diff options
| author | Tom Lane | 2015-01-24 21:16:22 +0000 |
|---|---|---|
| committer | Tom Lane | 2015-01-24 21:16:22 +0000 |
| commit | fd496129d160950ed681c1150ea8f627b292c511 (patch) | |
| tree | 692b18245d6efca00dea4e99f66595ae0d16691a /src/test | |
| parent | f8a4dd2e141a12e349882edecc683504acb82ec8 (diff) | |
Clean up some mess in row-security patches.
Fix unsafe coding around PG_TRY in RelationBuildRowSecurity: can't change
a variable inside PG_TRY and then use it in PG_CATCH without marking it
"volatile". In this case though it seems saner to avoid that by doing
a single assignment before entering the TRY block.
I started out just intending to fix that, but the more I looked at the
row-security code the more distressed I got. This patch also fixes
incorrect construction of the RowSecurityPolicy cache entries (there was
not sufficient care taken to copy pass-by-ref data into the cache memory
context) and a whole bunch of sloppiness around the definition and use of
pg_policy.polcmd. You can't use nulls in that column because initdb will
mark it NOT NULL --- and I see no particular reason why a null entry would
be a good idea anyway, so changing initdb's behavior is not the right
answer. The internal value of '\0' wouldn't be suitable in a "char" column
either, so after a bit of thought I settled on using '*' to represent ALL.
Chasing those changes down also revealed that somebody wasn't paying
attention to what the underlying values of ACL_UPDATE_CHR etc really were,
and there was a great deal of lackadaiscalness in the catalogs.sgml
documentation for pg_policy and pg_policies too.
This doesn't pretend to be a complete code review for the row-security
stuff, it just fixes the things that were in my face while dealing with
the bugs in RelationBuildRowSecurity.
Diffstat (limited to 'src/test')
| -rw-r--r-- | src/test/regress/expected/rules.out | 17 |
1 files changed, 7 insertions, 10 deletions
diff --git a/src/test/regress/expected/rules.out b/src/test/regress/expected/rules.out index 80c33512916..7df5d2dce9a 100644 --- a/src/test/regress/expected/rules.out +++ b/src/test/regress/expected/rules.out @@ -1363,16 +1363,13 @@ pg_policies| SELECT n.nspname AS schemaname, WHERE (pg_authid.oid = ANY (pol.polroles)) ORDER BY pg_authid.rolname) END AS roles, - CASE - WHEN (pol.polcmd IS NULL) THEN 'ALL'::text - ELSE - CASE pol.polcmd - WHEN 'r'::"char" THEN 'SELECT'::text - WHEN 'a'::"char" THEN 'INSERT'::text - WHEN 'u'::"char" THEN 'UPDATE'::text - WHEN 'd'::"char" THEN 'DELETE'::text - ELSE NULL::text - END + CASE pol.polcmd + WHEN 'r'::"char" THEN 'SELECT'::text + WHEN 'a'::"char" THEN 'INSERT'::text + WHEN 'w'::"char" THEN 'UPDATE'::text + WHEN 'd'::"char" THEN 'DELETE'::text + WHEN '*'::"char" THEN 'ALL'::text + ELSE NULL::text END AS cmd, pg_get_expr(pol.polqual, pol.polrelid) AS qual, pg_get_expr(pol.polwithcheck, pol.polrelid) AS with_check |