Problem with function permission test in a view

Someone asked me a question about view and function permissions. I
assumed all object access done by a view would be based on the
permissions on the view, and not the permissions of the objects.

While table access done in a view follows this outline, function call
access does not. In my tests below, I create a function ftest(), and
allow only 'postgres' to execute it. I then create a view and put the
function call in the view, and grant permissions on the view to others.
However, in the test, you will see that the function call in the view
fails.

Is this a bug?

---------------------------------------------------------------------------

CREATE USER dummyuser;
CREATE USER
SET SESSION AUTHORIZATION postgres;
SET
CREATE OR REPLACE FUNCTION ftest() RETURNS INTEGER
EXTERNAL SECURITY DEFINER
AS 'SELECT 1' LANGUAGE 'sql';
CREATE FUNCTION
REVOKE EXECUTE ON FUNCTION ftest() FROM PUBLIC;
REVOKE
SELECT ftest();
ftest
-------
1
(1 row)

SET SESSION AUTHORIZATION dummyuser;
SET
SELECT ftest();
ERROR: permission denied for function ftest
SET SESSION AUTHORIZATION postgres;
SET
CREATE VIEW vv AS SELECT ftest();
ERROR: relation "vv" already exists
SELECT * FROM vv;
ftest
-------
1
(1 row)

GRANT ALL ON vv TO PUBLIC;
GRANT
SET SESSION AUTHORIZATION dummyuser;
SET
SELECT * FROM vv;
ERROR: permission denied for function ftest

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073