Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

move sql-only functions to plpgsql instead of using SPI #361

Merged
merged 2 commits into from
Nov 25, 2024
Merged

move sql-only functions to plpgsql instead of using SPI #361

merged 2 commits into from
Nov 25, 2024

Conversation

var77
Copy link
Collaborator

@var77 var77 commented Nov 20, 2024

No description provided.

@var77 var77 requested a review from Ngalstyan4 November 20, 2024 15:15
greptile-apps[bot]
greptile-apps bot reviewed Nov 20, 2024
View reviewed changes
Copy link

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR Summary

Hi! Looks like you've reached your API usage limit. You can increase it from your account settings page here: app.greptile.com/settings/usage

3 file(s) reviewed, no comment(s)
Edit PR Review Bot Settings | Greptile

Ngalstyan4
Ngalstyan4 reviewed Nov 20, 2024
View reviewed changes
lantern_extras/src/daemon.rs Outdated
CREATE OR REPLACE FUNCTION get_embedding_job_status(job_id INT)
RETURNS TABLE (status TEXT, progress SMALLINT, error TEXT)
STRICT IMMUTABLE PARALLEL SAFE
SECURITY DEFINER
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why do these need to be security definer?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the embedding jobs table is being created mostly by superusers and then when regular user tries to call the get_embedding_job_status or related function it does not have permission to read from the table.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can't we grant SELECT on the jobs table to PUBLIC instead?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you are correct, I did grant select to public already. Added tests to make sure that functions work without security definer.

@var77
remove unnecessarry security definer from functions where there is al…
121193c 
…ready grant select to public for underlying tables
@Ngalstyan4 Ngalstyan4 merged commit 944ed0c into main Nov 25, 2024
65 of 68 checks passed
@Ngalstyan4 Ngalstyan4 deleted the varik/lantern-extras-sql-functions branch November 25, 2024 07:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ngalstyan4 Ngalstyan4 Ngalstyan4 left review comments

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@var77 @Ngalstyan4