Permission checking wasn't quite right for insert/update/delete rules,

author Tom Lane <tgl@sss.pgh.pa.us>

Thu, 3 May 2001 21:16:48 +0000 (21:16 +0000)

committer Tom Lane <tgl@sss.pgh.pa.us>

Thu, 3 May 2001 21:16:48 +0000 (21:16 +0000)
author Tom Lane <tgl@sss.pgh.pa.us>
Thu, 3 May 2001 21:16:48 +0000 (21:16 +0000)
committer Tom Lane <tgl@sss.pgh.pa.us>
Thu, 3 May 2001 21:16:48 +0000 (21:16 +0000)
diff --git a/src/backend/rewrite/rewriteDefine.c b/src/backend/rewrite/rewriteDefine.c

index 5fec419b461e1da8bf08ae96db087c7beacdb7eb..4cebece58cdd84f29e03834c093901c222d14a63 100644 (file)
--- a/src/backend/rewrite/rewriteDefine.c
+++ b/src/backend/rewrite/rewriteDefine.c
@@ -8,7 +8,7 @@
   *
   *
   * IDENTIFICATION
- *       $Header: /cvsroot/pgsql/src/backend/rewrite/rewriteDefine.c,v 1.61 2001/03/23 04:49:54 momjian Exp $
+ *       $Header: /cvsroot/pgsql/src/backend/rewrite/rewriteDefine.c,v 1.62 2001/05/03 21:16:48 tgl Exp $
   *
   *-------------------------------------------------------------------------
   */
@@ -377,7 +377,7 @@ DefineQueryRewrite(RuleStmt *stmt)
          * We want the rule's table references to be checked as though by the
          * rule owner, not the user referencing the rule.  Therefore, scan
          * through the rule's rtables and set the checkAsUser field on all
-        * rtable entries (except *OLD* and *NEW*).
+        * rtable entries.
          */
         foreach(l, action)
         {
@@ -426,29 +426,28 @@ DefineQueryRewrite(RuleStmt *stmt)
  /*
   * setRuleCheckAsUser
   *             Recursively scan a query and set the checkAsUser field to the
- *             given userid in all rtable entries except *OLD* and *NEW*.
+ *             given userid in all rtable entries.
+ *
+ * Note: for a view (ON SELECT rule), the checkAsUser field of the *OLD*
+ * RTE entry will be overridden when the view rule is expanded, and the
+ * checkAsUser field of the *NEW* entry is irrelevant because that entry's
+ * checkFor bits will never be set.  However, for other types of rules it's
+ * important to set these fields to match the rule owner.  So we just set
+ * them always.
   */
  static void
  setRuleCheckAsUser(Query *qry, Oid userid)
  {
         List       *l;
  
-       /* Set all the RTEs in this query node, except OLD and NEW */
+       /* Set all the RTEs in this query node */
         foreach(l, qry->rtable)
         {
                 RangeTblEntry *rte = (RangeTblEntry *) lfirst(l);
  
-               if (strcmp(rte->eref->relname, "*NEW*") == 0)
-                       continue;
-               if (strcmp(rte->eref->relname, "*OLD*") == 0)
-                       continue;
-
                 if (rte->subquery)
                 {
-
-                       /*
-                        * Recurse into subquery in FROM
-                        */
+                       /* Recurse into subquery in FROM */
                         setRuleCheckAsUser(rte->subquery, userid);
                 }
                 else
author	Tom Lane <tgl@sss.pgh.pa.us>
	Thu, 3 May 2001 21:16:48 +0000 (21:16 +0000)
committer	Tom Lane <tgl@sss.pgh.pa.us>
	Thu, 3 May 2001 21:16:48 +0000 (21:16 +0000)