Re: Row-security on updatable s.b. views

From: Yeb Havinga <yebhavinga(at)gmail(dot)com>
To: Craig Ringer <craig(at)2ndquadrant(dot)com>
Cc: PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Row-security on updatable s.b. views
Date: 2014-02-11 12:19:41
Message-ID: 52FA155D.4070106@gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On 2014-02-11 12:09, Craig Ringer wrote:
> On 02/11/2014 06:05 PM, Yeb Havinga wrote:
>> On 2014-02-11 09:36, Craig Ringer wrote:
>>> On 02/06/2014 10:19 PM, Craig Ringer wrote:
>>>> On 02/06/2014 12:43 PM, Craig Ringer wrote:
>>>>> 1. Try (again) to do row-security in the rewriter. This was previously
>>>>> impossible because of the definition of row-security behaviour around
>>>>> inheritance, but with the simplified inheritance model now proposed I
>>>>> think it's possible.
>>>> Thanks to the simplified requirements for inheritance, this turns out to
>>>> be fairly easy. There's a version rewritten to use the rewriter in
>>>> the tag:
>>>>
>>>> rls-9.4-upd-sb-views-v6
>>>>
>>>> on https://github.com/ringerc/postgres.git
>>> ... which was totally wrong, and I blame lack of sleep for it ever
>>> getting pushed. I didn't understand the rewriter as well as I thought.
>>>
>>> v7 applies row-security quals in fireRIRrules .
>>> New tag:
>>>
>>> rls-9.4-upd-sb-views-v6
>> Hi Craig,
>>
>> This looks to be the same v6 version as the initial rewriter version.
>> https://github.com/ringerc/postgres/commits/rls-9.4-upd-sb-views-v6
> Whoops, wrong paste.
>
> rls-9.4-upd-sb-views-v7
>
Hi Craig,

I compared output of psql -ef of the minirim.sql script posted earlier
in http://www.postgresql.org/message-id/52F54927.1040102@gmail.com
between v4 and v7.

Not everything is ok.

Seq Scan on patient (cost=0.00..29589.31 rows=495 width=52)
Filter: (SubPlan 1)
SubPlan 1
@@ -555,7 +592,7 @@
-> Materialize (cost=26.39..570.62 rows=1014 width=4)
-> Subquery Scan on act (cost=26.39..565.55
rows=1014 width=4)
-> Nested Loop Semi Join
(cost=26.39..555.41 rows=1014 width=108)
- Join Filter: (((part.act = act_1.id)
AND (emp_2.pgname = ("current_user"())::text)) OR (NOT
((act_1.confidentialitycode)::text[] @> '{s}'::text[])))
+ Join Filter: (((part.act = act_1.id)
AND (emp_2.pgname = ("current_user"())::text)) OR (NOT
((act_1.effectivetime)::text[] @> '{s}'::text[])))
-> Append (cost=0.00..31.19
rows=1019 width=108)
-> Seq Scan on act act_1
(cost=0.00..1.59 rows=59 width=108)

@@ -587,12 +624,8 @@
FROM patient, person, organization
WHERE patient.player = person.id
AND patient.scoper = organization.id;
- id | vipcode | name | birthtime | name
-----+---------+----------+---------------------+--------------------------------
- 10 | | John Doe | 1963-04-01 00:00:00 | Community Health and
Hospitals
- 16 | | John Doe | 1963-04-01 00:00:00 | Community Mental
Health Clinic
-(2 rows)
-
+psql:/home/m/minirim2.sql:409: ERROR: attribute 6 has wrong type
+DETAIL: Table has type tsrange, but query expects _confidentialitycode.

@@ -629,7 +662,4 @@
SET SESSION AUTHORIZATION sigmund;
SET
SELECT * FROM test;
- id | classcode | moodcode | code | confidentialitycode | effectivetime
-----+-----------+----------+------+---------------------+---------------
-(0 rows)
-
+psql:/home/m/minirim2.sql:439: connection to server was lost

regards,
Yeb Havinga

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Craig Ringer 2014-02-11 12:41:03 Re: Row-security on updatable s.b. views
Previous Message Craig Ringer 2014-02-11 11:09:05 Re: Row-security on updatable s.b. views