From 9028a844614119525e07bbd89f6a19ea4ed6fbd1 Mon Sep 17 00:00:00 2001
From: Michael Beaumont <mjboamail@gmail.com>
Date: Mon, 9 Mar 2020 15:37:12 +0100
Subject: [PATCH] Inspect function privileges

Part of djrobstep/migra#64
---
 schemainspect/pg/sql/privileges.sql | 13 ++++++++++++-
 tests/test_all.py                   | 10 ++++++++++
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/schemainspect/pg/sql/privileges.sql b/schemainspect/pg/sql/privileges.sql
index f2198e0..0c09662 100644
--- a/schemainspect/pg/sql/privileges.sql
+++ b/schemainspect/pg/sql/privileges.sql
@@ -13,4 +13,15 @@ where grantee != (
 )
 -- SKIP_INTERNAL and table_schema not in ('pg_internal', 'pg_catalog', 'information_schema', 'pg_toast')
 -- SKIP_INTERNAL and table_schema not like 'pg_temp_%' and table_schema not like 'pg_toast_temp_%'
-order by schema, name, user;
+union
+select
+  routine_schema as schema,
+  routine_name as name,
+  'function' as object_type,
+  grantee as user,
+  privilege_type as privilege
+from information_schema.role_routine_grants
+where true
+-- SKIP_INTERNAL and routine_schema not in ('pg_internal', 'pg_catalog', 'information_schema', 'pg_toast')
+-- SKIP_INTERNAL and routine_schema not like 'pg_temp_%' and routine_schema not like 'pg_toast_temp_%'
+order by schema, name, "user";
diff --git a/tests/test_all.py b/tests/test_all.py
index 88b8f18..abf14e0 100644
--- a/tests/test_all.py
+++ b/tests/test_all.py
@@ -267,6 +267,7 @@ def setup_pg_schema(s):
             )
             as $$select 'a'::varchar, '2014-01-01'::date$$
             language sql;
+            grant execute on function films_f(date, text, date) to postgres;
         """
     )
     s.execute("comment on function films_f(date, text, date) is 'films_f comment'")
@@ -454,6 +455,15 @@ def asserts_pg(i, has_timescale=False):
     assert g.drop_statement == 'revoke select on table {} from "postgres";'.format(
         t_films
     )
+    f_films_f = n("films_f")
+    g = InspectedPrivilege("function", "public", "films_f", "execute", "postgres")
+    g = i.privileges[g.key]
+    assert g.create_statement == 'grant execute on function {} to "postgres";'.format(
+        f_films_f
+    )
+    assert g.drop_statement == 'revoke execute on function {} from "postgres";'.format(
+        f_films_f
+    )
 
     # composite types
     ct = i.composite_types[n("ttt")]