mirrors/postgres
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
22eaf35c1d
postgres/src/include/rewrite/rowsecurity.h
Stephen Frost 22eaf35c1d RLS refactoring 
This refactors rewrite/rowsecurity.c to simplify the handling of the
default deny case (reducing the number of places where we check for and
add the default deny policy from three to one) by splitting up the
retrival of the policies from the application of them.

This also allowed us to do away with the policy_id field.  A policy_name
field was added for WithCheckOption policies and is used in error
reporting, when available.

Patch by Dean Rasheed, with various mostly cosmetic changes by me.

Back-patch to 9.5 where RLS was introduced to avoid unnecessary
differences, since we're still in alpha, per discussion with Robert.
2015-09-15 15:49:31 -04:00

49 lines
1.6 KiB
C
Raw Blame History

/* -------------------------------------------------------------------------
*
* rowsecurity.h
*
* prototypes for rewrite/rowsecurity.c and the structures for managing
* the row security policies for relations in relcache.
*
* Portions Copyright (c) 1996-2015, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
* -------------------------------------------------------------------------
*/
#ifndef ROWSECURITY_H
#define ROWSECURITY_H
#include "nodes/parsenodes.h"
#include "utils/array.h"
#include "utils/relcache.h"
typedef struct RowSecurityPolicy
{
char *policy_name; /* Name of the policy */
char polcmd; /* Type of command policy is for */
ArrayType *roles; /* Array of roles policy is for */
Expr *qual; /* Expression to filter rows */
Expr *with_check_qual; /* Expression to limit rows allowed */
bool hassublinks; /* If either expression has sublinks */
} RowSecurityPolicy;
typedef struct RowSecurityDesc
{
MemoryContext rscxt; /* row security memory context */
List *policies; /* list of row security policies */
} RowSecurityDesc;
typedef List *(*row_security_policy_hook_type) (CmdType cmdtype,
Relation relation);
extern PGDLLIMPORT row_security_policy_hook_type row_security_policy_hook_permissive;
extern PGDLLIMPORT row_security_policy_hook_type row_security_policy_hook_restrictive;
extern void get_row_security_policies(Query *root,
RangeTblEntry *rte, int rt_index,
List **securityQuals, List **withCheckOptions,
bool *hasRowSecurity, bool *hasSubLinks);
#endif /* ROWSECURITY_H */
Reference in New Issue View Git Blame Copy Permalink