Marc Munro <marc@bloodnok.com> writes:
> Does this mean that all querytree permission checking is done at query
> build time? (I'm still trying to grok the source code in this area).
No, it's done at executor startup (look in execMain.c, IIRC). The rule
rewriter does mark rangetable entries to tell the executor how to do the
checking --- so, in essence, we can tell whether a rangetable entry came
from the rule text or from the original query text. But we don't make
such distinctions for elements of expressions.
> True suid functions are probably a better idea but then we need to be
> able to limit who can execute such functions.
IIRC, call-permissions for functions are also part of the change Peter
has been muttering about.
> I don't fully understand the issue with rewritten expressions being
> arbitrary combinations of clauses from the rule and the users original
> query. Isn't each clause its own node (allowing us to determine whether
> the function should be called in the user's or rule-owner's context) or
> do I have to go and read the source some more ;-)
Yes, but (a) where did the node come from; (b) do you really want
ExecEvalExpr doing such checks? It's a hot spot already.
regards, tom lane
