granicus.if.org Git - postgresql/commit

author	Stephen Frost <sfrost@snowman.net>
	Wed, 30 Sep 2015 11:39:24 +0000 (07:39 -0400)
committer	Stephen Frost <sfrost@snowman.net>
	Wed, 30 Sep 2015 11:39:24 +0000 (07:39 -0400)
commit	7d8db3e8f37aec9d252353904e77381a18a2fa9f
tree	e76c44c24158f32cc5ec4b82e86a4dc23bd60c58	tree \| snapshot
parent	6057f61b4d511d8321f295d827ced13809e5a1ae	commit \| diff

Include policies based on ACLs needed

When considering which policies should be included, rather than look at
individual bits of the query (eg: if a RETURNING clause exists, or if a
WHERE clause exists which is referencing the table, or if it's a
FOR SHARE/UPDATE query), consider any case where we've determined
the user needs SELECT rights on the relation while doing an UPDATE or
DELETE to be a case where we apply SELECT policies, and any case where
we've deteremind that the user needs UPDATE rights on the relation while
doing a SELECT to be a case where we apply UPDATE policies.

This simplifies the logic and addresses concerns that a user could use
UPDATE or DELETE with a WHERE clauses to determine if rows exist, or
they could use SELECT .. FOR UPDATE to lock rows which they are not
actually allowed to modify through UPDATE policies.

Use list_append_unique() to avoid adding the same quals multiple times,
as, on balance, the cost of checking when adding the quals will almost
always be cheaper than keeping them and doing busywork for each tuple
during execution.

Back-patch to 9.5 where RLS was added.

src/backend/rewrite/rowsecurity.c		diff \| blob \| history
src/test/regress/expected/rowsecurity.out		diff \| blob \| history