From fe3806c9064e5ae670c79d33d20313f0444a50cb Mon Sep 17 00:00:00 2001
From: Brent Moran <brentmoran@gmail.com>
Date: Mon, 7 Oct 2024 18:25:58 +0800
Subject: [PATCH] fix quoting for role grant/revoke expressions

---
 db/sql/00_msar.sql      |  4 ++--
 db/sql/test_00_msar.sql | 30 ++++++++++++++++++++++++++++++
 2 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/db/sql/00_msar.sql b/db/sql/00_msar.sql
index 78b37c80a5..709f314035 100644
--- a/db/sql/00_msar.sql
+++ b/db/sql/00_msar.sql
@@ -1196,7 +1196,7 @@ CREATE OR REPLACE FUNCTION
 msar.build_grant_membership_expr(parent_rol_id regrole, g_roles oid[]) RETURNS TEXT AS $$
 SELECT string_agg(
   format(
-    'GRANT %1$s TO %2$s',
+    'GRANT %1$I TO %2$I',
     msar.get_role_name(parent_rol_id),
     msar.get_role_name(rol_id)
   ),
@@ -1210,7 +1210,7 @@ CREATE OR REPLACE FUNCTION
 msar.build_revoke_membership_expr(parent_rol_id regrole, r_roles oid[]) RETURNS TEXT AS $$
 SELECT string_agg(
   format(
-    'REVOKE %1$s FROM %2$s',
+    'REVOKE %1$I FROM %2$I',
     msar.get_role_name(parent_rol_id),
     msar.get_role_name(rol_id)
   ),
diff --git a/db/sql/test_00_msar.sql b/db/sql/test_00_msar.sql
index 99c607f29c..b7b4db3bb4 100644
--- a/db/sql/test_00_msar.sql
+++ b/db/sql/test_00_msar.sql
@@ -5369,3 +5369,33 @@ BEGIN
   );
 END;
 $$ LANGUAGE plpgsql;
+
+
+CREATE OR REPLACE FUNCTION test_build_grant_revoke_membership_expr() RETURNS SETOF TEXT AS $$
+BEGIN
+  CREATE USER "Alice";
+  CREATE USER "Bob";
+  CREATE USER carol;
+  RETURN NEXT is(
+    msar.build_grant_membership_expr('"Alice"'::regrole::oid, ARRAY['"Bob"'::regrole::oid]),
+    E'GRANT "Alice" TO "Bob";\n'
+  );
+  RETURN NEXT is(
+    msar.build_grant_membership_expr(
+      '"Alice"'::regrole::oid, ARRAY['"Bob"'::regrole::oid, 'carol'::regrole::oid]
+    ),
+    E'GRANT "Alice" TO "Bob";\nGRANT "Alice" TO carol;\n'
+  );
+
+  RETURN NEXT is(
+    msar.build_revoke_membership_expr('"Alice"'::regrole::oid, ARRAY['"Bob"'::regrole::oid]),
+    E'REVOKE "Alice" FROM "Bob";\n'
+  );
+  RETURN NEXT is(
+    msar.build_revoke_membership_expr(
+      '"Alice"'::regrole::oid, ARRAY['"Bob"'::regrole::oid, 'carol'::regrole::oid]
+    ),
+    E'REVOKE "Alice" FROM "Bob";\nREVOKE "Alice" FROM carol;\n'
+  );
+END;
+$$ LANGUAGE plpgsql;