diff options
| author | Stephen Frost <sfrost@snowman.net> | 2015-10-05 07:55:11 -0400 |
|---|---|---|
| committer | Stephen Frost <sfrost@snowman.net> | 2015-10-05 07:55:11 -0400 |
| commit | bd9014768035dd70f8cc33c215a8b929c2e13a35 (patch) | |
| tree | 1a0d86c46f700df70d197d65569635732508240e /src | |
| parent | 31fb4df69d1364c79cfab0a2bd4470d0c48e942e (diff) | |
| download | postgresql-bd9014768035dd70f8cc33c215a8b929c2e13a35.tar.gz postgresql-bd9014768035dd70f8cc33c215a8b929c2e13a35.zip | |
Apply SELECT policies in INSERT/UPDATE+RETURNING
Similar to 7d8db3e, given that INSERT+RETURNING requires SELECT rights
on the table, apply the SELECT policies as WCOs to the tuples being
inserted. Apply the same logic to UPDATE+RETURNING.
Back-patch to 9.5 where RLS was added.
Diffstat (limited to 'src')
| -rw-r--r-- | src/backend/rewrite/rowsecurity.c | 32 |
1 files changed, 29 insertions, 3 deletions
diff --git a/src/backend/rewrite/rowsecurity.c b/src/backend/rewrite/rowsecurity.c index 3d7f7a3a18b..eebc493849f 100644 --- a/src/backend/rewrite/rowsecurity.c +++ b/src/backend/rewrite/rowsecurity.c @@ -272,6 +272,30 @@ get_row_security_policies(Query *root, RangeTblEntry *rte, int rt_index, hasSubLinks); /* + * Get and add ALL/SELECT policies, if SELECT rights are required + * for this relation (eg: when RETURNING is used). These are added as + * WCO policies rather than security quals to ensure that an error is + * raised if a policy is violated; otherwise, we might end up silently + * dropping rows to be added. + */ + if (rte->requiredPerms & ACL_SELECT) + { + List *select_permissive_policies = NIL; + List *select_restrictive_policies = NIL; + + get_policies_for_relation(rel, CMD_SELECT, user_id, + &select_permissive_policies, + &select_restrictive_policies); + add_with_check_options(rel, rt_index, + commandType == CMD_INSERT ? + WCO_RLS_INSERT_CHECK : WCO_RLS_UPDATE_CHECK, + select_permissive_policies, + select_restrictive_policies, + withCheckOptions, + hasSubLinks); + } + + /* * For INSERT ... ON CONFLICT DO UPDATE we need additional policy * checks for the UPDATE which may be applied to the same RTE. */ @@ -300,9 +324,11 @@ get_row_security_policies(Query *root, RangeTblEntry *rte, int rt_index, hasSubLinks); /* - * Get and add ALL/SELECT policies, if SELECT rights are required - * for this relation, also as WCO policies, again, to avoid - * silently dropping data. See above. + * Get and add ALL/SELECT policies, as WCO_RLS_CONFLICT_CHECK + * WCOs to ensure they are considered when taking the UPDATE + * path of an INSERT .. ON CONFLICT DO UPDATE, if SELECT + * rights are required for this relation, also as WCO policies, + * again, to avoid silently dropping data. See above. */ if (rte->requiredPerms & ACL_SELECT) { |