From d1a0491949be85e5991ef026b455744976dae1f1 Mon Sep 17 00:00:00 2001
From: Andreas Lind <andreaslindpetersen@gmail.com>
Date: Wed, 19 Jun 2024 22:20:42 +0200
Subject: [PATCH v1 2/4] Wire it up in the planner

---
 src/backend/optimizer/path/equivclass.c   | 4 +++-
 src/backend/optimizer/plan/createplan.c   | 6 ++++--
 src/backend/optimizer/util/restrictinfo.c | 5 +++--
 3 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/src/backend/optimizer/path/equivclass.c b/src/backend/optimizer/path/equivclass.c
index 441f12f6c50..3c72265b496 100644
--- a/src/backend/optimizer/path/equivclass.c
+++ b/src/backend/optimizer/path/equivclass.c
@@ -31,7 +31,9 @@
 #include "optimizer/planmain.h"
 #include "optimizer/restrictinfo.h"
 #include "rewrite/rewriteManip.h"
+#include "utils/acl.h"
 #include "utils/lsyscache.h"
+#include "miscadmin.h"
 
 
 static EquivalenceMember *make_eq_member(EquivalenceClass *ec,
@@ -203,7 +205,7 @@ process_equivalence(PlannerInfo *root,
 	Assert(restrictinfo->right_ec == NULL);
 
 	/* Reject if it is potentially postponable by security considerations */
-	if (restrictinfo->security_level > 0 && !restrictinfo->leakproof)
+	if (restrictinfo->security_level > 0 && !(restrictinfo->leakproof || has_bypassleakproof_privilege(GetUserId())))
 		return false;
 
 	/* Extract info from given clause */
diff --git a/src/backend/optimizer/plan/createplan.c b/src/backend/optimizer/plan/createplan.c
index a8f22a8c154..6318e635ca1 100644
--- a/src/backend/optimizer/plan/createplan.c
+++ b/src/backend/optimizer/plan/createplan.c
@@ -42,8 +42,9 @@
 #include "parser/parsetree.h"
 #include "partitioning/partprune.h"
 #include "tcop/tcopprot.h"
+#include "utils/acl.h"
 #include "utils/lsyscache.h"
-
+#include "miscadmin.h"
 
 /*
  * Flag bits that can appear in the flags argument of create_plan_recurse().
@@ -5394,7 +5395,8 @@ order_qual_clauses(PlannerInfo *root, List *clauses)
 			 * security level, which is not so great, but we can alleviate
 			 * that risk by applying the cost limit cutoff.
 			 */
-			if (rinfo->leakproof && items[i].cost < 10 * cpu_operator_cost)
+			if ((rinfo->leakproof || has_bypassleakproof_privilege(GetUserId())) &&
+				items[i].cost < 10 * cpu_operator_cost)
 				items[i].security_level = 0;
 			else
 				items[i].security_level = rinfo->security_level;
diff --git a/src/backend/optimizer/util/restrictinfo.c b/src/backend/optimizer/util/restrictinfo.c
index a80083d2323..b9e0b4f7e43 100644
--- a/src/backend/optimizer/util/restrictinfo.c
+++ b/src/backend/optimizer/util/restrictinfo.c
@@ -19,7 +19,8 @@
 #include "optimizer/clauses.h"
 #include "optimizer/optimizer.h"
 #include "optimizer/restrictinfo.h"
-
+#include "utils/acl.h"
+#include "miscadmin.h"
 
 static Expr *make_sub_restrictinfos(PlannerInfo *root,
 									Expr *clause,
@@ -427,7 +428,7 @@ restriction_is_securely_promotable(RestrictInfo *restrictinfo,
 	 * would need to go before this one, *or* if this one is leakproof.
 	 */
 	if (restrictinfo->security_level <= rel->baserestrict_min_security ||
-		restrictinfo->leakproof)
+		restrictinfo->leakproof || has_bypassleakproof_privilege(GetUserId()))
 		return true;
 	else
 		return false;
-- 
2.39.2