-- test this file separately. Be careful the second update statement turns off
-- super user permission for _USER_.

--
-- SECURITY CRUFT
--
UPDATE pg_class
   SET relacl='{}'
   WHERE relname !~ 'pg_*'::text;

UPDATE pg_user
   SET usesuper='f'::bool
   WHERE usename = '_USER_';


CREATE TABLE myclass0 (a int4);


-- these should all succeed 
INSERT INTO myclass0 (a) VALUES (5);

SELECT a FROM myclass0;

UPDATE myclass0 SET a=6;

INSERT INTO myclass0 (a) VALUES (10);

INSERT INTO myclass0 (a) VALUES (20);

UPDATE myclass0 SET a=10 WHERE myclass0.a < 10;

UPDATE myclass0 SET a=myclass0.a+1;

DELETE FROM myclass0 WHERE myclass0.a > 15;

CREATE RULE foo AS ON SELECT TO myclass0 DO INSTEAD NOTHING;

DROP RULE foo;


CHANGE ACL _USER_-arR myclass0;


-- succeeds 
UPDATE myclass0 SET a=1;

-- succeeds (we still have write permission) 
INSERT INTO myclass0 (a) VALUES (100);

-- fails 
select a from myclass0;

-- fails due to read in qualification 
update myclass0 set a = 10 where myclass0.a < 15;

-- fails due to read in target list 
update myclass0 set a = myclass0.a + 1;

-- fails due to read in qualification 
delete from myclass0 where myclass0.a >= 100;

-- fails 
create rule foo as on retrieve to myclass0 do instead nothing;