column-level privileges, if it doesn't have any the same regular table-level error is given. This makes the most sense and also keeps current tests mostly the same. > > * It also works for UPDATE and INSERT. > * Clears the TODO mentioned on lines > https://github.com/postgres/postgres/blob/45cdaf3665bedfbabb908bb84284f3db26781ad3/src/backend/executor/execMain.c#L691-L693 > * This patch is on top of the patch mentioned on https://www.postgresql.org/message-id/CAGRrpzYP%2B3zEk__KZu-a5uWySfwgRFk6eoPXKrA5AdtBTXR%3Dng%40mail.gmail.com, which refactors the code to make it simpler to review. I had started on this some time ago [1], but couldn't finish it for the want of time. There are some suggestions from Nathan and Tom which may be applicable to you approach as well. I am fine if you would like to use my patches if those help. [1] https://www.postgresql.org/message-id/CAExHW5swFANiB9JmqRoGg_Rkr+M=qh+ci_zfOtQXFT+A=+jB-A@mail.gmail.com -- Best Wishes, Ashutosh Bapat