Re: [COMMITTERS] pgsql: Row-Level Security Policies (RLS)

On 30 July 2015 at 01:35, Joe Conway <mail@joeconway.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 06/01/2015 02:21 AM, Dean Rasheed wrote:
>> While going through this, I spotted another issue --- in a DML
>> query with additional non-target relations, such as UPDATE t1 ..
>> FROM t2 .., the old code was checking the UPDATE policies of both
>> t1 and t2, but really I think it ought to be checking the SELECT
>> policies of t2 (in the same way as this query requires SELECT table
>> permissions on t2, not UPDATE permissions). I've changed that and
>> added new regression tests to test that change.
>
> I assume the entire refactoring patch needs a fair bit of work to
> rebase against current HEAD,

Actually, there haven't been any conflicting changes so far, so a git
rebase was able to automatically merge correctly -- new patch
attached, with some minor comment rewording (not affecting the bug-fix
part).

Even so, I agree that it makes sense to apply the bug-fix separately,
since it's not really anything to do with the refactoring.


> but I picked out the attached to address
> just the above issue. Does this look correct, and if so does it make
> sense to apply at least this part right now?
>

Looks correct to me.

Thanks.

Regards,
Dean