blob: 816457441e66da615ea25e9af3bd3aa22308166e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
-- test this file separately. Be careful the second update statement turns off
-- super user permission for _USER_.
--
-- SECURITY CRUFT
--
UPDATE pg_class
SET relacl='{}'
WHERE relname !~ 'pg_*'::text;
UPDATE pg_user
SET usesuper='f'::bool
WHERE usename = '_USER_';
CREATE TABLE myclass0 (a int4);
-- these should all succeed
INSERT INTO myclass0 (a) VALUES (5);
SELECT a FROM myclass0;
UPDATE myclass0 SET a=6;
INSERT INTO myclass0 (a) VALUES (10);
INSERT INTO myclass0 (a) VALUES (20);
UPDATE myclass0 SET a=10 WHERE myclass0.a < 10;
UPDATE myclass0 SET a=myclass0.a+1;
DELETE FROM myclass0 WHERE myclass0.a > 15;
CREATE RULE foo AS ON SELECT TO myclass0 DO INSTEAD NOTHING;
DROP RULE foo;
CHANGE ACL _USER_-arR myclass0;
-- succeeds
UPDATE myclass0 SET a=1;
-- succeeds (we still have write permission)
INSERT INTO myclass0 (a) VALUES (100);
-- fails
select a from myclass0;
-- fails due to read in qualification
update myclass0 set a = 10 where myclass0.a < 15;
-- fails due to read in target list
update myclass0 set a = myclass0.a + 1;
-- fails due to read in qualification
delete from myclass0 where myclass0.a >= 100;
-- fails
create rule foo as on retrieve to myclass0 do instead nothing;
|
