Re: Row-security on updatable s.b. views - Mailing list pgsql-hackers
| From | Yeb Havinga |
|---|---|
| Subject | Re: Row-security on updatable s.b. views |
| Date | |
| Msg-id | 52FA155D.4070106@gmail.com Whole thread Raw |
| In response to | Re: Row-security on updatable s.b. views (Craig Ringer <craig@2ndquadrant.com>) |
| Responses |
Re: Row-security on updatable s.b. views
Re: Row-security on updatable s.b. views |
| List | pgsql-hackers |
On 2014-02-11 12:09, Craig Ringer wrote: > On 02/11/2014 06:05 PM, Yeb Havinga wrote: >> On 2014-02-11 09:36, Craig Ringer wrote: >>> On 02/06/2014 10:19 PM, Craig Ringer wrote: >>>> On 02/06/2014 12:43 PM, Craig Ringer wrote: >>>>> 1. Try (again) to do row-security in the rewriter. This was previously >>>>> impossible because of the definition of row-security behaviour around >>>>> inheritance, but with the simplified inheritance model now proposed I >>>>> think it's possible. >>>> Thanks to the simplified requirements for inheritance, this turns out to >>>> be fairly easy. There's a version rewritten to use the rewriter in >>>> the tag: >>>> >>>> rls-9.4-upd-sb-views-v6 >>>> >>>> on https://github.com/ringerc/postgres.git >>> ... which was totally wrong, and I blame lack of sleep for it ever >>> getting pushed. I didn't understand the rewriter as well as I thought. >>> >>> v7 applies row-security quals in fireRIRrules . >>> New tag: >>> >>> rls-9.4-upd-sb-views-v6 >> Hi Craig, >> >> This looks to be the same v6 version as the initial rewriter version. >> https://github.com/ringerc/postgres/commits/rls-9.4-upd-sb-views-v6 > Whoops, wrong paste. > > rls-9.4-upd-sb-views-v7 > Hi Craig, I compared output of psql -ef of the minirim.sql script posted earlier in http://www.postgresql.org/message-id/52F54927.1040102@gmail.com between v4 and v7. Not everything is ok. Seq Scan on patient (cost=0.00..29589.31 rows=495 width=52) Filter: (SubPlan 1) SubPlan 1 @@ -555,7 +592,7 @@ -> Materialize (cost=26.39..570.62 rows=1014 width=4) -> SubqueryScan on act (cost=26.39..565.55 rows=1014 width=4) -> Nested Loop Semi Join (cost=26.39..555.41 rows=1014 width=108) - Join Filter: (((part.act = act_1.id) AND (emp_2.pgname = ("current_user"())::text)) OR (NOT ((act_1.confidentialitycode)::text[] @> '{s}'::text[]))) + Join Filter: (((part.act = act_1.id) AND (emp_2.pgname = ("current_user"())::text)) OR (NOT ((act_1.effectivetime)::text[] @> '{s}'::text[]))) -> Append (cost=0.00..31.19 rows=1019 width=108) -> Seq Scan on act act_1 (cost=0.00..1.59 rows=59 width=108) @@ -587,12 +624,8 @@ FROM patient, person, organization WHERE patient.player = person.id AND patient.scoper = organization.id; - id | vipcode | name | birthtime | name -----+---------+----------+---------------------+-------------------------------- - 10 | | John Doe | 1963-04-01 00:00:00 | Community Health and Hospitals - 16 | | John Doe | 1963-04-01 00:00:00 | Community Mental Health Clinic -(2 rows) - +psql:/home/m/minirim2.sql:409: ERROR: attribute 6 has wrong type +DETAIL: Table has type tsrange, but query expects _confidentialitycode. @@ -629,7 +662,4 @@ SET SESSION AUTHORIZATION sigmund; SET SELECT * FROM test; - id | classcode | moodcode | code | confidentialitycode | effectivetime -----+-----------+----------+------+---------------------+--------------- -(0 rows) - +psql:/home/m/minirim2.sql:439: connection to server was lost regards, Yeb Havinga
pgsql-hackers by date: