Re: Row-security on updatable s.b. views

On 04/03/14 02:36, Craig Ringer wrote:
> On 02/25/2014 01:28 AM, Dean Rasheed wrote:
>> On 13 February 2014 04:12, Craig Ringer <craig(at)2ndquadrant(dot)com> wrote:
>>> It's crashing while pulling up the query over "emp" (hl7.employee) and
>>> "part" (hl7.participation).
>>>
>>> Given the simplicity of what the row-security code its self is doing,
>>> I'm wondering if this is a case that isn't handled in updatable s.b.
>>> views. I'll look into it.
>> I'm not sure how much further you've got with this, but I think the
>> issue is that the securityQuals that you're adding don't refer to the
>> correct RTE. When adding securityQuals to an RTE, they are expected to
>> have Vars whose varno matches the rt_index of the RTE (see for example
>> the code in rewriteTargetView() which calls ChangeVarNodes() on
>> viewqual before adding the qual to securityQuals or the main query
>> jointree). prepend_row_security_quals() doesn't appear to have any
>> similar code, and it would need to be passed the rt_index to do that.
> Thanks for the pointer. That was indeed the issue.
>
> I've pushed an update to the branch with the fix for varno handling.
> Thanks. It's tagged rls-9.4-upd-sb-views-v8 .
>
> I've almost run out of time to spend on row security for this
> commitfest, unfortunately. I'm putting a blog together with a current
> status update. Frustrating, as it's coming together now.
>
> Open issues include:
>
> - Passing plan inval items from rewriter into planner
> - COPY support pending
> - Clear syntax in DDL
>
> Most of the rest are solved; it's actually looking pretty good.

Hi Craig,

I've tested the results from the minirim.sql that was posted earlier,
and the v8 gives the same results as v4 :-)

Thanks for all the work!
Yeb