| From: | "Heikki Linnakangas" <heikki(at)enterprisedb(dot)com> |
|---|---|
| To: | "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | "Brendan O'Shea" <boshea(at)akamai(dot)com>, <pgsql-bugs(at)postgresql(dot)org> |
| Subject: | Re: BUG #4350: 'select' acess given to views containing "union all" even though user has no grants |
| Date: | 2008-08-13 07:00:20 |
| Message-ID: | 48A28684.60002@enterprisedb.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Tom Lane wrote:
> Hm, the "Assert(rte->subquery != NULL)" doesn't seem right ...
> couldn't there be non-RTE_SUBQUERY rtes in the child? I think the
> original coding was guaranteed to visit only subquery-type RTEs
> but I'm much less convinced about this one. It might
> be better to say
> if (rte->rtekind == RTE_SUBQUERY)
> IncrementVarSublevelsUp(...);
>
> Or maybe it's okay; I'm too lazy to recheck the representation of
> UNION ALL right now.
Oh, indeed it's not okay. The original UNION ALL view is a prime example
of that. I didn't notice because I was testing without assertions.
Hmm, do we need the copyObject() call for non-subquery RTEs? I'm
guessing no, because they're not modified.
--
Heikki Linnakangas
EnterpriseDB http://www.enterprisedb.com
| Attachment | Content-Type | Size |
|---|---|---|
| fix-union-all-view-perm-4.patch | text/x-diff | 6.0 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bhaskar Sirohi | 2008-08-13 12:38:28 | BUG #4352: Service fails to start when moved from domain to workgroup |
| Previous Message | Tom Lane | 2008-08-12 19:07:27 | Re: BUG #4350: 'select' acess given to views containing "union all" even though user has no grants |