| From: | Joe Conway <mail(at)joeconway(dot)com> |
|---|---|
| To: | Dean Rasheed <dean(dot)a(dot)rasheed(at)gmail(dot)com> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [COMMITTERS] pgsql: Row-Level Security Policies (RLS) |
| Date: | 2015-07-30 16:40:53 |
| Message-ID: | 55BA5395.2060409@joeconway.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers pgsql-hackers |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/30/2015 06:52 AM, Dean Rasheed wrote:
> On 30 July 2015 at 01:35, Joe Conway <mail(at)joeconway(dot)com> wrote:
>> On 06/01/2015 02:21 AM, Dean Rasheed wrote:
>>> While going through this, I spotted another issue --- in a DML
>>> query with additional non-target relations, such as UPDATE t1
>>> .. FROM t2 .., the old code was checking the UPDATE policies of
>>> both t1 and t2, but really I think it ought to be checking the
>>> SELECT policies of t2 (in the same way as this query requires
>>> SELECT table permissions on t2, not UPDATE permissions). I've
>>> changed that and added new regression tests to test that
>>> change.
>>
>> I assume the entire refactoring patch needs a fair bit of work
>> to rebase against current HEAD,
>
> Actually, there haven't been any conflicting changes so far, so a
> git rebase was able to automatically merge correctly -- new patch
> attached, with some minor comment rewording (not affecting the
> bug-fix part).
Good to hear.
> Even so, I agree that it makes sense to apply the bug-fix
> separately, since it's not really anything to do with the
> refactoring.
>
>> but I picked out the attached to address just the above issue.
>> Does this look correct, and if so does it make sense to apply at
>> least this part right now?
>
> Looks correct to me.
Thanks -- committed and pushed to HEAD and 9.5
- --
Joe Conway
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBAgAGBQJVulOVAAoJEDfy90M199hlURUP/2TF7r77taLPhQtEk3CFFQEn
mrt90N4DJ43VwGwC7mfdBsKXoJ+3jF3Hpghw/7ulI731/Io7C514gYDDvwGkrJWu
vK3vzXEQu9CIIfh97CsJ5mmenaaxrF9ZSaWDbYvQQMwMnxUS5CGWwR6VSp+NhCZ9
cnfA7idbxNjfBsjG0nQvtSgV/HOp0tP3A6dlYPTXPiIzbT9IiOpxWPwoQYgMSTcP
TBgK5MHG5JWrK1Bcg3BlQzYZefKEwN+LGU6zal4P4AjM14FfyMKfMc9A6EP9vtRl
jFekmRUddbXxWddl0ZSSV5BY9BLTRL2CZFhMQNQ9xKDlsK1cuYORN4v+TgRCjPKy
PdMH2tgndWsNNRTmj/vWUJxMXnHARl8MmtY8pau5Z6PKNUcASqd5Xq+zfKxOw8vf
lS8c4eRsLcCD+TZ1rv5K6VULmwBViU0gKP6Xs62yDHsz/Zwvt2ar1fW/25peohhb
m4j8vOCsdik9DDcJf6dF8sbb/z0FVh+JQqWhjbSJYioX9BOw/1AoNbi44wS7HzV1
vdhWx6qGWZnxi5qtb9j8BU0eFr/Q65kU3hsp2smRA/IK0bCQaO08rDQlPYsIHq10
SFodULNKFzpGvkzQ2Yqv1oyJ6jMvLtWgr9vBUZvPo8OHUyAkR8kfrZyzWyr/L/Mm
6jcuFNdYSS5F7W/S7ost
=GJw9
-----END PGP SIGNATURE-----
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joe Conway | 2015-07-30 17:17:17 | pgsql: Improve CREATE FUNCTION doc WRT to LEAKPROOF RLS interaction. |
| Previous Message | Joe Conway | 2015-07-30 16:39:09 | pgsql: Use appropriate command type when retrieving relation's policies |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2015-07-30 16:51:07 | Re: dblink: add polymorphic functions. |
| Previous Message | Andrew Dunstan | 2015-07-30 16:40:00 | TAP tests are badly named |