Disallow converting a table to a view if row security is present.
Joe Conway <mail@joeconway.com>
Disallow converting a table to a view if row security is present. When DefineQueryRewrite() is about to convert a table to a view, it checks the table for features unavailable to views. For example, it rejects tables having triggers. It omits to reject tables having relrowsecurity or a pg_policy record. Fix that. To faciliate the repair, invent relation_has_policies() which indicates the presence of policies on a relation even when row security is disabled for that relation. Reported by Noah Misch. Patch by me, review by Stephen Frost. Back-patch to 9.5 where RLS was introduced.
Files
| Path | Change | +/− |
|---|---|---|
| src/backend/commands/policy.c | modified | +29 −0 |
| src/backend/rewrite/rewriteDefine.c | modified | +19 −5 |
| src/include/commands/policy.h | modified | +1 −0 |
| src/test/regress/expected/rowsecurity.out | modified | +23 −0 |
| src/test/regress/sql/rowsecurity.sql | modified | +25 −0 |