]> granicus.if.org Git - postgresql/commit
projects / postgresql / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 280e5f1) | patch
Perform RLS subquery checks as the right user when going via a view.
authorDean Rasheed <dean.a.rasheed@gmail.com>
Tue, 2 Apr 2019 07:13:59 +0000 (08:13 +0100)
committerDean Rasheed <dean.a.rasheed@gmail.com>
Tue, 2 Apr 2019 07:13:59 +0000 (08:13 +0100)
commite2d28c0f404713f564dc2250646551c75172f17b
tree8eef6e884d4c4dfaab0120e0be1e4d916d4e8731tree | snapshot
parent280e5f14056bf34a0f52320f659fb93acfda0876commit | diff
Perform RLS subquery checks as the right user when going via a view.

When accessing a table with RLS via a view, the RLS checks are
performed as the view owner. However, the code neglected to propagate
that to any subqueries in the RLS checks. Fix that by calling
setRuleCheckAsUser() for all RLS policy quals and withCheckOption
checks for RTEs with RLS.

Back-patch to 9.5 where RLS was added.

Per bug #15708 from daurnimator.

Discussion: https://postgr.es/m/15708-d65cab2ce9b1717a@postgresql.org
src/backend/rewrite/rowsecurity.c diff | blob | history
src/test/regress/expected/rowsecurity.out diff | blob | history
src/test/regress/sql/rowsecurity.sql diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.