diff options
| author | Dean Rasheed <dean.a.rasheed@gmail.com> | 2017-11-24 14:12:50 +0000 |
|---|---|---|
| committer | Dean Rasheed <dean.a.rasheed@gmail.com> | 2017-11-24 14:12:50 +0000 |
| commit | a1187c4efe024e5a1f5cf9221b13a3f3226d92c5 (patch) | |
| tree | 0cb6130fd20c0f26a52efec5b2b19077124f04bb | |
| parent | a5339ac09502158d1c2b9503d077ad9a7114d620 (diff) | |
| download | postgresql-a1187c4efe024e5a1f5cf9221b13a3f3226d92c5.tar.gz postgresql-a1187c4efe024e5a1f5cf9221b13a3f3226d92c5.zip | |
RLS comment fixes.
The comments in get_policies_for_relation() say that CREATE POLICY
does not support defining restrictive policies. This is no longer
true, starting from PG10.
| -rw-r--r-- | src/backend/rewrite/rowsecurity.c | 8 |
1 files changed, 2 insertions, 6 deletions
diff --git a/src/backend/rewrite/rowsecurity.c b/src/backend/rewrite/rowsecurity.c index a0cd6b1075d..5bd33f7ba41 100644 --- a/src/backend/rewrite/rowsecurity.c +++ b/src/backend/rewrite/rowsecurity.c @@ -408,11 +408,7 @@ get_policies_for_relation(Relation relation, CmdType cmd, Oid user_id, *permissive_policies = NIL; *restrictive_policies = NIL; - /* - * First find all internal policies for the relation. CREATE POLICY does - * not currently support defining restrictive policies, so for now all - * internal policies are permissive. - */ + /* First find all internal policies for the relation. */ foreach(item, relation->rd_rsdesc->policies) { bool cmd_matches = false; @@ -450,7 +446,7 @@ get_policies_for_relation(Relation relation, CmdType cmd, Oid user_id, } /* - * Add this policy to the list of permissive policies if it applies to + * Add this policy to the relevant list of policies if it applies to * the specified role. */ if (cmd_matches && check_role_for_policy(policy->roles, user_id)) |