qual = transformWhereClause(qual_pstate,
copyObject(stmt->qual),
- EXPR_KIND_WHERE,
+ EXPR_KIND_POLICY,
"POLICY");
with_check_qual = transformWhereClause(with_check_pstate,
copyObject(stmt->with_check),
- EXPR_KIND_WHERE,
+ EXPR_KIND_POLICY,
"POLICY");
/* Fix up collation information */
addRTEtoQuery(qual_pstate, rte, false, true, true);
qual = transformWhereClause(qual_pstate, copyObject(stmt->qual),
- EXPR_KIND_WHERE,
+ EXPR_KIND_POLICY,
"POLICY");
/* Fix up collation information */
with_check_qual = transformWhereClause(with_check_pstate,
copyObject(stmt->with_check),
- EXPR_KIND_WHERE,
+ EXPR_KIND_POLICY,
"POLICY");
/* Fix up collation information */
break;
case EXPR_KIND_WHERE:
errkind = true;
+ break;
+ case EXPR_KIND_POLICY:
+ if (isAgg)
+ err = _("aggregate functions are not allowed in policy expressions");
+ else
+ err = _("grouping operations are not allowed in policy expressions");
+
break;
case EXPR_KIND_HAVING:
/* okay */
case EXPR_KIND_WHERE:
errkind = true;
break;
+ case EXPR_KIND_POLICY:
+ err = _("window functions are not allowed in policy expressions");
+ break;
case EXPR_KIND_HAVING:
errkind = true;
break;
case EXPR_KIND_FROM_SUBSELECT:
case EXPR_KIND_FROM_FUNCTION:
case EXPR_KIND_WHERE:
+ case EXPR_KIND_POLICY:
case EXPR_KIND_HAVING:
case EXPR_KIND_FILTER:
case EXPR_KIND_WINDOW_PARTITION:
return "function in FROM";
case EXPR_KIND_WHERE:
return "WHERE";
+ case EXPR_KIND_POLICY:
+ return "POLICY";
case EXPR_KIND_HAVING:
return "HAVING";
case EXPR_KIND_FILTER:
EXPR_KIND_INDEX_PREDICATE, /* index predicate */
EXPR_KIND_ALTER_COL_TRANSFORM, /* transform expr in ALTER COLUMN TYPE */
EXPR_KIND_EXECUTE_PARAMETER, /* parameter value in EXECUTE */
- EXPR_KIND_TRIGGER_WHEN /* WHEN condition in CREATE TRIGGER */
+ EXPR_KIND_TRIGGER_WHEN, /* WHEN condition in CREATE TRIGGER */
+ EXPR_KIND_POLICY /* USING or WITH CHECK expr in policy */
} ParseExprKind;
e = (Node *) makeSimpleA_Expr(AEXPR_OP, "=", (Node *) n, (Node *) c, 0);
policy->qual = (Expr *) transformWhereClause(qual_pstate, copyObject(e),
- EXPR_KIND_WHERE,
+ EXPR_KIND_POLICY,
"POLICY");
policy->with_check_qual = copyObject(policy->qual);
e = (Node *) makeSimpleA_Expr(AEXPR_OP, "=", (Node *) n, (Node *) c, 0);
policy->qual = (Expr *) transformWhereClause(qual_pstate, copyObject(e),
- EXPR_KIND_WHERE,
+ EXPR_KIND_POLICY,
"POLICY");
policy->with_check_qual = copyObject(policy->qual);
SELECT * FROM generate_series(1,5) t0(c); -- succeeds
ROLLBACK;
--
+-- Policy expression handling
+--
+BEGIN;
+SET row_security = FORCE;
+CREATE TABLE t (c) AS VALUES ('bar'::text);
+CREATE POLICY p ON t USING (max(c)); -- fails: aggregate functions are not allowed in policy expressions
+ERROR: aggregate functions are not allowed in policy expressions
+ROLLBACK;
+--
-- Clean up objects
--
RESET SESSION AUTHORIZATION;
SELECT * FROM generate_series(1,5) t0(c); -- succeeds
ROLLBACK;
+--
+-- Policy expression handling
+--
+BEGIN;
+SET row_security = FORCE;
+CREATE TABLE t (c) AS VALUES ('bar'::text);
+CREATE POLICY p ON t USING (max(c)); -- fails: aggregate functions are not allowed in policy expressions
+ROLLBACK;
+
--
-- Clean up objects
--
projects / postgresql / commitdiff