Disallow converting a table to a view if row security is present.

When DefineQueryRewrite() is about to convert a table to a view, it checks the table for features unavailable to views. For example, it rejects tables having triggers. It omits to reject tables having relrowsecurity or a pg_policy record. Fix that. To faciliate the repair, invent relation_has_policies() which indicates the presence of policies on a relation even when row security is disabled for that relation. Reported by Noah Misch. Patch by me, review by Stephen Frost. Back-patch to 9.5 where RLS was introduced.
2025-07-08 11:42:09 +03:00 · 2015-07-28 16:24:01 -07:00
parent f781a0f1d8
commit d824e2800f
5 changed files with 97 additions and 5 deletions
--- a/src/backend/commands/policy.c
+++ b/src/backend/commands/policy.c
@ -1037,3 +1037,32 @@ get_relation_policy_oid(Oid relid, const char *policy_name, bool missing_ok)

 	return policy_oid;
 }
+
+/*
+ * relation_has_policies - Determine if relation has any policies
+ */
+bool
+relation_has_policies(Relation rel)
+{
+	Relation	catalog;
+	ScanKeyData skey;
+	SysScanDesc sscan;
+	HeapTuple	policy_tuple;
+	bool		ret = false;
+
+	catalog = heap_open(PolicyRelationId, AccessShareLock);
+	ScanKeyInit(&skey,
+				Anum_pg_policy_polrelid,
+				BTEqualStrategyNumber, F_OIDEQ,
+				ObjectIdGetDatum(RelationGetRelid(rel)));
+	sscan = systable_beginscan(catalog, PolicyPolrelidPolnameIndexId, true,
+							   NULL, 1, &skey);
+	policy_tuple = systable_getnext(sscan);
+	if (HeapTupleIsValid(policy_tuple))
+		ret = true;
+
+	systable_endscan(sscan);
+	heap_close(catalog, AccessShareLock);
+
+	return ret;
+}