| From: | Joe Conway <mail(at)joeconway(dot)com> |
|---|---|
| To: | pgsql-committers(at)postgresql(dot)org |
| Subject: | pgsql: Disallow converting a table to a view if row security is present |
| Date: | 2015-07-28 23:25:13 |
| Message-ID: | E1ZKEFF-000098-Ss@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Disallow converting a table to a view if row security is present.
When DefineQueryRewrite() is about to convert a table to a view, it checks
the table for features unavailable to views. For example, it rejects tables
having triggers. It omits to reject tables having relrowsecurity or a
pg_policy record. Fix that. To faciliate the repair, invent
relation_has_policies() which indicates the presence of policies on a
relation even when row security is disabled for that relation.
Reported by Noah Misch. Patch by me, review by Stephen Frost. Back-patch
to 9.5 where RLS was introduced.
Branch
------
master
Details
-------
http://git.postgresql.org/pg/commitdiff/d824e2800f66f6180189d973c720611855c6f619
Modified Files
--------------
src/backend/commands/policy.c | 29 +++++++++++++++++++++++++++++
src/backend/rewrite/rewriteDefine.c | 24 +++++++++++++++++++-----
src/include/commands/policy.h | 1 +
src/test/regress/expected/rowsecurity.out | 23 +++++++++++++++++++++++
src/test/regress/sql/rowsecurity.sql | 25 +++++++++++++++++++++++++
5 files changed, 97 insertions(+), 5 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joe Conway | 2015-07-28 23:25:17 | pgsql: Disallow converting a table to a view if row security is present |
| Previous Message | Joe Conway | 2015-07-28 23:03:16 | pgsql: Create a pg_shdepend entry for each role in TO clause of policie |