Use has_privs_for_roles for predefined role checks

Generally if a role is granted membership to another role with NOINHERIT
they must use SET ROLE to access the privileges of that role, however
with predefined roles the membership and privilege is conflated. Fix that
by replacing is_member_of_role with has_privs_for_role for predefined
roles. Patch does not remove is_member_of_role from acl.h, but it does
add a warning not to use that function for privilege checking. Not
backpatched based on hackers list discussion.

Author: Joshua Brindle
Reviewed-by: Stephen Frost, Nathan Bossart, Joe Conway
Discussion: https://postgr.es/m/flat/CAGB+Vh4Zv_TvKt2tv3QNS6tUM_F_9icmuj0zjywwcgVi4PAhFA@mail.gmail.com

1 files changed, 3 insertions, 3 deletions

diff --git a/doc/src/sgml/adminpack.sgml b/doc/src/sgml/adminpack.sgml
index 0dd89be3534..5702456cd25 100644
--- a/doc/src/sgml/adminpack.sgml
+++ b/doc/src/sgml/adminpack.sgml
@@ -22,9 +22,9 @@
   functions in <xref linkend="functions-admin-genfile-table"/>, which
   provide read-only access.)
   Only files within the database cluster directory can be accessed, unless the
-  user is a superuser or given one of the pg_read_server_files, or pg_write_server_files
-  roles, as appropriate for the function, but either a relative or absolute path is
-  allowable.
+  user is a superuser or given privileges of one of the pg_read_server_files, 
+  or pg_write_server_files roles, as appropriate for the function, but either a
+  relative or absolute path is allowable.
  </para>
 
  <table id="functions-adminpack-table">