diff options
| author | Stephen Frost <sfrost@snowman.net> | 2014-11-14 16:53:51 -0500 |
|---|---|---|
| committer | Stephen Frost <sfrost@snowman.net> | 2014-11-14 17:05:17 -0500 |
| commit | 80eacaa3cdcd10383c333f6f4625af8cee1f7bee (patch) | |
| tree | add25b61cd7911e76ca490b9f1eebb4e828178ea /src/include/rewrite/rowsecurity.h | |
| parent | 79172a58ea3e858750c93c61d55411a209c5ac69 (diff) | |
Clean up includes from RLS patch
The initial patch for RLS mistakenly included headers associated with
the executor and planner bits in rewrite/rowsecurity.h. Per policy and
general good sense, executor headers should not be included in planner
headers or vice versa.
The include of execnodes.h was a mistaken holdover from previous
versions, while the include of relation.h was used for Relation's
definition, which should have been coming from utils/relcache.h. This
patch cleans these issues up, adds comments to the RowSecurityPolicy
struct and the RowSecurityConfigType enum, and changes Relation->rsdesc
to Relation->rd_rsdesc to follow Relation field naming convention.
Additionally, utils/rel.h was including rewrite/rowsecurity.h, which
wasn't a great idea since that was pulling in things not really needed
in utils/rel.h (which gets included in quite a few places). Instead,
use 'struct RowSecurityDesc' for the rd_rsdesc field and add comments
explaining why.
Lastly, add an include into access/nbtree/nbtsort.c for
utils/sortsupport.h, which was evidently missed due to the above mess.
Pointed out by Tom in 16970.1415838651@sss.pgh.pa.us; note that the
concerns regarding a similar situation in the custom-path commit still
need to be addressed.
Diffstat (limited to 'src/include/rewrite/rowsecurity.h')
| -rw-r--r-- | src/include/rewrite/rowsecurity.h | 27 |
1 files changed, 14 insertions, 13 deletions
diff --git a/src/include/rewrite/rowsecurity.h b/src/include/rewrite/rowsecurity.h index 245005cae2e..8b4d5c0918f 100644 --- a/src/include/rewrite/rowsecurity.h +++ b/src/include/rewrite/rowsecurity.h @@ -1,7 +1,9 @@ /* ------------------------------------------------------------------------- * * rowsecurity.h - * prototypes for optimizer/rowsecurity.c + * + * prototypes for rewrite/rowsecurity.c and the structures for managing + * the row security policies for relations in relcache. * * Portions Copyright (c) 1996-2012, PostgreSQL Global Development Group * Portions Copyright (c) 1994, Regents of the University of California @@ -11,20 +13,19 @@ #ifndef ROWSECURITY_H #define ROWSECURITY_H -#include "nodes/execnodes.h" #include "nodes/parsenodes.h" -#include "nodes/relation.h" #include "utils/array.h" +#include "utils/relcache.h" typedef struct RowSecurityPolicy { - Oid rsecid; - char *policy_name; - char cmd; - ArrayType *roles; - Expr *qual; - Expr *with_check_qual; - bool hassublinks; + Oid rsecid; /* OID of the policy */ + char *policy_name; /* Name of the policy */ + char cmd; /* Type of command policy is for */ + ArrayType *roles; /* Array of roles policy is for */ + Expr *qual; /* Expression to filter rows */ + Expr *with_check_qual; /* Expression to limit rows allowed */ + bool hassublinks; /* If expression has sublinks */ } RowSecurityPolicy; typedef struct RowSecurityDesc @@ -39,9 +40,9 @@ extern int row_security; /* Possible values for row_security GUC */ typedef enum RowSecurityConfigType { - ROW_SECURITY_OFF, - ROW_SECURITY_ON, - ROW_SECURITY_FORCE + ROW_SECURITY_OFF, /* RLS never applied- error thrown if no priv */ + ROW_SECURITY_ON, /* normal case, RLS applied for regular users */ + ROW_SECURITY_FORCE /* RLS applied for superusers and table owners */ } RowSecurityConfigType; /* |