Re: WIP patch (v2) for updatable security barrier views

On 29 January 2014 11:34, Craig Ringer <craig(at)2ndquadrant(dot)com> wrote:
> On 01/23/2014 06:06 PM, Dean Rasheed wrote:
>> On 21 January 2014 09:18, Dean Rasheed <dean(dot)a(dot)rasheed(at)gmail(dot)com> wrote:
>>> Yes, please review the patch from 09-Jan
>>> (http://www.postgresql.org/message-id/CAEZATCUiKxOg=vOOvjA2S6G-sixzzxg18ToTggP8zOBq6QnQHQ@mail.gmail.com).
>>>
>>
>> After further testing I found a bug --- it involves having a security
>> barrier view on top of a base relation that has a rule that rewrites
>> the query to have a different result relation, and possibly also a
>> different command type, so that the securityQuals are no longer on the
>> result relation, which is a code path not previously tested and the
>> rowmark handling was wrong. That's probably a pretty obscure case in
>> the context of security barrier views, but that code path would be
>> used much more commonly if RLS were built on top of this. Fortunately
>> the fix is trivial --- updated patch attached.
>
> This is the most recent patch I see, and the one I've been working on
> top of.
>
> Are there any known tests that this patch fails?
>

None that I've been able to come up with.

> Can we construct any tests that this patch fails? If so, can we make it
> pass them, or error out cleanly?
>

Sounds sensible. Feel free to add any test cases you think up to the
wiki page. Even if we don't like this design, any alternative must at
least pass all the tests listed there.

https://wiki.postgresql.org/wiki/Making_security_barrier_views_automatically_updatable

Regards,
Dean