Re: Updatable view (where in) with check option doesn't validate data properly

Nicolas M <kiruahxh(at)gmail(dot)com> writes:
> create or replace view viewSimpleA as select * from tableA where name
> like 'a%'with check option;

[ behaves as expected ]

> create or replace view viewA as select * from tableAwhere db_record_id in (
> select db_record_id from tableA
> where name like 'a%'
> ) with check option;

[ not so much ]

I don't think this is a bug. The problem is that we handle
WITH CHECK OPTION by seeing whether the proposed new tuple
value satisfies the view's WHERE clause. But the new tuple
isn't yet stored, or at least isn't yet visible, so that
that sub-select still finds the old row contents (or fails
to find any row at all, in your first test).

We could maybe hack our way to fixing that in the specific
case you show here, but I'm not very excited about that,
because this usage of WITH CHECK OPTION seems inherently
unsafe. For example, if we permit an update based on the
fact that there's currently a row with "name like 'a%'",
there's no way to be certain that some other transaction
hasn't concurrently changed or deleted that row. That'd
lead to inconsistency once both transactions commit.

In general I think that expecting WITH CHECK OPTION to
enforce non-immutable conditions is pretty hazardous,
for largely the same reasons that a non-immutable CHECK
constraint is hazardous. We don't stop you from declaring
such a constraint, but it's likely to bite you in the rear.

regards, tom lane