1 files changed, 41 insertions, 3 deletions

diff --git a/mod/database.cxx b/mod/database.cxx
index 67a862b..813c8cc 100644
--- a/mod/database.cxx
+++ b/mod/database.cxx
@@ -14,6 +14,7 @@ namespace brep
   struct db_key
   {
     string user;
+    string role;
     string password;
     string name;
     string host;
@@ -25,6 +26,7 @@ namespace brep
   {
     int r;
     if ((r = x.user.compare (y.user)) != 0 ||
+        (r = x.role.compare (y.role)) != 0 ||
         (r = x.password.compare (y.password)) != 0 ||
         (r = x.name.compare (y.name)) != 0 ||
         (r = x.host.compare (y.host)))
@@ -35,8 +37,41 @@ namespace brep
 
   using namespace odb;
 
+  class connection_pool_factory: public pgsql::connection_pool_factory
+  {
+  public:
+    connection_pool_factory (string role, size_t max_connections)
+        : pgsql::connection_pool_factory (max_connections),
+          role_ (move (role))
+    {
+    }
+
+    virtual pooled_connection_ptr
+    create () override
+    {
+      pooled_connection_ptr conn (pgsql::connection_pool_factory::create ());
+
+      // Set the serializable isolation level for the subsequent connection
+      // transactions. Note that the SET TRANSACTION command affects only the
+      // current transaction.
+      //
+      conn->execute ("SET default_transaction_isolation=serializable");
+
+      // Change the connection current user to the execution user name.
+      //
+      if (!role_.empty ())
+        conn->execute ("SET ROLE '" + role_ + "'");
+
+      return conn;
+    }
+
+  private:
+    string role_;
+  };
+
   shared_ptr<database>
   shared_database (string user,
+                   string role,
                    string password,
                    string name,
                    string host,
@@ -45,7 +80,10 @@ namespace brep
   {
     static std::map<db_key, weak_ptr<database>> databases;
 
-    db_key k ({move (user), move (password), move (name), host, port});
+    db_key k ({
+      move (user), move (role), move (password),
+      move (name),
+      move (host), port});
 
     auto i (databases.find (k));
     if (i != databases.end ())
@@ -55,7 +93,7 @@ namespace brep
     }
 
     unique_ptr<pgsql::connection_factory>
-      f (new pgsql::connection_pool_factory (max_connections));
+      f (new connection_pool_factory (k.role, max_connections));
 
     shared_ptr<database> d (
       make_shared<pgsql::database> (
@@ -64,7 +102,7 @@ namespace brep
         k.name,
         k.host,
         k.port,
-        "options='-c default_transaction_isolation=serializable'",
+        "",
         move (f)));
 
     databases[move (k)] = d;