From 6d2c6e00fc4b81b06c8ac500223e6eba708c4d0f Mon Sep 17 00:00:00 2001
From: Bobbie Soedirgo <bobbie@soedirgo.dev>
Date: Fri, 31 May 2024 16:26:00 +0800
Subject: [PATCH] fix: don't allow alter role nosuperuser

---
 src/supautils.c                   | 2 +-
 test/expected/privileged_role.out | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/supautils.c b/src/supautils.c
index 93990dc..c262511 100644
--- a/src/supautils.c
+++ b/src/supautils.c
@@ -333,7 +333,7 @@ supautils_hook(PROCESS_UTILITY_PARAMS)
 				foreach(option_cell, stmt->options)
 				{
 					DefElem *defel = (DefElem *) lfirst(option_cell);
-					if (strcmp(defel->defname, "superuser") == 0 && defGetBoolean(defel)) {
+					if (strcmp(defel->defname, "superuser") == 0) {
 						ereport(ERROR,
 								(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
 								 errmsg("permission denied to alter role"),
diff --git a/test/expected/privileged_role.out b/test/expected/privileged_role.out
index c53cff9..7ba3595 100644
--- a/test/expected/privileged_role.out
+++ b/test/expected/privileged_role.out
@@ -187,6 +187,8 @@ ERROR:  permission denied to create role
 DETAIL:  Only roles with the SUPERUSER attribute may create roles with the SUPERUSER attribute.
 create role r;
 alter role r nosuperuser;
+ERROR:  permission denied to alter role
+DETAIL:  Only roles with the SUPERUSER attribute may alter roles with the SUPERUSER attribute.
 alter role r superuser;
 ERROR:  permission denied to alter role
 DETAIL:  Only roles with the SUPERUSER attribute may alter roles with the SUPERUSER attribute.