Joe Conway <[EMAIL PROTECTED]> writes:
> Sorry if I'm being thick, but what of this?
This is exactly what I'm talking about. The rtable for a query
generated by a rule is the concatenation of the original query's rtable
and the rule query's rtable. Therefore the RTE for table1 appears
twice, once in the original INSERT query and once in the generated
UPDATE query (even though the UPDATE query does not actually use that
RTE in this case). This would be okay if the RTE's write permission
flag were not context-dependent, but because it is, we have a problem.
The patch I put into 7.3.3 assumed that we could just suppress
permission checks on the copied RTEs, but if the original query is
getting dropped due to INSTEAD, we really need to carry out those
permission checks in the generated query --- there is no place else.
So AFAICS we must make the permission checks non-context-dependent.
regards, tom lane
---------------------------(end of broadcast)---------------------------
TIP 8: explain analyze is your friend
