Disallow converting a table to a view if row security is present. When DefineQueryRewrite() is about to convert a table to a view, it checks the table for features unavailable to views. For example, it rejects tables having triggers. It omits to reject tables having relrowsecurity or a pg_policy record. Fix that. To faciliate the repair, invent relation_has_policies() which indicates the presence of policies on a relation even when row security is disabled for that relation.
Reported by Noah Misch. Patch by me, review by Stephen Frost. Back-patch to 9.5 where RLS was introduced. Branch ------ REL9_5_STABLE Details ------- http://git.postgresql.org/pg/commitdiff/344703bcc453ac3ce0060785d4958ddec7d2dbe9 Modified Files -------------- src/backend/commands/policy.c | 29 +++++++++++++++++++++++++++++ src/backend/rewrite/rewriteDefine.c | 24 +++++++++++++++++++----- src/include/commands/policy.h | 1 + src/test/regress/expected/rowsecurity.out | 23 +++++++++++++++++++++++ src/test/regress/sql/rowsecurity.sql | 25 +++++++++++++++++++++++++ 5 files changed, 97 insertions(+), 5 deletions(-) -- Sent via pgsql-committers mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-committers
