Rename pg_rowsecurity -> pg_policy and other fixes

As pointed out by Robert, we should really have named pg_rowsecurity pg_policy, as the objects stored in that catalog are policies. This patch fixes that and updates the column names to start with 'pol' to match the new catalog name. The security consideration for COPY with row level security, also pointed out by Robert, has also been addressed by remembering and re-checking the OID of the relation initially referenced during COPY processing, to make sure it hasn't changed under us by the time we finish planning out the query which has been built. Robert and Alvaro also commented on missing OCLASS and OBJECT entries for POLICY (formerly ROWSECURITY or POLICY, depending) in various places. This patch fixes that too, which also happens to add the ability to COMMENT on policies. In passing, attempt to improve the consistency of messages, comments, and documentation as well. This removes various incarnations of 'row-security', 'row-level security', 'Row-security', etc, in favor of 'policy', 'row level security' or 'row_security' as appropriate. Happy Thanksgiving!
author: Stephen Frost <sfrost@snowman.net> 2014-11-27 01:06:36 -0500
committer: Stephen Frost <sfrost@snowman.net> 2014-11-27 01:15:57 -0500
commit: 143b39c1855f8a22f474f20354ee5ee5d2f4d266 (patch)
tree: 3633add36a9bb7a6a035d94077f6245e71f93acd /src/bin/psql/describe.c
parent: 1812ee5767a25a36e7002be8a3a032357d3fe4e2 (diff)
1 files changed, 18 insertions, 26 deletions
diff --git a/src/bin/psql/describe.c b/src/bin/psql/describe.c
index a062fa871fa..5a9ceca0df5 100644
--- a/src/bin/psql/describe.c
+++ b/src/bin/psql/describe.c
@@ -783,31 +783,31 @@ permissionsList(const char *pattern)
 	if (pset.sversion >= 90500)
 		appendPQExpBuffer(&buf,
 						  ",\n  pg_catalog.array_to_string(ARRAY(\n"
-						  "    SELECT rsecpolname\n"
-						  "    || CASE WHEN rseccmd IS NOT NULL THEN\n"
-						  "           E' (' || rseccmd || E')'\n"
+						  "    SELECT polname\n"
+						  "    || CASE WHEN polcmd IS NOT NULL THEN\n"
+						  "           E' (' || polcmd || E')'\n"
 						  "       ELSE E':' \n"
 						  "       END\n"
-						  "    || CASE WHEN rs.rsecqual IS NOT NULL THEN\n"
-						  "           E'\\n  (u): ' || pg_catalog.pg_get_expr(rsecqual, rsecrelid)\n"
+						  "    || CASE WHEN polqual IS NOT NULL THEN\n"
+						  "           E'\\n  (u): ' || pg_catalog.pg_get_expr(polqual, polrelid)\n"
 						  "       ELSE E''\n"
 						  "       END\n"
-						  "    || CASE WHEN rsecwithcheck IS NOT NULL THEN\n"
-						  "           E'\\n  (c): ' || pg_catalog.pg_get_expr(rsecwithcheck, rsecrelid)\n"
+						  "    || CASE WHEN polwithcheck IS NOT NULL THEN\n"
+						  "           E'\\n  (c): ' || pg_catalog.pg_get_expr(polwithcheck, polrelid)\n"
 						  "       ELSE E''\n"
 						  "       END"
-						  "    || CASE WHEN rs.rsecroles <> '{0}' THEN\n"
+						  "    || CASE WHEN polroles <> '{0}' THEN\n"
 						  "           E'\\n  to: ' || pg_catalog.array_to_string(\n"
 						  "               ARRAY(\n"
 						  "                   SELECT rolname\n"
 						  "                   FROM pg_catalog.pg_roles\n"
-						  "                   WHERE oid = ANY (rs.rsecroles)\n"
+						  "                   WHERE oid = ANY (polroles)\n"
 						  "                   ORDER BY 1\n"
 						  "               ), E', ')\n"
 						  "       ELSE E''\n"
 						  "       END\n"
-						  "    FROM pg_catalog.pg_rowsecurity rs\n"
-						  "    WHERE rsecrelid = c.oid), E'\\n')\n"
+						  "    FROM pg_catalog.pg_policy pol\n"
+						  "    WHERE polrelid = c.oid), E'\\n')\n"
 						  "    AS \"%s\"",
 						  gettext_noop("Policies"));
 
@@ -2001,27 +2001,19 @@ describeOneTableDetails(const char *schemaname,
 		/* print any row-level policies */
 		if (pset.sversion >= 90500)
 		{
-			appendPQExpBuffer(&buf,
-				",\n pg_catalog.pg_get_expr(rs.rsecqual, c.oid) as \"%s\"",
-				gettext_noop("Row-security"));
-
-			if (verbose)
-				appendPQExpBuffer(&buf,
-					"\n     LEFT JOIN pg_rowsecurity rs ON rs.rsecrelid = c.oid");
-
 			printfPQExpBuffer(&buf,
-						   "SELECT rs.rsecpolname,\n"
-						   "CASE WHEN rs.rsecroles = '{0}' THEN NULL ELSE array_to_string(array(select rolname from pg_roles where oid = any (rs.rsecroles) order by 1),',') END,\n"
-						   "pg_catalog.pg_get_expr(rs.rsecqual, rs.rsecrelid),\n"
-						   "pg_catalog.pg_get_expr(rs.rsecwithcheck, rs.rsecrelid),\n"
-						   "CASE rs.rseccmd \n"
+						   "SELECT pol.polname,\n"
+						   "CASE WHEN pol.polroles = '{0}' THEN NULL ELSE array_to_string(array(select rolname from pg_roles where oid = any (pol.polroles) order by 1),',') END,\n"
+						   "pg_catalog.pg_get_expr(pol.polqual, pol.polrelid),\n"
+						   "pg_catalog.pg_get_expr(pol.polwithcheck, pol.polrelid),\n"
+						   "CASE pol.polcmd \n"
 						   "WHEN 'r' THEN 'SELECT'\n"
 						   "WHEN 'u' THEN 'UPDATE'\n"
 						   "WHEN 'a' THEN 'INSERT'\n"
 						   "WHEN 'd' THEN 'DELETE'\n"
 						   "END AS cmd\n"
-							  "FROM pg_catalog.pg_rowsecurity rs\n"
-				  "WHERE rs.rsecrelid = '%s' ORDER BY 1;",
+							  "FROM pg_catalog.pg_policy pol\n"
+				  "WHERE pol.polrelid = '%s' ORDER BY 1;",
 							  oid);
 
 			result = PSQLexec(buf.data);
author	Stephen Frost <sfrost@snowman.net>	2014-11-27 01:06:36 -0500
committer	Stephen Frost <sfrost@snowman.net>	2014-11-27 01:15:57 -0500
commit	143b39c1855f8a22f474f20354ee5ee5d2f4d266 (patch)
tree	3633add36a9bb7a6a035d94077f6245e71f93acd /src/bin/psql/describe.c
parent	1812ee5767a25a36e7002be8a3a032357d3fe4e2 (diff)