Skip to content

Commit 2ca9d54

Browse files
sfrostsfrost
committed
Apply SELECT policies in INSERT/UPDATE+RETURNING
Similar to 7d8db3e, given that INSERT+RETURNING requires SELECT rights on the table, apply the SELECT policies as WCOs to the tuples being inserted. Apply the same logic to UPDATE+RETURNING. Back-patch to 9.5 where RLS was added.
1 parent 4158cc3 commit 2ca9d54

File tree

1 file changed

+29
-3
lines changed

1 file changed

+29
-3
lines changed

src/backend/rewrite/rowsecurity.c

Lines changed: 29 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -271,6 +271,30 @@ get_row_security_policies(Query *root, RangeTblEntry *rte, int rt_index,
271271
withCheckOptions,
272272
hasSubLinks);
273273

274+
/*
275+
* Get and add ALL/SELECT policies, if SELECT rights are required
276+
* for this relation (eg: when RETURNING is used). These are added as
277+
* WCO policies rather than security quals to ensure that an error is
278+
* raised if a policy is violated; otherwise, we might end up silently
279+
* dropping rows to be added.
280+
*/
281+
if (rte->requiredPerms & ACL_SELECT)
282+
{
283+
List *select_permissive_policies = NIL;
284+
List *select_restrictive_policies = NIL;
285+
286+
get_policies_for_relation(rel, CMD_SELECT, user_id,
287+
&select_permissive_policies,
288+
&select_restrictive_policies);
289+
add_with_check_options(rel, rt_index,
290+
commandType == CMD_INSERT ?
291+
WCO_RLS_INSERT_CHECK : WCO_RLS_UPDATE_CHECK,
292+
select_permissive_policies,
293+
select_restrictive_policies,
294+
withCheckOptions,
295+
hasSubLinks);
296+
}
297+
274298
/*
275299
* For INSERT ... ON CONFLICT DO UPDATE we need additional policy
276300
* checks for the UPDATE which may be applied to the same RTE.
@@ -300,9 +324,11 @@ get_row_security_policies(Query *root, RangeTblEntry *rte, int rt_index,
300324
hasSubLinks);
301325

302326
/*
303-
* Get and add ALL/SELECT policies, if SELECT rights are required
304-
* for this relation, also as WCO policies, again, to avoid
305-
* silently dropping data. See above.
327+
* Get and add ALL/SELECT policies, as WCO_RLS_CONFLICT_CHECK
328+
* WCOs to ensure they are considered when taking the UPDATE
329+
* path of an INSERT .. ON CONFLICT DO UPDATE, if SELECT
330+
* rights are required for this relation, also as WCO policies,
331+
* again, to avoid silently dropping data. See above.
306332
*/
307333
if (rte->requiredPerms & ACL_SELECT)
308334
{

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy