aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/backend/rewrite/rewriteHandler.c67
-rw-r--r--src/test/regress/expected/rowsecurity.out58
-rw-r--r--src/test/regress/sql/rowsecurity.sql33
-rw-r--r--src/tools/pgindent/typedefs.list1
4 files changed, 153 insertions, 6 deletions
diff --git a/src/backend/rewrite/rewriteHandler.c b/src/backend/rewrite/rewriteHandler.c
index 89fb658f191..d7df6d40698 100644
--- a/src/backend/rewrite/rewriteHandler.c
+++ b/src/backend/rewrite/rewriteHandler.c
@@ -58,6 +58,12 @@ typedef struct acquireLocksOnSubLinks_context
bool for_execute; /* AcquireRewriteLocks' forExecute param */
} acquireLocksOnSubLinks_context;
+typedef struct fireRIRonSubLink_context
+{
+ List *activeRIRs;
+ bool hasRowSecurity;
+} fireRIRonSubLink_context;
+
static bool acquireLocksOnSubLinks(Node *node,
acquireLocksOnSubLinks_context *context);
static Query *rewriteRuleAction(Query *parsetree,
@@ -1840,6 +1846,12 @@ ApplyRetrieveRule(Query *parsetree,
rule_action = fireRIRrules(rule_action, activeRIRs);
/*
+ * Make sure the query is marked as having row security if the view query
+ * does.
+ */
+ parsetree->hasRowSecurity |= rule_action->hasRowSecurity;
+
+ /*
* Now, plug the view query in as a subselect, converting the relation's
* original RTE to a subquery RTE.
*/
@@ -1964,7 +1976,7 @@ markQueryForLocking(Query *qry, Node *jtnode,
* the SubLink's subselect link with the possibly-rewritten subquery.
*/
static bool
-fireRIRonSubLink(Node *node, List *activeRIRs)
+fireRIRonSubLink(Node *node, fireRIRonSubLink_context *context)
{
if (node == NULL)
return false;
@@ -1974,7 +1986,13 @@ fireRIRonSubLink(Node *node, List *activeRIRs)
/* Do what we came for */
sub->subselect = (Node *) fireRIRrules((Query *) sub->subselect,
- activeRIRs);
+ context->activeRIRs);
+
+ /*
+ * Remember if any of the sublinks have row security.
+ */
+ context->hasRowSecurity |= ((Query *) sub->subselect)->hasRowSecurity;
+
/* Fall through to process lefthand args of SubLink */
}
@@ -1983,7 +2001,7 @@ fireRIRonSubLink(Node *node, List *activeRIRs)
* subselects of subselects for us.
*/
return expression_tree_walker(node, fireRIRonSubLink,
- (void *) activeRIRs);
+ (void *) context);
}
@@ -2027,6 +2045,13 @@ fireRIRrules(Query *parsetree, List *activeRIRs)
if (rte->rtekind == RTE_SUBQUERY)
{
rte->subquery = fireRIRrules(rte->subquery, activeRIRs);
+
+ /*
+ * While we are here, make sure the query is marked as having row
+ * security if any of its subqueries do.
+ */
+ parsetree->hasRowSecurity |= rte->subquery->hasRowSecurity;
+
continue;
}
@@ -2140,6 +2165,12 @@ fireRIRrules(Query *parsetree, List *activeRIRs)
cte->ctequery = (Node *)
fireRIRrules((Query *) cte->ctequery, activeRIRs);
+
+ /*
+ * While we are here, make sure the query is marked as having row
+ * security if any of its CTEs do.
+ */
+ parsetree->hasRowSecurity |= ((Query *) cte->ctequery)->hasRowSecurity;
}
/*
@@ -2147,9 +2178,22 @@ fireRIRrules(Query *parsetree, List *activeRIRs)
* the rtable and cteList.
*/
if (parsetree->hasSubLinks)
- query_tree_walker(parsetree, fireRIRonSubLink, (void *) activeRIRs,
+ {
+ fireRIRonSubLink_context context;
+
+ context.activeRIRs = activeRIRs;
+ context.hasRowSecurity = false;
+
+ query_tree_walker(parsetree, fireRIRonSubLink, (void *) &context,
QTW_IGNORE_RC_SUBQUERIES);
+ /*
+ * Make sure the query is marked as having row security if any of its
+ * sublinks do.
+ */
+ parsetree->hasRowSecurity |= context.hasRowSecurity;
+ }
+
/*
* Apply any row level security policies. We do this last because it
* requires special recursion detection if the new quals have sublink
@@ -2188,6 +2232,7 @@ fireRIRrules(Query *parsetree, List *activeRIRs)
if (hasSubLinks)
{
acquireLocksOnSubLinks_context context;
+ fireRIRonSubLink_context fire_context;
/*
* Recursively process the new quals, checking for infinite
@@ -2218,11 +2263,21 @@ fireRIRrules(Query *parsetree, List *activeRIRs)
* Now that we have the locks on anything added by
* get_row_security_policies, fire any RIR rules for them.
*/
+ fire_context.activeRIRs = activeRIRs;
+ fire_context.hasRowSecurity = false;
+
expression_tree_walker((Node *) securityQuals,
- fireRIRonSubLink, (void *) activeRIRs);
+ fireRIRonSubLink, (void *) &fire_context);
expression_tree_walker((Node *) withCheckOptions,
- fireRIRonSubLink, (void *) activeRIRs);
+ fireRIRonSubLink, (void *) &fire_context);
+
+ /*
+ * We can ignore the value of fire_context.hasRowSecurity
+ * since we only reach this code in cases where hasRowSecurity
+ * is already true.
+ */
+ Assert(hasRowSecurity);
activeRIRs = list_delete_first(activeRIRs);
}
diff --git a/src/test/regress/expected/rowsecurity.out b/src/test/regress/expected/rowsecurity.out
index c37c9b90a68..d19411bd7e4 100644
--- a/src/test/regress/expected/rowsecurity.out
+++ b/src/test/regress/expected/rowsecurity.out
@@ -4062,6 +4062,64 @@ execute q;
--------------+---
(0 rows)
+-- make sure RLS dependencies in CTEs are handled
+reset role;
+create or replace function rls_f() returns setof rls_t
+ stable language sql
+ as $$ with cte as (select * from rls_t) select * from cte $$;
+prepare r as select current_user, * from rls_f();
+set role regress_rls_alice;
+execute r;
+ current_user | c
+-------------------+------------------
+ regress_rls_alice | invisible to bob
+(1 row)
+
+set role regress_rls_bob;
+execute r;
+ current_user | c
+--------------+---
+(0 rows)
+
+-- make sure RLS dependencies in subqueries are handled
+reset role;
+create or replace function rls_f() returns setof rls_t
+ stable language sql
+ as $$ select * from (select * from rls_t) _ $$;
+prepare s as select current_user, * from rls_f();
+set role regress_rls_alice;
+execute s;
+ current_user | c
+-------------------+------------------
+ regress_rls_alice | invisible to bob
+(1 row)
+
+set role regress_rls_bob;
+execute s;
+ current_user | c
+--------------+---
+(0 rows)
+
+-- make sure RLS dependencies in sublinks are handled
+reset role;
+create or replace function rls_f() returns setof rls_t
+ stable language sql
+ as $$ select exists(select * from rls_t)::text $$;
+prepare t as select current_user, * from rls_f();
+set role regress_rls_alice;
+execute t;
+ current_user | c
+-------------------+------
+ regress_rls_alice | true
+(1 row)
+
+set role regress_rls_bob;
+execute t;
+ current_user | c
+-----------------+-------
+ regress_rls_bob | false
+(1 row)
+
RESET ROLE;
DROP FUNCTION rls_f();
DROP TABLE rls_t;
diff --git a/src/test/regress/sql/rowsecurity.sql b/src/test/regress/sql/rowsecurity.sql
index 6973cc4ed04..14318336984 100644
--- a/src/test/regress/sql/rowsecurity.sql
+++ b/src/test/regress/sql/rowsecurity.sql
@@ -1889,6 +1889,39 @@ execute q;
set role regress_rls_bob;
execute q;
+-- make sure RLS dependencies in CTEs are handled
+reset role;
+create or replace function rls_f() returns setof rls_t
+ stable language sql
+ as $$ with cte as (select * from rls_t) select * from cte $$;
+prepare r as select current_user, * from rls_f();
+set role regress_rls_alice;
+execute r;
+set role regress_rls_bob;
+execute r;
+
+-- make sure RLS dependencies in subqueries are handled
+reset role;
+create or replace function rls_f() returns setof rls_t
+ stable language sql
+ as $$ select * from (select * from rls_t) _ $$;
+prepare s as select current_user, * from rls_f();
+set role regress_rls_alice;
+execute s;
+set role regress_rls_bob;
+execute s;
+
+-- make sure RLS dependencies in sublinks are handled
+reset role;
+create or replace function rls_f() returns setof rls_t
+ stable language sql
+ as $$ select exists(select * from rls_t)::text $$;
+prepare t as select current_user, * from rls_f();
+set role regress_rls_alice;
+execute t;
+set role regress_rls_bob;
+execute t;
+
RESET ROLE;
DROP FUNCTION rls_f();
DROP TABLE rls_t;
diff --git a/src/tools/pgindent/typedefs.list b/src/tools/pgindent/typedefs.list
index ec178ddc1ef..12b84201459 100644
--- a/src/tools/pgindent/typedefs.list
+++ b/src/tools/pgindent/typedefs.list
@@ -2866,6 +2866,7 @@ filemap_t
finalize_primnode_context
find_dependent_phvs_context
find_expr_references_context
+fireRIRonSubLink_context
fix_join_expr_context
fix_scan_expr_context
fix_upper_expr_context
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-22 21:14:50 +0000