Re: Row-security on updatable s.b. views

On 02/06/2014 10:19 PM, Craig Ringer wrote:
> On 02/06/2014 12:43 PM, Craig Ringer wrote:
>> 1. Try (again) to do row-security in the rewriter. This was previously
>> impossible because of the definition of row-security behaviour around
>> inheritance, but with the simplified inheritance model now proposed I
>> think it's possible.
>
> Thanks to the simplified requirements for inheritance, this turns out to
> be fairly easy. There's a version rewritten to use the rewriter in the tag:
>
> rls-9.4-upd-sb-views-v6
>
> on https://github.com/ringerc/postgres.git

... which was totally wrong, and I blame lack of sleep for it ever
getting pushed. I didn't understand the rewriter as well as I thought.

v7 applies row-security quals in fireRIRrules .

It handles recursion correctly now, and works fine for both target and
non-target relations. I've cleaned out most of the cruft from the
previous optimizer based approach too.

I haven't figured out how to pass the plan invalidation information (so
plans are invalidated properly when they depend on row security quals)
down into the planner yet, that's next.

COPY still just ERROR's if you try to copy to/from a rel with
row-security quals, but again, just a matter of getting it done, I have
KaiGai's patch to work from.

Regression tests fail, including a segfault in the executor. Cause as
yet unknown, but it takes a hairy view+rowsecrule combo to trigger it.

New tag:

rls-9.4-upd-sb-views-v6

> The regression test expected file needs adjustment to match the new
> inheritance rules, and to cover a couple of new tests I've added.

Still true.

> Need to cherry-pick the docs patch back on top of the patch tree now
> things are settling.

Still true.

--
Craig Ringer http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services