}
}
+ /*
+ * Also, we might have absorbed some RTEs with RLS conditions into the
+ * sub_action. If so, mark it as hasRowSecurity, whether or not those
+ * RTEs will be referenced after we finish rewriting. (Note: currently
+ * this is a no-op because RLS conditions aren't added till later, but it
+ * seems like good future-proofing to do this anyway.)
+ */
+ sub_action->hasRowSecurity |= parsetree->hasRowSecurity;
+
/*
* Each rule action's jointree should be the main parsetree's jointree
* plus that rule's jointree, but usually *without* the original rtindex
}
/*
- * Add the new security quals to the start of the RTE's list so
- * that they get applied before any existing security quals (which
- * might have come from a user-written security barrier view, and
- * might contain malicious code).
+ * Add the new security barrier quals to the start of the RTE's
+ * list so that they get applied before any existing barrier quals
+ * (which would have come from a security-barrier view, and should
+ * get lower priority than RLS conditions on the table itself).
*/
rte->securityQuals = list_concat(securityQuals,
rte->securityQuals);
* only adjust their varnos to reference the new target (just the same as
* we did with the view targetlist).
*
- * Note that there is special-case handling for the quals of a security
- * barrier view, since they need to be kept separate from any
- * user-supplied quals, so these quals are kept on the new target RTE.
+ * If it's a security-barrier view, its WHERE quals must be applied before
+ * quals from the outer query, so we attach them to the RTE as security
+ * barrier quals rather than adding them to the main WHERE clause.
*
* For INSERT, the view's quals can be ignored in the main query.
*/
if (RelationIsSecurityView(view))
{
/*
+ * The view's quals go in front of existing barrier quals: those
+ * would have come from an outer level of security-barrier view,
+ * and so must get evaluated later.
+ *
* Note: the parsetree has been mutated, so the new_rte pointer is
* stale and needs to be re-computed.
*/
new_rte = rt_fetch(new_rt_index, parsetree->rtable);
new_rte->securityQuals = lcons(viewqual, new_rte->securityQuals);
+ /*
+ * Do not set parsetree->hasRowSecurity, because these aren't RLS
+ * conditions (they aren't affected by enabling/disabling RLS).
+ */
+
/*
* Make sure that the query is marked correctly if the added qual
* has sublinks.
* FirstLowInvalidHeapAttributeNumber from column numbers before storing
* them in these fields. A whole-row Var reference is represented by
* setting the bit for InvalidAttrNumber.
+ *
+ * securityQuals is a list of security barrier quals (boolean expressions),
+ * to be tested in the listed order before returning a row from the
+ * relation. It is always NIL in parser output. Entries are added by the
+ * rewriter to implement security-barrier views and/or row-level security.
+ * Note that the planner turns each boolean expression into an implicitly
+ * AND'ed sublist, as is its usual habit with qualification expressions.
*--------------------
*/
typedef enum RTEKind
Bitmapset *selectedCols; /* columns needing SELECT permission */
Bitmapset *insertedCols; /* columns needing INSERT permission */
Bitmapset *updatedCols; /* columns needing UPDATE permission */
- List *securityQuals; /* any security barrier quals to apply */
+ List *securityQuals; /* security barrier quals to apply, if any */
} RangeTblEntry;
/*
projects / postgresql.git / commitdiff