Ensure that the user should be able to kill the session from Dashboard if the user has a 'pg_signal_backend' role. Fixes #6159

2021-02-26 12:30:30 +05:30 · 2021-02-26 12:30:30 +05:30 · 8279e7e01c
parent f77fceb1b2
commit 8279e7e01c
4 changed files with 39 additions and 5 deletions
--- a/docs/en_US/release_notes.rst
+++ b/docs/en_US/release_notes.rst
@ -11,6 +11,7 @@ notes for it.
 .. toctree::
   :maxdepth: 1

+   release_notes_5_1
   release_notes_5_0
   release_notes_4_30
   release_notes_4_29
--- a/docs/en_US/release_notes_5_1.rst
+++ b/docs/en_US/release_notes_5_1.rst
@ -0,0 +1,20 @@
+************
+Version 5.1
+************
+
+Release date: 2021-03-25
+
+This release contains a number of bug fixes and new features since the release of pgAdmin4 5.0.
+
+New features
+************
+
+
+Housekeeping
+************
+
+
+Bug fixes
+*********
+
+| `Issue #6159 <https://redmine.postgresql.org/issues/6159>`_ -  Ensure that the user should be able to kill the session from Dashboard if the user has a 'pg_signal_backend' role.
--- a/web/pgadmin/dashboard/static/js/dashboard.js
+++ b/web/pgadmin/dashboard/static/js/dashboard.js
@ -30,7 +30,8 @@ define('pgadmin.dashboard', [
    is_super_user = false,
    current_user, maintenance_database,
    is_server_dashboard = false,
-    is_database_dashboard = false;
+    is_database_dashboard = false,
+    can_signal_backend = false;

  // Custom BackGrid cell, Responsible for cancelling active sessions
  var customDashboardActionCell = Backgrid.Extension.DeleteCell.extend({
@ -293,6 +294,7 @@ define('pgadmin.dashboard', [
          // Check if user is super user
          var server = treeHierarchy['server'];
          maintenance_database = (server && server.db) || null;
+          can_signal_backend = server.user.can_signal_backend;

          if (server && server.user && server.user.is_superuser) {
            is_super_user = true;
@ -1149,6 +1151,9 @@ define('pgadmin.dashboard', [
          gettext('The session is already in idle state.')
        );
        return false;
+      } else if (can_signal_backend) {
+        // user with membership of 'pg_signal_backend' can terminate the session of non admin user.
+        return true;
      } else if (is_super_user) {
        // Super user can do anything
        return true;
--- a/web/pgadmin/utils/driver/psycopg2/connection.py
+++ b/web/pgadmin/utils/driver/psycopg2/connection.py
@ -552,12 +552,20 @@ WHERE db.datname = current_database()""")
        """
        status = self._execute(cur, """
        SELECT
-            oid as id, rolname as name, rolsuper as is_superuser,
-            CASE WHEN rolsuper THEN true ELSE rolcreaterole END as
+            roles.oid as id, roles.rolname as name,
+            roles.rolsuper as is_superuser,
+            CASE WHEN roles.rolsuper THEN true ELSE roles.rolcreaterole END as
            can_create_role,
-            CASE WHEN rolsuper THEN true ELSE rolcreatedb END as can_create_db
+            CASE WHEN roles.rolsuper THEN true
+            ELSE roles.rolcreatedb END as can_create_db,
+            CASE WHEN 'pg_signal_backend'=ANY(ARRAY(
+                SELECT pg_catalog.pg_roles.rolname FROM
+                pg_catalog.pg_auth_members m JOIN pg_catalog.pg_roles ON
+                (m.roleid = pg_catalog.pg_roles.oid) WHERE
+                 m.member = roles.oid)) THEN True
+            ELSE False END as can_signal_backend
        FROM
-            pg_catalog.pg_roles
+            pg_catalog.pg_roles as roles
        WHERE
            rolname = current_user""")