Correctly set userid of subquery relations' child rels

The RelOptInfo->userid field (the user ID to check permissions as) of an
"otherrel" relation was being copied from its parent relation, which is
correct in most cases but wrong when the parent is a subquery.  In that
case, using the value from the RTEPermissionInfo of the child itself is
the appropriate thing to do.

Coming up with a test case where user-visible behavior changes proves
hard enough, so we don't add one here.

Bug introduced by a61b1f74823c, discovered by Amit while reviewing
nearby code.

Author: Amit Langote <amitlangote09@gmail.com>
Discussion: https://postgr.es/m/CA+HiwqE0WY_AhLnGtTsY7eYebG212XWbM-D8gr2A_ToOHyCywQ@mail.gmail.com

diff --git a/src/backend/optimizer/util/relnode.c b/src/backend/optimizer/util/relnode.c
index a70a16238a8526b5a306053beb874543301aa08f..d29a25f8aa6185d5872e3557386c78b7ae5fd75c 100644 (file)
--- a/src/backend/optimizer/util/relnode.c
+++ b/src/backend/optimizer/util/relnode.c
@@ -233,12 +233,22 @@ build_simple_rel(PlannerInfo *root, int relid, RelOptInfo *parent)
        rel->serverid = InvalidOid;
        if (rte->rtekind == RTE_RELATION)
        {
+               Assert(parent == NULL ||
+                          parent->rtekind == RTE_RELATION ||
+                          parent->rtekind == RTE_SUBQUERY);
+
                /*
-                * Get the userid from the relation's RTEPermissionInfo, though only
-                * the tables mentioned in query are assigned RTEPermissionInfos.
-                * Child relations (otherrels) simply use the parent's value.
+                * For any RELATION rte, we need a userid with which to check
+                * permission access. Baserels simply use their own
+                * RTEPermissionInfo's checkAsUser.
+                *
+                * For otherrels normally there's no RTEPermissionInfo, so we use the
+                * parent's, which normally has one. The exceptional case is that the
+                * parent is a subquery, in which case the otherrel will have its own.
                 */
-               if (parent == NULL)
+               if (rel->reloptkind == RELOPT_BASEREL ||
+                       (rel->reloptkind == RELOPT_OTHER_MEMBER_REL &&
+                        parent->rtekind == RTE_SUBQUERY))
                {
                        RTEPermissionInfo *perminfo;