mirrors/postgres
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add regression tests for INSERT/UPDATE+RETURNING

Browse Source 
This adds regressions tests which are specific to INSERT+RETURNING and
UPDATE+RETURNING to ensure that the SELECT policies are added as
WithCheckOptions (and should therefore throw an error when the policy is
violated).

Per suggestion from Andres.

Back-patch to 9.5 as the prior commit was.
This commit is contained in:
Stephen Frost 2015-10-05 10:14:49 -04:00
parent 5976097c0f
commit be400cd25c
2 changed files with 132 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
src/test/regress/expected/rowsecurity.out
View File

@ -3158,6 +3158,75 @@ TABLE r2;
DROP TABLE r2; DROP TABLE r2;
DROP TABLE r1; DROP TABLE r1;
-- --
-- Test INSERT+RETURNING applies SELECT policies as
-- WithCheckOptions (meaning an error is thrown)
--
SET SESSION AUTHORIZATION rls_regress_user0;
SET row_security = on;
CREATE TABLE r1 (a int);
CREATE POLICY p1 ON r1 FOR SELECT USING (false);
CREATE POLICY p2 ON r1 FOR INSERT WITH CHECK (true);
ALTER TABLE r1 ENABLE ROW LEVEL SECURITY;
ALTER TABLE r1 FORCE ROW LEVEL SECURITY;
-- Works fine
INSERT INTO r1 VALUES (10), (20);
-- No error, but no rows
TABLE r1;
a
---
(0 rows)
SET row_security = off;
-- Rows shown now
TABLE r1;
a
----
10
20
(2 rows)
SET row_security = on;
-- Error
INSERT INTO r1 VALUES (10), (20) RETURNING *;
ERROR: new row violates row level security policy for "r1"
DROP TABLE r1;
--
-- Test UPDATE+RETURNING applies SELECT policies as
-- WithCheckOptions (meaning an error is thrown)
--
SET SESSION AUTHORIZATION rls_regress_user0;
SET row_security = on;
CREATE TABLE r1 (a int);
CREATE POLICY p1 ON r1 FOR SELECT USING (a < 20);
CREATE POLICY p2 ON r1 FOR UPDATE USING (a < 20) WITH CHECK (true);
INSERT INTO r1 VALUES (10);
ALTER TABLE r1 ENABLE ROW LEVEL SECURITY;
ALTER TABLE r1 FORCE ROW LEVEL SECURITY;
-- Works fine
UPDATE r1 SET a = 30;
-- Show updated rows
SET row_security = off;
TABLE r1;
a
----
30
(1 row)
-- reset value in r1 for test with RETURNING
UPDATE r1 SET a = 10;
-- Verify row reset
TABLE r1;
a
----
10
(1 row)
SET row_security = on;
-- Error
UPDATE r1 SET a = 30 RETURNING *;
ERROR: new row violates row level security policy for "r1"
DROP TABLE r1;
--
-- Clean up objects -- Clean up objects
-- --
RESET SESSION AUTHORIZATION; RESET SESSION AUTHORIZATION;

63
src/test/regress/sql/rowsecurity.sql
View File

@ -1423,6 +1423,69 @@ TABLE r2;
DROP TABLE r2; DROP TABLE r2;
DROP TABLE r1; DROP TABLE r1;
--
-- Test INSERT+RETURNING applies SELECT policies as
-- WithCheckOptions (meaning an error is thrown)
--
SET SESSION AUTHORIZATION rls_regress_user0;
SET row_security = on;
CREATE TABLE r1 (a int);
CREATE POLICY p1 ON r1 FOR SELECT USING (false);
CREATE POLICY p2 ON r1 FOR INSERT WITH CHECK (true);
ALTER TABLE r1 ENABLE ROW LEVEL SECURITY;
ALTER TABLE r1 FORCE ROW LEVEL SECURITY;
-- Works fine
INSERT INTO r1 VALUES (10), (20);
-- No error, but no rows
TABLE r1;
SET row_security = off;
-- Rows shown now
TABLE r1;
SET row_security = on;
-- Error
INSERT INTO r1 VALUES (10), (20) RETURNING *;
DROP TABLE r1;
--
-- Test UPDATE+RETURNING applies SELECT policies as
-- WithCheckOptions (meaning an error is thrown)
--
SET SESSION AUTHORIZATION rls_regress_user0;
SET row_security = on;
CREATE TABLE r1 (a int);
CREATE POLICY p1 ON r1 FOR SELECT USING (a < 20);
CREATE POLICY p2 ON r1 FOR UPDATE USING (a < 20) WITH CHECK (true);
INSERT INTO r1 VALUES (10);
ALTER TABLE r1 ENABLE ROW LEVEL SECURITY;
ALTER TABLE r1 FORCE ROW LEVEL SECURITY;
-- Works fine
UPDATE r1 SET a = 30;
-- Show updated rows
SET row_security = off;
TABLE r1;
-- reset value in r1 for test with RETURNING
UPDATE r1 SET a = 10;
-- Verify row reset
TABLE r1;
SET row_security = on;
-- Error
UPDATE r1 SET a = 30 RETURNING *;
DROP TABLE r1;
-- --
-- Clean up objects -- Clean up objects
-- --