Re: RLS open items are vague and unactionable

* Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
> On Tue, Sep 15, 2015 at 10:22 AM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> > Unless there are other concerns or issues raised, I'll push this later
> > today.
>
> So does this mean that the first RLS open item is addressed? If so,
> can it be moved to the "resolved after 9.5alpha2" section? Based on
> commit 4f3b2a8883c47b6710152a8e157f8a02656d0e68 I *think* yes but...

I hadn't moved it because there was ongoing discussion and I had an open
item (see: 20150923185403(dot)GC3685(at)tamriel(dot)snowman(dot)net and the thread
leading up to it).

Attached is a patch to address exactly that issue. This is all in the
commit message, of course, but the gist of it is:

If SELECT rights are required then apply the SELECT policies, even if
the actual command is an UPDATE or DELETE. This covers the RETURNING
case which was discussed previously, so we don't need the explicit check
for that, and further addresses the concern raised by Zhaomo about
someone abusing the WHERE clause in an UPDATE or DELETE.

Further, if UPDATE rights are required then apply the UPDATE policies,
even if the actual command is a SELECT. This addresses the concern that
a user might be able to lock rows they're not actually allowed to UPDATE
through the UPDATE policies.

Comments welcome, of course. Barring concerns, I'll get this pushed
tomorrow.

Thanks!

Stephen