Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit78d7256

Browse files
committed
Fix CreatePolicy, pg_dump -v; psql and doc updates
Peter G pointed out that valgrind was, rightfully, complaining aboutCreatePolicy() ending up copying beyond the end of the parsed policyname. Name is a fixed-size type and we need to use namein (throughDirectFunctionCall1()) to flush out the entire array before we passit down to heap_form_tuple.Michael Paquier pointed out that pg_dump --verbose was missing anewline and Fabrízio de Royes Mello further pointed out that theschema was also missing from the messages, so fix those also.Also, based on an off-list comment from Kevin, rework the psql \doutput to facilitate copy/pasting into a new CREATE or ALTER POLICYcommand.Lastly, improve the pg_policies view and update the documentation forit, along with a few other minor doc corrections based on an off-listdiscussion with Adam Brightwell.
1 parent5968570 commit78d7256

File tree

6 files changed

+122
-27
lines changed

6 files changed

+122
-27
lines changed

‎doc/src/sgml/catalogs.sgml

Lines changed: 89 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5396,6 +5396,13 @@
53965396
<entry>The command type to which the row-security policy is applied.</entry>
53975397
</row>
53985398

5399+
<row>
5400+
<entry><structfield>rsecroles</structfield></entry>
5401+
<entry><type>char</type></entry>
5402+
<entry></entry>
5403+
<entry>The roles to which the row-security policy is applied.</entry>
5404+
</row>
5405+
53995406
<row>
54005407
<entry><structfield>rsecqual</structfield></entry>
54015408
<entry><type>pg_node_tree</type></entry>
@@ -5417,8 +5424,8 @@
54175424
<note>
54185425
<para>
54195426
<literal>pg_class.relrowsecurity</literal>
5420-
True if the table has row-security enabled.
5421-
Must be true if the table has arow-securitypolicy in this catalog.
5427+
True if the table has row-security enabled. Policies will not be applied
5428+
unlessrow-securityis enabled on the table.
54225429
</para>
54235430
</note>
54245431

@@ -7299,6 +7306,11 @@
72997306
<entry>materialized views</entry>
73007307
</row>
73017308

7309+
<row>
7310+
<entry><link linkend="view-pg-policies"><structname>pg_policies</structname></link></entry>
7311+
<entry>policies</entry>
7312+
</row>
7313+
73027314
<row>
73037315
<entry><link linkend="view-pg-prepared-statements"><structname>pg_prepared_statements</structname></link></entry>
73047316
<entry>prepared statements</entry>
@@ -8146,6 +8158,81 @@ SELECT * FROM pg_locks pl LEFT JOIN pg_prepared_xacts ppx
81468158

81478159
</sect1>
81488160

8161+
<sect1 id="view-pg-policies">
8162+
<title><structname>pg_policies</structname></title>
8163+
8164+
<indexterm zone="view-pg-policies">
8165+
<primary>pg_policies</primary>
8166+
</indexterm>
8167+
8168+
<para>
8169+
The view <structname>pg_policies</structname> provides access to
8170+
useful information about each policy in the database.
8171+
</para>
8172+
8173+
<table>
8174+
<title><structname>pg_policies</> Columns</title>
8175+
8176+
<tgroup cols="4">
8177+
<thead>
8178+
<row>
8179+
<entry>Name</entry>
8180+
<entry>Type</entry>
8181+
<entry>References</entry>
8182+
<entry>Description</entry>
8183+
</row>
8184+
</thead>
8185+
<tbody>
8186+
<row>
8187+
<entry><structfield>schemaname</structfield></entry>
8188+
<entry><type>name</type></entry>
8189+
<entry><literal><link linkend="catalog-pg-namespace"><structname>pg_namespace</structname></link>.nspname</literal></entry>
8190+
<entry>Name of schema containing table policy is on</entry>
8191+
</row>
8192+
<row>
8193+
<entry><structfield>tablename</structfield></entry>
8194+
<entry><type>name</type></entry>
8195+
<entry><literal><link linkend="catalog-pg-class"><structname>pg_class</structname></link>.relname</literal></entry>
8196+
<entry>Name of table policy is on</entry>
8197+
</row>
8198+
<row>
8199+
<entry><structfield>policyname</structfield></entry>
8200+
<entry><type>name</type></entry>
8201+
<entry><literal><link linkend="catalog-pg-class"><structname>pg_class</structname></link>.relname</literal></entry>
8202+
<entry>Name of policy</entry>
8203+
</row>
8204+
<row>
8205+
<entry><structfield>cmd</structfield></entry>
8206+
<entry><type>text</type></entry>
8207+
<entry></entry>
8208+
<entry>The command type to which the policy is applied.</entry>
8209+
</row>
8210+
<row>
8211+
<entry><structfield>roles</structfield></entry>
8212+
<entry><type>name[]</type></entry>
8213+
<entry></entry>
8214+
<entry>The roles to which this policy applies.</entry>
8215+
</row>
8216+
<row>
8217+
<entry><structfield>qual</structfield></entry>
8218+
<entry><type>text</type></entry>
8219+
<entry></entry>
8220+
<entry>The expression added to the security barrier qualifications for
8221+
queries which this policy applies to.</entry>
8222+
</row>
8223+
<row>
8224+
<entry><structfield>with_check</structfield></entry>
8225+
<entry><type>text</type></entry>
8226+
<entry></entry>
8227+
<entry>The expression added to the with check qualifications for
8228+
queries which attempt to add rows to this table.</entry>
8229+
</row>
8230+
</tbody>
8231+
</tgroup>
8232+
</table>
8233+
8234+
</sect1>
8235+
81498236
<sect1 id="view-pg-prepared-statements">
81508237
<title><structname>pg_prepared_statements</structname></title>
81518238

‎src/backend/catalog/system_views.sql

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -65,8 +65,9 @@ CREATE VIEW pg_user AS
6565

6666
CREATEVIEWpg_policiesAS
6767
SELECT
68+
N.nspnameAS schemaname,
69+
C.relnameAS tablename,
6870
rs.rsecpolnameAS policyname,
69-
(SELECT relnameFROMpg_catalog.pg_classWHEREoid=rs.rsecrelid)AS tablename,
7071
CASE
7172
WHENrs.rsecroles='{0}' THEN
7273
string_to_array('public','')
@@ -78,8 +79,8 @@ CREATE VIEW pg_policies AS
7879
WHEREoid= ANY (rs.rsecroles)ORDER BY1
7980
)
8081
ENDAS roles,
81-
CASE WHENrs.rseccmd ISNULL THEN'ALL' ELSE
82-
CASErs.rseccmd
82+
CASE WHENrs.rseccmd ISNULL THEN'ALL' ELSE
83+
CASErs.rseccmd
8384
WHEN'r' THEN'SELECT'
8485
WHEN'a' THEN'INSERT'
8586
WHEN'u' THEN'UPDATE'
@@ -89,7 +90,8 @@ CREATE VIEW pg_policies AS
8990
pg_catalog.pg_get_expr(rs.rsecqual,rs.rsecrelid)AS qual,
9091
pg_catalog.pg_get_expr(rs.rsecwithcheck,rs.rsecrelid)AS with_check
9192
FROMpg_catalog.pg_rowsecurity rs
92-
ORDER BY1;
93+
JOINpg_catalog.pg_class CON (C.oid=rs.rsecrelid)
94+
LEFT JOINpg_catalog.pg_namespace NON (N.oid=C.relnamespace);
9395

9496
CREATEVIEWpg_rulesAS
9597
SELECT

‎src/backend/commands/policy.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -556,7 +556,7 @@ CreatePolicy(CreatePolicyStmt *stmt)
556556

557557
values[Anum_pg_rowsecurity_rsecrelid-1]=ObjectIdGetDatum(table_id);
558558
values[Anum_pg_rowsecurity_rsecpolname-1]
559-
=CStringGetDatum(stmt->policy_name);
559+
=DirectFunctionCall1(namein,CStringGetDatum(stmt->policy_name));
560560

561561
if (rseccmd)
562562
values[Anum_pg_rowsecurity_rseccmd-1]=CharGetDatum(rseccmd);

‎src/bin/pg_dump/pg_dump.c

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2803,7 +2803,8 @@ getRowSecurity(Archive *fout, TableInfo tblinfo[], int numTables)
28032803
continue;
28042804

28052805
if (g_verbose)
2806-
write_msg(NULL,"reading row-security enabled for table \"%s\"",
2806+
write_msg(NULL,"reading row-security enabled for table \"%s\".\"%s\"\n",
2807+
tbinfo->dobj.namespace->dobj.name,
28072808
tbinfo->dobj.name);
28082809

28092810
/*
@@ -2833,7 +2834,8 @@ getRowSecurity(Archive *fout, TableInfo tblinfo[], int numTables)
28332834
}
28342835

28352836
if (g_verbose)
2836-
write_msg(NULL,"reading row-security policies for table \"%s\"\n",
2837+
write_msg(NULL,"reading row-security policies for table \"%s\".\"%s\"\n",
2838+
tbinfo->dobj.namespace->dobj.name,
28372839
tbinfo->dobj.name);
28382840

28392841
/*

‎src/bin/psql/describe.c

Lines changed: 16 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -2011,10 +2011,15 @@ describeOneTableDetails(const char *schemaname,
20112011

20122012
printfPQExpBuffer(&buf,
20132013
"SELECT rs.rsecpolname,\n"
2014-
"CASE WHEN rs.rsecroles = '{0}' THEN NULL ELSE array(select rolname from pg_roles where oid = any (rs.rsecroles) order by 1) END,\n"
2014+
"CASE WHEN rs.rsecroles = '{0}' THEN NULL ELSEarray_to_string(array(select rolname from pg_roles where oid = any (rs.rsecroles) order by 1),',') END,\n"
20152015
"pg_catalog.pg_get_expr(rs.rsecqual, rs.rsecrelid),\n"
20162016
"pg_catalog.pg_get_expr(rs.rsecwithcheck, rs.rsecrelid),\n"
2017-
"rs.rseccmd AS cmd\n"
2017+
"CASE rs.rseccmd \n"
2018+
"WHEN 'r' THEN 'SELECT'\n"
2019+
"WHEN 'u' THEN 'UPDATE'\n"
2020+
"WHEN 'a' THEN 'INSERT'\n"
2021+
"WHEN 'd' THEN 'DELETE'\n"
2022+
"END AS cmd\n"
20182023
"FROM pg_catalog.pg_rowsecurity rs\n"
20192024
"WHERE rs.rsecrelid = '%s' ORDER BY 1;",
20202025
oid);
@@ -2046,26 +2051,25 @@ describeOneTableDetails(const char *schemaname,
20462051
PQgetvalue(result,i,0));
20472052

20482053
if (!PQgetisnull(result,i,4))
2049-
appendPQExpBuffer(&buf,"(%s)",
2054+
appendPQExpBuffer(&buf,"FOR %s",
20502055
PQgetvalue(result,i,4));
20512056

2057+
if (!PQgetisnull(result,i,1))
2058+
{
2059+
appendPQExpBuffer(&buf,"\n TO %s",
2060+
PQgetvalue(result,i,1));
2061+
}
2062+
20522063
if (!PQgetisnull(result,i,2))
2053-
appendPQExpBuffer(&buf," EXPRESSION %s",
2064+
appendPQExpBuffer(&buf,"\n USING %s",
20542065
PQgetvalue(result,i,2));
20552066

20562067
if (!PQgetisnull(result,i,3))
2057-
appendPQExpBuffer(&buf," WITH CHECK %s",
2068+
appendPQExpBuffer(&buf,"\n WITH CHECK %s",
20582069
PQgetvalue(result,i,3));
20592070

20602071
printTableAddFooter(&cont,buf.data);
20612072

2062-
if (!PQgetisnull(result,i,1))
2063-
{
2064-
printfPQExpBuffer(&buf," APPLIED TO %s",
2065-
PQgetvalue(result,i,1));
2066-
2067-
printTableAddFooter(&cont,buf.data);
2068-
}
20692073
}
20702074
PQclear(result);
20712075
}

‎src/test/regress/expected/rules.out

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1353,10 +1353,9 @@ pg_matviews| SELECT n.nspname AS schemaname,
13531353
LEFT JOIN pg_namespace n ON ((n.oid = c.relnamespace)))
13541354
LEFT JOIN pg_tablespace t ON ((t.oid = c.reltablespace)))
13551355
WHERE (c.relkind = 'm'::"char");
1356-
pg_policies| SELECT rs.rsecpolname AS policyname,
1357-
( SELECT pg_class.relname
1358-
FROM pg_class
1359-
WHERE (pg_class.oid = rs.rsecrelid)) AS tablename,
1356+
pg_policies| SELECT n.nspname AS schemaname,
1357+
c.relname AS tablename,
1358+
rs.rsecpolname AS policyname,
13601359
CASE
13611360
WHEN (rs.rsecroles = '{0}'::oid[]) THEN (string_to_array('public'::text, ''::text))::name[]
13621361
ELSE ARRAY( SELECT pg_authid.rolname
@@ -1377,8 +1376,9 @@ pg_policies| SELECT rs.rsecpolname AS policyname,
13771376
END AS cmd,
13781377
pg_get_expr(rs.rsecqual, rs.rsecrelid) AS qual,
13791378
pg_get_expr(rs.rsecwithcheck, rs.rsecrelid) AS with_check
1380-
FROM pg_rowsecurity rs
1381-
ORDER BY rs.rsecpolname;
1379+
FROM ((pg_rowsecurity rs
1380+
JOIN pg_class c ON ((c.oid = rs.rsecrelid)))
1381+
LEFT JOIN pg_namespace n ON ((n.oid = c.relnamespace)));
13821382
pg_prepared_statements| SELECT p.name,
13831383
p.statement,
13841384
p.prepare_time,

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp