Disallow converting a table to a view if row security is present.
When DefineQueryRewrite() is about to convert a table to a view, it checks
the table for features unavailable to views. For example, it rejects tables
having triggers. It omits to reject tables having relrowsecurity or a
pg_policy record. Fix that. To faciliate the repair, invent
relation_has_policies() which indicates the presence of policies on a
relation even when row security is disabled for that relation.
Reported by Noah Misch. Patch by me, review by Stephen Frost. Back-patch
to 9.5 where RLS was introduced.
Branch
------
REL9_5_STABLE
Details
-------
http://git.postgresql.org/pg/commitdiff/344703bcc453ac3ce0060785d4958ddec7d2dbe9
Modified Files
--------------
src/backend/commands/policy.c | 29 +++++++++++++++++++++++++++++
src/backend/rewrite/rewriteDefine.c | 24 +++++++++++++++++++-----
src/include/commands/policy.h | 1 +
src/test/regress/expected/rowsecurity.out | 23 +++++++++++++++++++++++
src/test/regress/sql/rowsecurity.sql | 25 +++++++++++++++++++++++++
5 files changed, 97 insertions(+), 5 deletions(-)