Require superuser to use pg_dirtyread

Spotted by Andreas Seltenreich

expected/dirtyread.out

@@ -105,3 +105,6 @@ DETAIL:  Attribute "dead" has type boolean in corresponding attribute of type fo
 SELECT * FROM pg_dirtyread('foo'::regclass) as t(oid bigint);
 ERROR:  Error converting tuple descriptors!
 DETAIL:  Attribute "oid" has type oid in corresponding attribute of type foo.
+SET ROLE luser;
+SELECT * FROM pg_dirtyread('foo'::regclass) as t(bar bigint, baz text);
+ERROR:  must be superuser to use pg_dirtyread

expected/extension.out

@@ -1 +1,5 @@
 CREATE EXTENSION pg_dirtyread;
+-- create a non-superuser role, ignoring any output/errors, it might already exist
+SET client_min_messages = fatal;
+\set QUIET on
+CREATE ROLE luser;

pg_dirtyread.c

@@ -42,6 +42,7 @@
 #if PG_VERSION_NUM >= 90300
 #include "access/htup_details.h"
 #endif
+#include "miscadmin.h" /* superuser */
 #include "storage/procarray.h" /* GetOldestXmin */
 
 #include "dirtyread_tupconvert.h"
@@ -73,6 +74,11 @@ pg_dirtyread(PG_FUNCTION_ARGS)
         Oid                 relid;
         TupleDesc           tupdesc;
 
+        if (!superuser())
+            ereport(ERROR,
+                    (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+                     errmsg("must be superuser to use pg_dirtyread")));
+
         relid = PG_GETARG_OID(0);
         if (!OidIsValid(relid))
             elog(ERROR, "invalid relation oid \"%d\"", relid);

sql/dirtyread.sql

@@ -46,3 +46,6 @@ SELECT * FROM pg_dirtyread('foo'::regclass) as t(cmin bigint);
 SELECT * FROM pg_dirtyread('foo'::regclass) as t(cmax bigint);
 SELECT * FROM pg_dirtyread('foo'::regclass) as t(dead bigint);
 SELECT * FROM pg_dirtyread('foo'::regclass) as t(oid bigint);
+
+SET ROLE luser;
+SELECT * FROM pg_dirtyread('foo'::regclass) as t(bar bigint, baz text);

sql/extension.sql

@@ -1 +1,6 @@
 CREATE EXTENSION pg_dirtyread;
+
+-- create a non-superuser role, ignoring any output/errors, it might already exist
+SET client_min_messages = fatal;
+\set QUIET on
+CREATE ROLE luser;