On 02/06/2014 12:43 PM, Craig Ringer wrote: > 1. Try (again) to do row-security in the rewriter. This was previously > impossible because of the definition of row-security behaviour around > inheritance, but with the simplified inheritance model now proposed I > think it's possible.
Thanks to the simplified requirements for inheritance, this turns out to be fairly easy. There's a version rewritten to use the rewriter in the tag: rls-9.4-upd-sb-views-v6 on https://github.com/ringerc/postgres.git The trickiest bit remaining is how to register the PlanInvalItem to force plan invalidation when the user-id changes. This was easy in the optimizer, but it's not obvious how to do it cleanly in the rewriter. I've got a couple of ideas but don't much like either of them. Recommendations from the experienced welcomed. Other more minor open items, each of which look quite quick: I haven't plugged in rewriter-based recursion detection yet, but that looks fairly easy (famous last words?). It's 10pm and I have an early start, so that won't happen tonight. I haven't removed some cruft from the previous approach from the Query node either; I need to trim the diff. The regression test expected file needs adjustment to match the new inheritance rules, and to cover a couple of new tests I've added. Needs a better error when it gets an unacceptable rewrite product during security qual rewriting (modeled on the errors for CTEs). Easy, just some cookie cutter code. Need to cherry-pick the docs patch back on top of the patch tree now things are settling. Amazingly, I think this has a hope. -- Craig Ringer http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
