aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorStephen Frost <sfrost@snowman.net>2015-10-05 07:55:11 -0400
committerStephen Frost <sfrost@snowman.net>2015-10-05 07:55:11 -0400
commitbd9014768035dd70f8cc33c215a8b929c2e13a35 (patch)
tree1a0d86c46f700df70d197d65569635732508240e /src
parent31fb4df69d1364c79cfab0a2bd4470d0c48e942e (diff)
downloadpostgresql-bd9014768035dd70f8cc33c215a8b929c2e13a35.tar.gz
postgresql-bd9014768035dd70f8cc33c215a8b929c2e13a35.zip
Apply SELECT policies in INSERT/UPDATE+RETURNING
Similar to 7d8db3e, given that INSERT+RETURNING requires SELECT rights on the table, apply the SELECT policies as WCOs to the tuples being inserted. Apply the same logic to UPDATE+RETURNING. Back-patch to 9.5 where RLS was added.
Diffstat (limited to 'src')
-rw-r--r--src/backend/rewrite/rowsecurity.c32
1 files changed, 29 insertions, 3 deletions
diff --git a/src/backend/rewrite/rowsecurity.c b/src/backend/rewrite/rowsecurity.c
index 3d7f7a3a18b..eebc493849f 100644
--- a/src/backend/rewrite/rowsecurity.c
+++ b/src/backend/rewrite/rowsecurity.c
@@ -272,6 +272,30 @@ get_row_security_policies(Query *root, RangeTblEntry *rte, int rt_index,
hasSubLinks);
/*
+ * Get and add ALL/SELECT policies, if SELECT rights are required
+ * for this relation (eg: when RETURNING is used). These are added as
+ * WCO policies rather than security quals to ensure that an error is
+ * raised if a policy is violated; otherwise, we might end up silently
+ * dropping rows to be added.
+ */
+ if (rte->requiredPerms & ACL_SELECT)
+ {
+ List *select_permissive_policies = NIL;
+ List *select_restrictive_policies = NIL;
+
+ get_policies_for_relation(rel, CMD_SELECT, user_id,
+ &select_permissive_policies,
+ &select_restrictive_policies);
+ add_with_check_options(rel, rt_index,
+ commandType == CMD_INSERT ?
+ WCO_RLS_INSERT_CHECK : WCO_RLS_UPDATE_CHECK,
+ select_permissive_policies,
+ select_restrictive_policies,
+ withCheckOptions,
+ hasSubLinks);
+ }
+
+ /*
* For INSERT ... ON CONFLICT DO UPDATE we need additional policy
* checks for the UPDATE which may be applied to the same RTE.
*/
@@ -300,9 +324,11 @@ get_row_security_policies(Query *root, RangeTblEntry *rte, int rt_index,
hasSubLinks);
/*
- * Get and add ALL/SELECT policies, if SELECT rights are required
- * for this relation, also as WCO policies, again, to avoid
- * silently dropping data. See above.
+ * Get and add ALL/SELECT policies, as WCO_RLS_CONFLICT_CHECK
+ * WCOs to ensure they are considered when taking the UPDATE
+ * path of an INSERT .. ON CONFLICT DO UPDATE, if SELECT
+ * rights are required for this relation, also as WCO policies,
+ * again, to avoid silently dropping data. See above.
*/
if (rte->requiredPerms & ACL_SELECT)
{