From d05b4bd7c6fb3a4d6766e70778a5720416bdbf57 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Thu, 3 May 2001 21:16:48 +0000 Subject: [PATCH] Permission checking wasn't quite right for insert/update/delete rules, either :-(. --- src/backend/rewrite/rewriteDefine.c | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/src/backend/rewrite/rewriteDefine.c b/src/backend/rewrite/rewriteDefine.c index 5fec419b46..4cebece58c 100644 --- a/src/backend/rewrite/rewriteDefine.c +++ b/src/backend/rewrite/rewriteDefine.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/rewrite/rewriteDefine.c,v 1.61 2001/03/23 04:49:54 momjian Exp $ + * $Header: /cvsroot/pgsql/src/backend/rewrite/rewriteDefine.c,v 1.62 2001/05/03 21:16:48 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -377,7 +377,7 @@ DefineQueryRewrite(RuleStmt *stmt) * We want the rule's table references to be checked as though by the * rule owner, not the user referencing the rule. Therefore, scan * through the rule's rtables and set the checkAsUser field on all - * rtable entries (except *OLD* and *NEW*). + * rtable entries. */ foreach(l, action) { @@ -426,29 +426,28 @@ DefineQueryRewrite(RuleStmt *stmt) /* * setRuleCheckAsUser * Recursively scan a query and set the checkAsUser field to the - * given userid in all rtable entries except *OLD* and *NEW*. + * given userid in all rtable entries. + * + * Note: for a view (ON SELECT rule), the checkAsUser field of the *OLD* + * RTE entry will be overridden when the view rule is expanded, and the + * checkAsUser field of the *NEW* entry is irrelevant because that entry's + * checkFor bits will never be set. However, for other types of rules it's + * important to set these fields to match the rule owner. So we just set + * them always. */ static void setRuleCheckAsUser(Query *qry, Oid userid) { List *l; - /* Set all the RTEs in this query node, except OLD and NEW */ + /* Set all the RTEs in this query node */ foreach(l, qry->rtable) { RangeTblEntry *rte = (RangeTblEntry *) lfirst(l); - if (strcmp(rte->eref->relname, "*NEW*") == 0) - continue; - if (strcmp(rte->eref->relname, "*OLD*") == 0) - continue; - if (rte->subquery) { - - /* - * Recurse into subquery in FROM - */ + /* Recurse into subquery in FROM */ setRuleCheckAsUser(rte->subquery, userid); } else -- GitLab