summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTom Lane2009-05-13 22:32:55 +0000
committerTom Lane2009-05-13 22:32:55 +0000
commit100982fdc9926f8b2748520a549849f6c88563fd (patch)
treea4e685f4c0f557b2661958697ba34ac4cbc5559e
parenta85d06ec1899ef8c618107a93b371eaa04f7f9d4 (diff)
Add checks to DefineQueryRewrite() to prohibit attaching rules to relations
that aren't RELKIND_RELATION or RELKIND_VIEW, and to disallow attaching rules to system relations unless allowSystemTableMods is on. This is to make the behavior of CREATE RULE more like CREATE TRIGGER, which disallows the comparable cases. Per discussion of bug #4808.
-rw-r--r--src/backend/rewrite/rewriteDefine.c17
1 files changed, 17 insertions, 0 deletions
diff --git a/src/backend/rewrite/rewriteDefine.c b/src/backend/rewrite/rewriteDefine.c
index 45c8756c66..272265d54b 100644
--- a/src/backend/rewrite/rewriteDefine.c
+++ b/src/backend/rewrite/rewriteDefine.c
@@ -15,6 +15,7 @@
#include "postgres.h"
#include "access/heapam.h"
+#include "catalog/catalog.h"
#include "catalog/dependency.h"
#include "catalog/indexing.h"
#include "catalog/namespace.h"
@@ -243,6 +244,22 @@ DefineQueryRewrite(char *rulename,
event_relation = heap_open(event_relid, AccessExclusiveLock);
/*
+ * Verify relation is of a type that rules can sensibly be applied to.
+ */
+ if (event_relation->rd_rel->relkind != RELKIND_RELATION &&
+ event_relation->rd_rel->relkind != RELKIND_VIEW)
+ ereport(ERROR,
+ (errcode(ERRCODE_WRONG_OBJECT_TYPE),
+ errmsg("\"%s\" is not a table or view",
+ RelationGetRelationName(event_relation))));
+
+ if (!allowSystemTableMods && IsSystemRelation(event_relation))
+ ereport(ERROR,
+ (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+ errmsg("permission denied: \"%s\" is a system catalog",
+ RelationGetRelationName(event_relation))));
+
+ /*
* Check user has permission to apply rules to this relation.
*/
if (!pg_class_ownercheck(event_relid, GetUserId()))