On 2014-02-11 12:09, Craig Ringer wrote:
On 02/11/2014 06:05 PM, Yeb Havinga wrote:
On 2014-02-11 09:36, Craig Ringer wrote:
On 02/06/2014 10:19 PM, Craig Ringer wrote:
On 02/06/2014 12:43 PM, Craig Ringer wrote:
1. Try (again) to do row-security in the rewriter. This was previously
impossible because of the definition of row-security behaviour around
inheritance, but with the simplified inheritance model now proposed I
think it's possible.
Thanks to the simplified requirements for inheritance, this turns out to
be fairly easy. There's a version rewritten to use the rewriter in
the tag:
rls-9.4-upd-sb-views-v6
on https://github.com/ringerc/postgres.git
... which was totally wrong, and I blame lack of sleep for it ever
getting pushed. I didn't understand the rewriter as well as I thought.
v7 applies row-security quals in fireRIRrules .
New tag:
rls-9.4-upd-sb-views-v6
Hi Craig,
This looks to be the same v6 version as the initial rewriter version.
https://github.com/ringerc/postgres/commits/rls-9.4-upd-sb-views-v6
Whoops, wrong paste.
rls-9.4-upd-sb-views-v7
Hi Craig,
I compared output of psql -ef of the minirim.sql script posted earlier
in http://www.postgresql.org/message-id/52f54927.1040...@gmail.com
between v4 and v7.
Not everything is ok.
Seq Scan on patient (cost=0.00..29589.31 rows=495 width=52)
Filter: (SubPlan 1)
SubPlan 1
@@ -555,7 +592,7 @@
-> Materialize (cost=26.39..570.62 rows=1014 width=4)
-> Subquery Scan on act (cost=26.39..565.55
rows=1014 width=4)
-> Nested Loop Semi Join
(cost=26.39..555.41 rows=1014 width=108)
- Join Filter: (((part.act = act_1.id)
AND (emp_2.pgname = ("current_user"())::text)) OR (NOT
((act_1.confidentialitycode)::text[] @> '{s}'::text[])))
+ Join Filter: (((part.act = act_1.id)
AND (emp_2.pgname = ("current_user"())::text)) OR (NOT
((act_1.effectivetime)::text[] @> '{s}'::text[])))
-> Append (cost=0.00..31.19
rows=1019 width=108)
-> Seq Scan on act act_1
(cost=0.00..1.59 rows=59 width=108)
@@ -587,12 +624,8 @@
FROM patient, person, organization
WHERE patient.player = person.id
AND patient.scoper = organization.id;
- id | vipcode | name | birthtime | name
-----+---------+----------+---------------------+--------------------------------
- 10 | | John Doe | 1963-04-01 00:00:00 | Community Health and
Hospitals
- 16 | | John Doe | 1963-04-01 00:00:00 | Community Mental
Health Clinic
-(2 rows)
-
+psql:/home/m/minirim2.sql:409: ERROR: attribute 6 has wrong type
+DETAIL: Table has type tsrange, but query expects _confidentialitycode.
@@ -629,7 +662,4 @@
SET SESSION AUTHORIZATION sigmund;
SET
SELECT * FROM test;
- id | classcode | moodcode | code | confidentialitycode | effectivetime
-----+-----------+----------+------+---------------------+---------------
-(0 rows)
-
+psql:/home/m/minirim2.sql:439: connection to server was lost
regards,
Yeb Havinga
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
