[bugfix] repair access a table through a synonym when no permissions

src/common/backend/catalog/namespace.cpp

@@ -305,6 +305,10 @@ Oid RangeVarGetRelidExtended(const RangeVar* relation, LOCKMODE lockmode, bool m
             if (isSupportSynonym) {
                 pfree_ext(errDetail);
                 errDetail = RelnameGetRelidExtended(relation->relname, &relId, refSynOid, detailInfo);
+                if (relId != NULL && OidIsValid(relId)) {
+                    Oid namespaceId = get_rel_namespace(relId);
+                    LookupExplicitNamespace(get_namespace_name(namespaceId));
+                }
             } else {
                 relId = RelnameGetRelid(relation->relname, detailInfo);
             }

src/test/regress/expected/synonym_permission.out

@@ -0,0 +1,86 @@
+drop database db_1138120;
+ERROR:  database "db_1138120" does not exist
+drop user user1_1138120;
+ERROR:  role "user1_1138120" does not exist
+drop user user2_1138120;
+ERROR:  role "user2_1138120" does not exist
+-- create database and user
+CREATE DATABASE db_1138120;
+\c db_1138120
+CREATE USER user1_1138120 PASSWORD 'Abc@1138120';
+grant all on database db_1138120 to user1_1138120;
+CREATE USER user2_1138120 PASSWORD 'Abc@1138120';
+grant all on database db_1138120 to user2_1138120;
+-- create synonym
+create or replace synonym user2_1138120.syn1_1138120 for user1_1138120.tab_1138120;
+-- \c - user1_1138120
+SET SESSION AUTHORIZATION user1_1138120 password 'Abc@1138120';
+create table tab_1138120 (id int,name text);
+insert into tab_1138120 values (1,'abc');
+select * from tab_1138120;
+ id | name 
+----+------
+  1 | abc
+(1 row)
+
+-- \c - user2_1138120
+-- no permission for table and schema
+SET SESSION AUTHORIZATION user2_1138120 password 'Abc@1138120';
+select * from user1_1138120.tab_1138120;
+ERROR:  permission denied for schema user1_1138120
+LINE 1: select * from user1_1138120.tab_1138120;
+                      ^
+DETAIL:  N/A
+select * from syn1_1138120;
+ERROR:  permission denied for schema user1_1138120
+LINE 1: select * from syn1_1138120;
+                      ^
+DETAIL:  N/A
+-- add table permission
+SET SESSION AUTHORIZATION user1_1138120 password 'Abc@1138120';
+grant all privileges on table tab_1138120 to user2_1138120;
+-- no permission for schema
+SET SESSION AUTHORIZATION user2_1138120 password 'Abc@1138120';
+select * from user1_1138120.tab_1138120;
+ERROR:  permission denied for schema user1_1138120
+LINE 1: select * from user1_1138120.tab_1138120;
+                      ^
+DETAIL:  N/A
+select * from syn1_1138120;
+ERROR:  permission denied for schema user1_1138120
+LINE 1: select * from syn1_1138120;
+                      ^
+DETAIL:  N/A
+-- add schema permission
+SET SESSION AUTHORIZATION user1_1138120 password 'Abc@1138120';
+grant usage on schema user1_1138120 to user2_1138120;
+-- have permission for schema and table, query success
+SET SESSION AUTHORIZATION user2_1138120 password 'Abc@1138120';
+select * from user1_1138120.tab_1138120;
+ id | name 
+----+------
+  1 | abc
+(1 row)
+
+select * from syn1_1138120;
+ id | name 
+----+------
+  1 | abc
+(1 row)
+
+-- revoke table permission
+SET SESSION AUTHORIZATION user1_1138120 password 'Abc@1138120';
+revoke all privileges on table tab_1138120 from user2_1138120;
+-- no table permission
+SET SESSION AUTHORIZATION user2_1138120 password 'Abc@1138120';
+select * from user1_1138120.tab_1138120;
+ERROR:  permission denied for relation tab_1138120
+DETAIL:  N/A
+select * from syn1_1138120;
+ERROR:  permission denied for relation tab_1138120
+DETAIL:  N/A
+--clear
+\c postgres
+drop database db_1138120;
+drop user user1_1138120;
+drop user user2_1138120;

src/test/regress/parallel_schedule0A

@@ -294,6 +294,7 @@ test: single_node_triggers
 # Synonym tests
 #test: single_node_synonym
 test: synonym_conflict_test
+test: synonym_permission
 
 # unsupported view tests
 test: single_node_unsupported_view

src/test/regress/sql/synonym_permission.sql

@@ -0,0 +1,48 @@
+drop database db_1138120;
+drop user user1_1138120;
+drop user user2_1138120;
+-- create database and user
+CREATE DATABASE db_1138120;
+\c db_1138120
+CREATE USER user1_1138120 PASSWORD 'Abc@1138120';
+grant all on database db_1138120 to user1_1138120;
+CREATE USER user2_1138120 PASSWORD 'Abc@1138120';
+grant all on database db_1138120 to user2_1138120;
+-- create synonym
+create or replace synonym user2_1138120.syn1_1138120 for user1_1138120.tab_1138120;
+-- \c - user1_1138120
+SET SESSION AUTHORIZATION user1_1138120 password 'Abc@1138120';
+create table tab_1138120 (id int,name text);
+insert into tab_1138120 values (1,'abc');
+select * from tab_1138120;
+-- \c - user2_1138120
+-- no permission for table and schema
+SET SESSION AUTHORIZATION user2_1138120 password 'Abc@1138120';
+select * from user1_1138120.tab_1138120;
+select * from syn1_1138120;
+-- add table permission
+SET SESSION AUTHORIZATION user1_1138120 password 'Abc@1138120';
+grant all privileges on table tab_1138120 to user2_1138120;
+-- no permission for schema
+SET SESSION AUTHORIZATION user2_1138120 password 'Abc@1138120';
+select * from user1_1138120.tab_1138120;
+select * from syn1_1138120;
+-- add schema permission
+SET SESSION AUTHORIZATION user1_1138120 password 'Abc@1138120';
+grant usage on schema user1_1138120 to user2_1138120;
+-- have permission for schema and table, query success
+SET SESSION AUTHORIZATION user2_1138120 password 'Abc@1138120';
+select * from user1_1138120.tab_1138120;
+select * from syn1_1138120;
+-- revoke table permission
+SET SESSION AUTHORIZATION user1_1138120 password 'Abc@1138120';
+revoke all privileges on table tab_1138120 from user2_1138120;
+-- no table permission
+SET SESSION AUTHORIZATION user2_1138120 password 'Abc@1138120';
+select * from user1_1138120.tab_1138120;
+select * from syn1_1138120;
+--clear
+\c postgres
+drop database db_1138120;
+drop user user1_1138120;
+drop user user2_1138120;