53 List **permissive_policies,
54 List **restrictive_policies);
61 List *permissive_policies,
62 List *restrictive_policies,
69 List *permissive_policies,
70 List *restrictive_policies,
71 List **withCheckOptions,
99 List **securityQuals,
List **withCheckOptions,
100 bool *hasRowSecurity,
bool *hasSubLinks)
106 List *permissive_policies;
107 List *restrictive_policies;
111 *securityQuals =
NIL;
112 *withCheckOptions =
NIL;
113 *hasRowSecurity =
false;
114 *hasSubLinks =
false;
119 if (rte->relkind != RELKIND_RELATION &&
120 rte->relkind != RELKIND_PARTITIONED_TABLE)
148 *hasRowSecurity =
true;
164 commandType = rt_index ==
root->resultRelation ?
197 List *update_permissive_policies;
198 List *update_restrictive_policies;
201 &update_permissive_policies,
202 &update_restrictive_policies);
205 update_permissive_policies,
206 update_restrictive_policies,
219 &restrictive_policies);
226 restrictive_policies,
244 List *select_permissive_policies;
245 List *select_restrictive_policies;
248 &select_permissive_policies,
249 &select_restrictive_policies);
252 select_permissive_policies,
253 select_restrictive_policies,
273 restrictive_policies,
287 List *select_permissive_policies =
NIL;
288 List *select_restrictive_policies =
NIL;
291 &select_permissive_policies,
292 &select_restrictive_policies);
296 select_permissive_policies,
297 select_restrictive_policies,
310 List *conflict_permissive_policies;
311 List *conflict_restrictive_policies;
312 List *conflict_select_permissive_policies =
NIL;
313 List *conflict_select_restrictive_policies =
NIL;
317 &conflict_permissive_policies,
318 &conflict_restrictive_policies);
328 conflict_permissive_policies,
329 conflict_restrictive_policies,
344 &conflict_select_permissive_policies,
345 &conflict_select_restrictive_policies);
348 conflict_select_permissive_policies,
349 conflict_select_restrictive_policies,
358 conflict_permissive_policies,
359 conflict_restrictive_policies,
373 conflict_select_permissive_policies,
374 conflict_select_restrictive_policies,
406 List *merge_update_permissive_policies;
407 List *merge_update_restrictive_policies;
408 List *merge_delete_permissive_policies;
409 List *merge_delete_restrictive_policies;
410 List *merge_insert_permissive_policies;
411 List *merge_insert_restrictive_policies;
412 List *merge_select_permissive_policies =
NIL;
413 List *merge_select_restrictive_policies =
NIL;
420 &merge_update_permissive_policies,
421 &merge_update_restrictive_policies);
429 merge_update_permissive_policies,
430 merge_update_restrictive_policies,
438 merge_update_permissive_policies,
439 merge_update_restrictive_policies,
452 &merge_select_permissive_policies,
453 &merge_select_restrictive_policies);
456 merge_select_permissive_policies,
457 merge_select_restrictive_policies,
468 &merge_delete_permissive_policies,
469 &merge_delete_restrictive_policies);
477 merge_delete_permissive_policies,
478 merge_delete_restrictive_policies,
489 &merge_insert_permissive_policies,
490 &merge_insert_restrictive_policies);
494 merge_insert_permissive_policies,
495 merge_insert_restrictive_policies,
509 merge_select_permissive_policies,
510 merge_select_restrictive_policies,
529 *hasRowSecurity =
true;
542 List **permissive_policies,
543 List **restrictive_policies)
547 *permissive_policies =
NIL;
548 *restrictive_policies =
NIL;
553 bool cmd_matches =
false;
557 if (policy->
polcmd ==
'*')
589 elog(
ERROR,
"unrecognized policy command type %d",
602 *permissive_policies =
lappend(*permissive_policies, policy);
604 *restrictive_policies =
lappend(*restrictive_policies, policy);
621 List *hook_policies =
622 (*row_security_policy_hook_restrictive) (cmd, relation);
632 foreach(item, hook_policies)
637 *restrictive_policies =
lappend(*restrictive_policies, policy);
643 List *hook_policies =
644 (*row_security_policy_hook_permissive) (cmd, relation);
646 foreach(item, hook_policies)
651 *permissive_policies =
lappend(*permissive_policies, policy);
701 List *permissive_policies,
702 List *restrictive_policies,
703 List **securityQuals,
714 foreach(item, permissive_policies)
718 if (policy->
qual != NULL)
720 permissive_quals =
lappend(permissive_quals,
732 if (permissive_quals !=
NIL)
740 foreach(item, restrictive_policies)
745 if (policy->
qual != NULL)
774 *securityQuals =
lappend(*securityQuals,
799 List *permissive_policies,
800 List *restrictive_policies,
801 List **withCheckOptions,
808#define QUAL_FOR_WCO(policy) \
810 (policy)->with_check_qual != NULL ? \
811 (policy)->with_check_qual : (policy)->qual )
817 foreach(item, permissive_policies)
836 if (permissive_quals !=
NIL)
868 foreach(item, restrictive_policies)
907 *withCheckOptions =
lappend(*withCheckOptions, wco);
bool has_privs_of_role(Oid member, Oid role)
#define Assert(condition)
#define OidIsValid(objectId)
List * lappend(List *list, void *datum)
void list_sort(List *list, list_sort_comparator cmp)
List * list_append_unique(List *list, void *datum)
Expr * makeBoolExpr(BoolExprType boolop, List *args, int location)
Const * makeConst(Oid consttype, int32 consttypmod, Oid constcollid, int constlen, Datum constvalue, bool constisnull, bool constbyval)
char * pstrdup(const char *in)
RTEPermissionInfo * getRTEPermissionInfo(List *rteperminfos, RangeTblEntry *rte)
@ WCO_RLS_MERGE_UPDATE_CHECK
@ WCO_RLS_MERGE_DELETE_CHECK
static int list_length(const List *l)
static Datum BoolGetDatum(bool X)
#define RelationGetRelationName(relation)
void setRuleCheckAsUser(Node *node, Oid userid)
void ChangeVarNodes(Node *node, int rt_index, int new_index, int sublevels_up)
int check_enable_rls(Oid relid, Oid checkAsUser, bool noError)
row_security_policy_hook_type row_security_policy_hook_permissive
void get_row_security_policies(Query *root, RangeTblEntry *rte, int rt_index, List **securityQuals, List **withCheckOptions, bool *hasRowSecurity, bool *hasSubLinks)
static bool check_role_for_policy(ArrayType *policy_roles, Oid user_id)
row_security_policy_hook_type row_security_policy_hook_restrictive
#define QUAL_FOR_WCO(policy)
static void sort_policies_by_name(List *policies)
static void add_with_check_options(Relation rel, int rt_index, WCOKind kind, List *permissive_policies, List *restrictive_policies, List **withCheckOptions, bool *hasSubLinks, bool force_using)
static void get_policies_for_relation(Relation relation, CmdType cmd, Oid user_id, List **permissive_policies, List **restrictive_policies)
static int row_security_policy_cmp(const ListCell *a, const ListCell *b)
static void add_security_quals(int rt_index, List *permissive_policies, List *restrictive_policies, List **securityQuals, bool *hasSubLinks)
List *(* row_security_policy_hook_type)(CmdType cmdtype, Relation relation)
struct RowSecurityDesc * rd_rsdesc
void table_close(Relation relation, LOCKMODE lockmode)
Relation table_open(Oid relationId, LOCKMODE lockmode)