risingwave_frontend/expr/function_impl/
pg_table_is_visible.rs

1// Copyright 2025 RisingWave Labs
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15use risingwave_common::session_config::SearchPath;
16use risingwave_expr::{Result, capture_context, function};
17
18use super::context::{AUTH_CONTEXT, CATALOG_READER, DB_NAME, SEARCH_PATH, USER_INFO_READER};
19use crate::catalog::CatalogReader;
20use crate::catalog::system_catalog::is_system_catalog;
21use crate::expr::function_impl::has_privilege::user_not_found_err;
22use crate::session::AuthContext;
23use crate::user::user_service::UserInfoReader;
24
25#[function("pg_table_is_visible(int4) -> boolean")]
26fn pg_table_is_visible(oid: i32) -> Result<Option<bool>> {
27    pg_table_is_visible_impl_captured(oid)
28}
29
30#[capture_context(CATALOG_READER, USER_INFO_READER, AUTH_CONTEXT, SEARCH_PATH, DB_NAME)]
31fn pg_table_is_visible_impl(
32    catalog: &CatalogReader,
33    user_info: &UserInfoReader,
34    auth_context: &AuthContext,
35    search_path: &SearchPath,
36    db_name: &str,
37    oid: i32,
38) -> Result<Option<bool>> {
39    // To maintain consistency with PostgreSQL, we ensure that system catalogs are always visible.
40    if is_system_catalog(oid as u32) {
41        return Ok(Some(true));
42    }
43
44    let catalog_reader = catalog.read_guard();
45    let user_reader = user_info.read_guard();
46    let user_info = user_reader
47        .get_user_by_name(&auth_context.user_name)
48        .ok_or(user_not_found_err(
49            format!("User {} not found", auth_context.user_name).as_str(),
50        ))?;
51    // Return true only if:
52    // 1. The schema of the object exists in the search path.
53    // 2. User have `USAGE` privilege on the schema.
54    for schema in search_path.path() {
55        if let Ok(schema) = catalog_reader.get_schema_by_name(db_name, schema)
56            && schema.contains_object(oid as u32)
57        {
58            return if user_info.is_super || user_info.has_schema_usage_privilege(schema.id()) {
59                Ok(Some(true))
60            } else {
61                Ok(Some(false))
62            };
63        }
64    }
65
66    Ok(None)
67}