risingwave_frontend/expr/function_impl/
pg_table_is_visible.rs

1// Copyright 2025 RisingWave Labs
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15use risingwave_common::id::ObjectId;
16use risingwave_common::session_config::SearchPath;
17use risingwave_expr::{Result, capture_context, function};
18
19use super::context::{AUTH_CONTEXT, CATALOG_READER, DB_NAME, SEARCH_PATH, USER_INFO_READER};
20use crate::catalog::CatalogReader;
21use crate::catalog::system_catalog::is_system_catalog;
22use crate::expr::function_impl::has_privilege::user_not_found_err;
23use crate::session::AuthContext;
24use crate::user::has_schema_usage_privilege;
25use crate::user::user_service::UserInfoReader;
26
27#[function("pg_table_is_visible(int4) -> boolean")]
28fn pg_table_is_visible(oid: i32) -> Result<Option<bool>> {
29    pg_table_is_visible_impl_captured(ObjectId::new(oid as _))
30}
31
32#[capture_context(CATALOG_READER, USER_INFO_READER, AUTH_CONTEXT, SEARCH_PATH, DB_NAME)]
33fn pg_table_is_visible_impl(
34    catalog: &CatalogReader,
35    user_info: &UserInfoReader,
36    auth_context: &AuthContext,
37    search_path: &SearchPath,
38    db_name: &str,
39    oid: ObjectId,
40) -> Result<Option<bool>> {
41    // To maintain consistency with PostgreSQL, we ensure that system catalogs are always visible.
42    if is_system_catalog(oid) {
43        return Ok(Some(true));
44    }
45
46    let catalog_reader = catalog.read_guard();
47    let user_reader = user_info.read_guard();
48    let user_info = user_reader
49        .get_user_by_name(&auth_context.user_name)
50        .ok_or(user_not_found_err(
51            format!("User {} not found", auth_context.user_name).as_str(),
52        ))?;
53    // Return true only if:
54    // 1. The schema of the object exists in the search path.
55    // 2. User have `USAGE` privilege on the schema.
56    for schema in search_path.path() {
57        if let Ok(schema) = catalog_reader.get_schema_by_name(db_name, schema)
58            && schema.contains_object(oid)
59        {
60            return if has_schema_usage_privilege(user_info, schema.id(), schema.owner) {
61                Ok(Some(true))
62            } else {
63                Ok(Some(false))
64            };
65        }
66    }
67
68    Ok(None)
69}