Thread: Re: IF- statements in a rule's 'DO INSTEAD SELECT ...'- statement

Re: IF- statements in a rule's 'DO INSTEAD SELECT ...'- statement

From
"Bertin, Philippe"
Date:
Hi Alvaro, Hi Nigel,

Thanks for your reply. I indeed already tried with a plpgsql function. But
that's just my problem : if I call a function from within a view's rule,
this function is not executed anymore with the same rights as a user had on
the view. So if a user may access a view, but not the table behind, calling
a function in the DO INSTEAD- clause will not execute the function with the
proper (view) rights on the table ...

(to all) Could anyone - (developers, eventually ?) explain me why the
(security) context of a function call is not passed along when the function
gets called from within a view ? I think this feature is for sure not
superfluous, and I could consider having a look into the code to have this
changed (but I think this is a VERY big pile of source codes I never ever
looked at before, so this would take a lot of efforts ... for me)

Kind regards,

Philippe Bertin.


Re: IF- statements in a rule's 'DO INSTEAD SELECT ...'- statement

From
Alvaro Herrera
Date:
On Tue, 7 May 2002, Bertin, Philippe wrote:

Hi Phillippe,

> Thanks for your reply. I indeed already tried with a plpgsql function. But
> that's just my problem : if I call a function from within a view's rule,
> this function is not executed anymore with the same rights as a user had on
> the view. So if a user may access a view, but not the table behind, calling
> a function in the DO INSTEAD- clause will not execute the function with the
> proper (view) rights on the table ...

Oh, sure, you are right.

> (to all) Could anyone - (developers, eventually ?) explain me why the
> (security) context of a function call is not passed along when the function
> gets called from within a view ? I think this feature is for sure not
> superfluous, and I could consider having a look into the code to have this
> changed (but I think this is a VERY big pile of source codes I never ever
> looked at before, so this would take a lot of efforts ... for me)

That feature is added in current CVS I think. Maybe you can look at
current sources and backport the patch.


--
Alvaro Herrera (<alvherre[@]dcc.uchile.cl>)
"La verdad no siempre es bonita, pero el hambre de ella si"