[HACKERS] Row Level Security Bug ?

2017-11-12 Thread Andrea Adami 
Hello,
i have a db with a couple of tables
(enclosed the script to recreate it, please have a look before to proceed)
i enabled the row level security and all seem to work fine

if i do it (connected in as superuser like, usualy, postgres is):

select school, description, example
from schools

i can see all the rows

if i do:

SET ROLE 'manage...@scuola-1.it'

select school, description, example
from school

i see only one row (as expected)

but when i do:

select *
from _rls_test

select *
FROM _rls_test_security_barrier

select *
from _rls_test_with_check_local

select *
from _rls_test_with_check_local_cascade

I see all the rows always

this way i lack all the row level security i defined

is this either a bug or it's made by design ?
if it's made by design why ?
Is there  a way to write view that respect the row level security ?
For my point of view is a nonsense make a row level security that doesn't
work with the view.

Thanks to all the spend time to answer me.

here:
https://github.com/scuola247/postgresql
you can have a look at the complete database

Andrea Adami

===
===
===

CREATE DATABASE test
  WITH OWNER = postgres
   ENCODING = 'UTF8'
   TABLESPACE = pg_default
   CONNECTION LIMIT = -1;


CREATE SEQUENCE public.pk_seq
  INCREMENT 1
  MINVALUE 1
  MAXVALUE 9223372036854775807
  START 736220
  CACHE 1;


CREATE TABLE public.schools
(
  school bigint NOT NULL DEFAULT nextval('pk_seq'::regclass), -- Uniquely
identifies the table row
  description character varying(160) NOT NULL, -- Description for the school
  processing_code character varying(160) NOT NULL, -- A code that identify
the school on the government information system
  mnemonic character varying(30) NOT NULL, -- Short description to be use
as code
  example boolean NOT NULL DEFAULT false, -- It indicates that the data
have been inserted to be an example of the use of the data base
  behavior bigint, -- Indicates the subject used for the behavior
  CONSTRAINT schools_pk PRIMARY KEY (school),
  CONSTRAINT schools_uq_description UNIQUE (description),
  CONSTRAINT schools_uq_mnemonic UNIQUE (mnemonic),
  CONSTRAINT schools_uq_processing_code UNIQUE (processing_code, example)
);

-- Index: public.schools_fk_behavior

CREATE INDEX schools_fk_behavior
  ON public.schools
  USING btree
  (behavior);


CREATE TABLE public.usenames_schools
(
  usename_school bigint NOT NULL DEFAULT nextval('pk_seq'::regclass), --
Unique identification code for the row
  usename name NOT NULL, -- The session's usename
  school bigint NOT NULL, -- School enabled for the the usename
  CONSTRAINT usenames_schools_pk PRIMARY KEY (usename_school),
  CONSTRAINT usenames_schools_fk_school FOREIGN KEY (school)
  REFERENCES public.schools (school) MATCH SIMPLE
  ON UPDATE CASCADE ON DELETE CASCADE,
  CONSTRAINT usenames_schools_uq_usename_school UNIQUE (usename, school) --
Foe every usename one school can be enabled only one time
);

-- Index: public.usenames_schools_fx_school

CREATE INDEX usenames_schools_fx_school
  ON public.usenames_schools
  USING btree
  (school);

  CREATE OR REPLACE VIEW public._rls_test AS
 SELECT schools.school,
schools.description,
schools.example
   FROM schools;


CREATE OR REPLACE VIEW public._rls_test_security_barrier WITH
(security_barrier=true) AS
 SELECT schools.school,
schools.description,
schools.example
   FROM schools;

CREATE OR REPLACE VIEW public._rls_test_with_check_local WITH
(check_option=local) AS
 SELECT schools.school,
schools.description,
schools.example
   FROM schools;

CREATE OR REPLACE VIEW public._rls_test_with_check_local_cascade WITH
(check_option=cascaded) AS
 SELECT schools.school,
schools.description,
schools.example
   FROM schools;

-- now same data
-- now same data
-- now same data

INSERT INTO
public.schools(school,description,processing_code,mnemonic,example) VALUES
('289610','Istituto comprensivo "Voyager"','ZZIC1Z','IC
VOYAGER','t');
INSERT INTO
public.schools(school,description,processing_code,mnemonic,example) VALUES
('20','Istituto Tecnico Tecnologico "Leonardo da
Vinci"','ZZITTZ','ITT DAVINCI','t');
INSERT INTO
public.schools(school,description,processing_code,mnemonic,example) VALUES
('10','Istituto comprensivo ''Andromeda''','ZZIC8Z','IC
ANDROMEDA','t');


INSERT INTO public.usenames_schools(usename_school,usename,school) VALUES
('7266330','manage...@scuola-1.it','10');


-- THEN ENABLE ROW LEVEL SECURITY
-- THEN ENABLE ROW LEVEL SECURITY
-- THEN ENABLE ROW LEVEL SECURITY


  ALTER TABLE

[HACKERS] CREATE POLICY bug ?

2016-08-19 Thread Andrea Adami 
Hello,
i'm testing the new row security level  functionality in postgresql 9.5.
To do that i run this script:

---cut here --

CREATE TABLE public.policy_tab
(
  id bigint NOT NULL,
  description character varying(160) NOT NULL,
  usr name NOT NULL,
  CONSTRAINT policy_tab_pk PRIMARY KEY (id)
);

ALTER TABLE public.policy_tab OWNER TO postgres;

GRANT ALL ON TABLE public.policy_tab TO public;

CREATE OR REPLACE VIEW public.policy_view AS
 SELECT id,
description,
usr
   FROM public.policy_tab;

ALTER TABLE public.policy_view
  OWNER TO postgres;
GRANT ALL ON TABLE public.policy_view TO public;

ALTER TABLE public.policy_tab ENABLE ROW LEVEL SECURITY;

CREATE POLICY standard ON public.policy_tab
FOR ALL
TO PUBLIC
USING (usr = current_user);

INSERT INTO public.policy_tab (id, description, usr) VALUES (1,'uno','
mana...@scuola247.it');
INSERT INTO public.policy_tab (id, description, usr) VALUES (2,'due','
mana...@scuola247.it');
INSERT INTO public.policy_tab (id, description, usr) VALUES (3,'tre','
mana...@scuola247.it');
INSERT INTO public.policy_tab (id, description, usr) VALUES (4,'quattro','
teac...@scuola247.it');
INSERT INTO public.policy_tab (id, description, usr) VALUES (5,'cinque','
teac...@scuola247.it');

---cut here --

after that i run the query: "select * from public.policy_tab"

and the the oupt was what i excpected:

rows 1,2,3 for user: mana...@scuola247.it
rows 4,5 for user: teac...@scuola247.it
rows 1,2,3,4,5  for user:  postgres (the policy doesn't work for him)

but when i run the query: "select * from public.policy_view"

the ouput is the same (all rows)  for all users

i'm doing some mistakes or this is a bug ?

thank you in advance for the time you would like dedicate to me.

Andrea Adami

[HACKERS] Query Procedures

2016-04-21 Thread Andrea Adami 
Hello, i'm a developer from italy and i need to make a query to get the
list of stored procedures with its signature.
Basically I would like to get the same list pgAdmin shows under the node
functions of the database tree on left panel. with the query : p.oid AS
SELECT oid , p.proname AS name , p.proargtypes FROM pg_proc p I get the
list of procedures with the column "proargtypes" that contains the list of
parameters's type.
Each digit of proargtypes column refers to the corresponding tuple in
pg_type So far all is fine, the problems arise when i want convert these
numbers to strings as the previously mentioned pgAdmin did: 1 ) in typname
column (of pg_type table) some time, I did not understand why , there is a
space in front of the name , better: a space is displayed but there is not
a space because a trim do not throw away . 2 ) I can not understand what
colums tell me if the type of data in question is an array ( to display it
with ' [ ] ' appended to the name ) Someone is kind enough to put me on the
right track ?

p.s.
the function: pg_catalog.pg_get_function_arguments(p.oid) show what i need
but after the parameter name, what i want is a list of parameter's datatype
(the signature) without the parameter's name

thank you in advance
Andrea Adami