| From: | Joe Conway <mail(at)joeconway(dot)com> |
|---|---|
| To: | pgsql-committers(at)postgresql(dot)org |
| Subject: | pgsql: Disallow converting a table to a view if row security is present |
| Date: | 2015-07-28 23:25:17 |
| Message-ID: | E1ZKEFJ-00009U-CF@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Disallow converting a table to a view if row security is present.
When DefineQueryRewrite() is about to convert a table to a view, it checks
the table for features unavailable to views. For example, it rejects tables
having triggers. It omits to reject tables having relrowsecurity or a
pg_policy record. Fix that. To faciliate the repair, invent
relation_has_policies() which indicates the presence of policies on a
relation even when row security is disabled for that relation.
Reported by Noah Misch. Patch by me, review by Stephen Frost. Back-patch
to 9.5 where RLS was introduced.
Branch
------
REL9_5_STABLE
Details
-------
http://git.postgresql.org/pg/commitdiff/344703bcc453ac3ce0060785d4958ddec7d2dbe9
Modified Files
--------------
src/backend/commands/policy.c | 29 +++++++++++++++++++++++++++++
src/backend/rewrite/rewriteDefine.c | 24 +++++++++++++++++++-----
src/include/commands/policy.h | 1 +
src/test/regress/expected/rowsecurity.out | 23 +++++++++++++++++++++++
src/test/regress/sql/rowsecurity.sql | 25 +++++++++++++++++++++++++
5 files changed, 97 insertions(+), 5 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2015-07-28 23:56:12 | pgsql: Suppress "variable may be used uninitialized" warning. |
| Previous Message | Joe Conway | 2015-07-28 23:25:13 | pgsql: Disallow converting a table to a view if row security is present |