Re: Row-security on updatable s.b. views

On 02/25/2014 01:28 AM, Dean Rasheed wrote:
> On 13 February 2014 04:12, Craig Ringer <craig(at)2ndquadrant(dot)com> wrote:
>>
>> It's crashing while pulling up the query over "emp" (hl7.employee) and
>> "part" (hl7.participation).
>>
>> Given the simplicity of what the row-security code its self is doing,
>> I'm wondering if this is a case that isn't handled in updatable s.b.
>> views. I'll look into it.
>
> I'm not sure how much further you've got with this, but I think the
> issue is that the securityQuals that you're adding don't refer to the
> correct RTE. When adding securityQuals to an RTE, they are expected to
> have Vars whose varno matches the rt_index of the RTE (see for example
> the code in rewriteTargetView() which calls ChangeVarNodes() on
> viewqual before adding the qual to securityQuals or the main query
> jointree). prepend_row_security_quals() doesn't appear to have any
> similar code, and it would need to be passed the rt_index to do that.

Thanks for the pointer. That was indeed the issue.

I've pushed an update to the branch with the fix for varno handling.
Thanks. It's tagged rls-9.4-upd-sb-views-v8 .

I've almost run out of time to spend on row security for this
commitfest, unfortunately. I'm putting a blog together with a current
status update. Frustrating, as it's coming together now.

Open issues include:

- Passing plan inval items from rewriter into planner
- COPY support pending
- Clear syntax in DDL

Most of the rest are solved; it's actually looking pretty good.

--
Craig Ringer http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services