projects / postgresql.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ab7590e) | patch
Perform RLS subquery checks as the right user when going via a view.
authorDean Rasheed
Tue, 2 Apr 2019 07:17:04 +0000 (08:17 +0100)
committerDean Rasheed
Tue, 2 Apr 2019 07:17:04 +0000 (08:17 +0100)
commit157dcf534f8e12486d425d6c0d111c065fbbb841
tree58c78d2ffe6df57ed0d4d0580cbd508035db2f68tree
parentab7590e9197cd9b1ab691ab0b08794a79f26e592commit | diff
Perform RLS subquery checks as the right user when going via a view.

When accessing a table with RLS via a view, the RLS checks are
performed as the view owner. However, the code neglected to propagate
that to any subqueries in the RLS checks. Fix that by calling
setRuleCheckAsUser() for all RLS policy quals and withCheckOption
checks for RTEs with RLS.

Back-patch to 9.5 where RLS was added.

Per bug #15708 from daurnimator.

Discussion: https://postgr.es/m/15708-d65cab2ce9b1717a@postgresql.org
src/backend/rewrite/rowsecurity.c diff | blob | blame | history
src/test/regress/expected/rowsecurity.out diff | blob | blame | history
src/test/regress/sql/rowsecurity.sql diff | blob | blame | history
This is the main PostgreSQL git repository.