Participants
Bertin, Philippe
Bertin, Philippe
Alvaro Herrera
Alvaro Herrera
Attachments

No attachments in this thread

Thread Outline
#1Bertin, PhilippeBertin, Philippe
May 07, 2002
#2Alvaro HerreraAlvaro Herrerato Bertin, Philippe (#1)
May 07, 2002

Re: IF- statements in a rule's 'DO INSTEAD SELECT ...'- statement

Started by Bertin, Philippeover 23 years ago2 messages
#1Bertin, Philippe
Bertin, Philippe
philippe.bertin@barco.com

Hi Alvaro, Hi Nigel,

Thanks for your reply. I indeed already tried with a plpgsql function. But
that's just my problem : if I call a function from within a view's rule,
this function is not executed anymore with the same rights as a user had on
the view. So if a user may access a view, but not the table behind, calling
a function in the DO INSTEAD- clause will not execute the function with the
proper (view) rights on the table ...

(to all) Could anyone - (developers, eventually ?) explain me why the
(security) context of a function call is not passed along when the function
gets called from within a view ? I think this feature is for sure not
superfluous, and I could consider having a look into the code to have this
changed (but I think this is a VERY big pile of source codes I never ever
looked at before, so this would take a lot of efforts ... for me)

Kind regards,

Philippe Bertin.

#2Alvaro Herrera
Alvaro Herrera
alvherre@atentus.com
In reply to: Bertin, Philippe (#1)

On Tue, 7 May 2002, Bertin, Philippe wrote:

Hi Phillippe,

Thanks for your reply. I indeed already tried with a plpgsql function. But
that's just my problem : if I call a function from within a view's rule,
this function is not executed anymore with the same rights as a user had on
the view. So if a user may access a view, but not the table behind, calling
a function in the DO INSTEAD- clause will not execute the function with the
proper (view) rights on the table ...

Oh, sure, you are right.

(to all) Could anyone - (developers, eventually ?) explain me why the
(security) context of a function call is not passed along when the function
gets called from within a view ? I think this feature is for sure not
superfluous, and I could consider having a look into the code to have this
changed (but I think this is a VERY big pile of source codes I never ever
looked at before, so this would take a lot of efforts ... for me)

That feature is added in current CVS I think. Maybe you can look at
current sources and backport the patch.

--
Alvaro Herrera (<alvherre[@]dcc.uchile.cl>)
"La verdad no siempre es bonita, pero el hambre de ella si"

← Back to Topics