pgsql: Add support for restrictive RLS policies

Add support for restrictive RLS policies

We have had support for restrictive RLS policies since 9.5, but they
were only available through extensions which use the appropriate hooks.
This adds support into the grammer, catalog, psql and pg_dump for
restrictive RLS policies, thus reducing the cases where an extension is
necessary.

In passing, also move away from using "AND"d and "OR"d in comments.
As pointed out by Alvaro, it's not really appropriate to attempt
to make verbs out of "AND" and "OR", so reword those comments which
attempted to.

Reviewed By: Jeevan Chalke, Dean Rasheed
Discussion: /messages/by-id/20160901063404.GY4028@tamriel.snowman.net

Branch
------
master

Details
-------
http://git.postgresql.org/pg/commitdiff/093129c9d9fc231649b3cc27b8086443ccbbbc22

Modified Files
--------------
doc/src/sgml/catalogs.sgml | 13 ++
doc/src/sgml/ddl.sgml | 58 +++++-
doc/src/sgml/ref/alter_policy.sgml | 7 +-
doc/src/sgml/ref/create_policy.sgml | 38 ++++
src/backend/catalog/system_views.sql | 6 +
src/backend/commands/policy.c | 9 +
src/backend/nodes/copyfuncs.c | 1 +
src/backend/nodes/equalfuncs.c | 1 +
src/backend/parser/gram.y | 43 +++--
src/backend/rewrite/rowsecurity.c | 54 +++---
src/bin/pg_dump/pg_dump.c | 69 +++++---
src/bin/pg_dump/pg_dump.h | 3 +-
src/bin/pg_dump/t/002_pg_dump.pl | 33 +++-
src/bin/psql/describe.c | 100 ++++++++---
src/bin/psql/tab-complete.c | 29 ++-
src/include/catalog/pg_policy.h | 16 +-
src/include/nodes/parsenodes.h | 1 +
src/include/rewrite/rowsecurity.h | 1 +
src/test/regress/expected/rowsecurity.out | 284 ++++++++++++++++++++++++------
src/test/regress/expected/rules.out | 4 +
src/test/regress/sql/rowsecurity.sql | 45 ++++-
21 files changed, 665 insertions(+), 150 deletions(-)

--
Sent via pgsql-committers mailing list (pgsql-committers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-committers