Hi Tom,
I guess I was a bit to optimistic about the patch. It seems like the select permissions
are solved, but update (inc. insert / delete) operations still fail with permission
denied on the nested views.
Regards,
Lieven
Tom Lane wrote:
> Lieven Van Acker <lieven@elisa.be> writes:
> > [ permission checking doesn't work correctly for nested views in 7.1 ]
>
> I think the attached patch fixes your problem; at least it fixes the
> example you gave. Do you have time to try it out more heavily before
> Friday? I'd like to commit it for 7.1.1 if it's right ...
>
> regards, tom lane
>
> *** src/backend/rewrite/rewriteHandler.c.orig Mon Apr 16 20:32:58 2001
> --- src/backend/rewrite/rewriteHandler.c Wed May 2 22:06:16 2001
> ***************
> *** 309,317 ****
> --- 309,319 ----
> Assert(subrte->relid == relation->rd_id);
> subrte->checkForRead = rte->checkForRead;
> subrte->checkForWrite = rte->checkForWrite;
> + subrte->checkAsUser = rte->checkAsUser;
>
> rte->checkForRead = false; /* no permission check on subquery itself */
> rte->checkForWrite = false;
> + rte->checkAsUser = InvalidOid;
>
> /*
> * FOR UPDATE of view?
>
> ---------------------------(end of broadcast)---------------------------
> TIP 2: you can get off all lists at once with the unregister command
> (send "unregister YourEmailAddressHere" to majordomo@postgresql.org)