64 List **permissive_policies,
65 List **restrictive_policies);
72 List *permissive_policies,
73 List *restrictive_policies,
80 List *permissive_policies,
81 List *restrictive_policies,
82 List **withCheckOptions,
110 List **securityQuals,
List **withCheckOptions,
111 bool *hasRowSecurity,
bool *hasSubLinks)
117 List *permissive_policies;
118 List *restrictive_policies;
122 *securityQuals =
NIL;
123 *withCheckOptions =
NIL;
124 *hasRowSecurity =
false;
125 *hasSubLinks =
false;
130 if (rte->
relkind != RELKIND_RELATION &&
131 rte->
relkind != RELKIND_PARTITIONED_TABLE)
159 *hasRowSecurity =
true;
175 commandType = rt_index == root->resultRelation ?
208 List *update_permissive_policies;
209 List *update_restrictive_policies;
212 &update_permissive_policies,
213 &update_restrictive_policies);
216 update_permissive_policies,
217 update_restrictive_policies,
230 &restrictive_policies);
237 restrictive_policies,
255 List *select_permissive_policies;
256 List *select_restrictive_policies;
259 &select_permissive_policies,
260 &select_restrictive_policies);
263 select_permissive_policies,
264 select_restrictive_policies,
278 Assert(rt_index == root->resultRelation);
284 restrictive_policies,
298 List *select_permissive_policies =
NIL;
299 List *select_restrictive_policies =
NIL;
302 &select_permissive_policies,
303 &select_restrictive_policies);
307 select_permissive_policies,
308 select_restrictive_policies,
321 List *conflict_permissive_policies;
322 List *conflict_restrictive_policies;
323 List *conflict_select_permissive_policies =
NIL;
324 List *conflict_select_restrictive_policies =
NIL;
328 &conflict_permissive_policies,
329 &conflict_restrictive_policies);
339 conflict_permissive_policies,
340 conflict_restrictive_policies,
355 &conflict_select_permissive_policies,
356 &conflict_select_restrictive_policies);
359 conflict_select_permissive_policies,
360 conflict_select_restrictive_policies,
369 conflict_permissive_policies,
370 conflict_restrictive_policies,
384 conflict_select_permissive_policies,
385 conflict_select_restrictive_policies,
417 List *merge_update_permissive_policies;
418 List *merge_update_restrictive_policies;
419 List *merge_delete_permissive_policies;
420 List *merge_delete_restrictive_policies;
421 List *merge_insert_permissive_policies;
422 List *merge_insert_restrictive_policies;
429 &merge_update_permissive_policies,
430 &merge_update_restrictive_policies);
438 merge_update_permissive_policies,
439 merge_update_restrictive_policies,
447 merge_update_permissive_policies,
448 merge_update_restrictive_policies,
460 List *merge_select_permissive_policies;
461 List *merge_select_restrictive_policies;
464 &merge_select_permissive_policies,
465 &merge_select_restrictive_policies);
468 merge_select_permissive_policies,
469 merge_select_restrictive_policies,
480 &merge_delete_permissive_policies,
481 &merge_delete_restrictive_policies);
489 merge_delete_permissive_policies,
490 merge_delete_restrictive_policies,
501 &merge_insert_permissive_policies,
502 &merge_insert_restrictive_policies);
506 merge_insert_permissive_policies,
507 merge_insert_restrictive_policies,
526 *hasRowSecurity =
true;
539 List **permissive_policies,
540 List **restrictive_policies)
544 *permissive_policies =
NIL;
545 *restrictive_policies =
NIL;
550 bool cmd_matches =
false;
554 if (policy->
polcmd ==
'*')
586 elog(
ERROR,
"unrecognized policy command type %d",
599 *permissive_policies =
lappend(*permissive_policies, policy);
601 *restrictive_policies =
lappend(*restrictive_policies, policy);
618 List *hook_policies =
619 (*row_security_policy_hook_restrictive) (cmd, relation);
629 foreach(item, hook_policies)
634 *restrictive_policies =
lappend(*restrictive_policies, policy);
640 List *hook_policies =
641 (*row_security_policy_hook_permissive) (cmd, relation);
643 foreach(item, hook_policies)
648 *permissive_policies =
lappend(*permissive_policies, policy);
698 List *permissive_policies,
699 List *restrictive_policies,
700 List **securityQuals,
711 foreach(item, permissive_policies)
715 if (policy->
qual != NULL)
717 permissive_quals =
lappend(permissive_quals,
729 if (permissive_quals !=
NIL)
737 foreach(item, restrictive_policies)
742 if (policy->
qual != NULL)
771 *securityQuals =
lappend(*securityQuals,
796 List *permissive_policies,
797 List *restrictive_policies,
798 List **withCheckOptions,
805 #define QUAL_FOR_WCO(policy) \
807 (policy)->with_check_qual != NULL ? \
808 (policy)->with_check_qual : (policy)->qual )
814 foreach(item, permissive_policies)
833 if (permissive_quals !=
NIL)
865 foreach(item, restrictive_policies)
904 *withCheckOptions =
lappend(*withCheckOptions, wco);
bool has_privs_of_role(Oid member, Oid role)
#define OidIsValid(objectId)
elog(ERROR, "%s: %s", p2, msg)
Assert(fmt[strlen(fmt) - 1] !='\n')
void list_sort(List *list, list_sort_comparator cmp)
List * lappend(List *list, void *datum)
List * list_append_unique(List *list, void *datum)
Const * makeConst(Oid consttype, int32 consttypmod, Oid constcollid, int constlen, Datum constvalue, bool constisnull, bool constbyval)
Expr * makeBoolExpr(BoolExprType boolop, List *args, int location)
char * pstrdup(const char *in)
RTEPermissionInfo * getRTEPermissionInfo(List *rteperminfos, RangeTblEntry *rte)
@ WCO_RLS_MERGE_UPDATE_CHECK
@ WCO_RLS_MERGE_DELETE_CHECK
static int list_length(const List *l)
static Datum BoolGetDatum(bool X)
#define RelationGetRelationName(relation)
void setRuleCheckAsUser(Node *node, Oid userid)
void ChangeVarNodes(Node *node, int rt_index, int new_index, int sublevels_up)
int check_enable_rls(Oid relid, Oid checkAsUser, bool noError)
row_security_policy_hook_type row_security_policy_hook_permissive
void get_row_security_policies(Query *root, RangeTblEntry *rte, int rt_index, List **securityQuals, List **withCheckOptions, bool *hasRowSecurity, bool *hasSubLinks)
static bool check_role_for_policy(ArrayType *policy_roles, Oid user_id)
row_security_policy_hook_type row_security_policy_hook_restrictive
#define QUAL_FOR_WCO(policy)
static void sort_policies_by_name(List *policies)
static void add_with_check_options(Relation rel, int rt_index, WCOKind kind, List *permissive_policies, List *restrictive_policies, List **withCheckOptions, bool *hasSubLinks, bool force_using)
static void get_policies_for_relation(Relation relation, CmdType cmd, Oid user_id, List **permissive_policies, List **restrictive_policies)
static int row_security_policy_cmp(const ListCell *a, const ListCell *b)
static void add_security_quals(int rt_index, List *permissive_policies, List *restrictive_policies, List **securityQuals, bool *hasSubLinks)
List *(* row_security_policy_hook_type)(CmdType cmdtype, Relation relation)
OnConflictExpr * onConflict
struct RowSecurityDesc * rd_rsdesc
void table_close(Relation relation, LOCKMODE lockmode)
Relation table_open(Oid relationId, LOCKMODE lockmode)