row level security and ownership checking

Author: zilder

hash.sql

@@ -27,6 +27,8 @@ DECLARE
 	v_init_callback		REGPROCEDURE;
 
 BEGIN
+	PERFORM @[email protected]_permissions(parent_relid);
+
 	IF partition_data = true THEN
 		/* Acquire data modification lock */
 		PERFORM @[email protected]_relation_modification(parent_relid);
@@ -35,7 +37,6 @@ BEGIN
 		PERFORM @[email protected]_partitioned_relation(parent_relid);
 	END IF;
 
-	PERFORM @[email protected]_relname(parent_relid);
 	attribute := lower(attribute);
 	PERFORM @[email protected]_relation_checks(parent_relid, attribute);
 

init.sql

@@ -42,6 +42,39 @@ CREATE TABLE IF NOT EXISTS @[email protected]_config_params (
 CREATE UNIQUE INDEX i_pathman_config_params
 ON @[email protected]_config_params(partrel);
 
+GRANT SELECT, INSERT, UPDATE, DELETE
+ON @[email protected]_config, @[email protected]_config_params
+TO public;
+
+/*
+ * Check if current user can alter/drop specified relation
+ */
+CREATE OR REPLACE FUNCTION @[email protected]_manage_relation(relation regclass)
+RETURNS BOOL AS 'pg_pathman', 'can_manage_relation' LANGUAGE C STRICT;
+
+/*
+ * Check user permissions. If permission denied then throw an error.
+ */
+CREATE OR REPLACE FUNCTION @[email protected]_permissions(relation regclass)
+RETURNS BOOL AS 'pg_pathman', 'check_permissions' LANGUAGE C STRICT;
+
+/*
+ * Row security policy to restrict partitioning operations to owner and
+ * superusers only
+ */
+CREATE POLICY deny_modification ON @[email protected]_config
+FOR ALL USING (can_manage_relation(partrel));
+
+CREATE POLICY deny_modification ON @[email protected]_config_params
+FOR ALL USING (can_manage_relation(partrel));
+
+CREATE POLICY allow_select ON @[email protected]_config FOR SELECT USING (true);
+
+CREATE POLICY allow_select ON @[email protected]_config_params FOR SELECT USING (true);
+
+ALTER TABLE @[email protected]_config ENABLE ROW LEVEL SECURITY;
+ALTER TABLE @[email protected]_config_params ENABLE ROW LEVEL SECURITY;
+
 /*
  * Invalidate relcache every time someone changes parameters config.
  */
@@ -96,6 +129,8 @@ CREATE OR REPLACE FUNCTION @[email protected]_set_param(
 RETURNS VOID AS
 $$
 BEGIN
+	PERFORM @[email protected]_permissions(relation);
+
 	EXECUTE format('INSERT INTO @[email protected]_config_params
 					(partrel, %1$s) VALUES ($1, $2)
 					ON CONFLICT (partrel) DO UPDATE SET %1$s = $2', param)
@@ -301,7 +336,7 @@ CREATE OR REPLACE FUNCTION @[email protected]_pathman_for(
 RETURNS VOID AS
 $$
 BEGIN
-	PERFORM @extschema@.validate_relname(parent_relid);
+	PERFORM @extschema@.check_permissions(parent_relid);
 
 	DELETE FROM @[email protected]_config WHERE partrel = parent_relid;
 	PERFORM @[email protected]_triggers(parent_relid);
@@ -400,28 +435,6 @@ END
 $$
 LANGUAGE plpgsql STRICT;
 
-/*
- * Validates relation name. It must be schema qualified.
- */
-CREATE OR REPLACE FUNCTION @[email protected]_relname(
-	cls		REGCLASS)
-RETURNS TEXT AS
-$$
-DECLARE
-	relname	TEXT;
-
-BEGIN
-	relname = @[email protected]_schema_qualified_name(cls);
-
-	IF relname IS NULL THEN
-		RAISE EXCEPTION 'relation %s does not exist', cls;
-	END IF;
-
-	RETURN relname;
-END
-$$
-LANGUAGE plpgsql;
-
 /*
  * Check if two relations have equal structures.
  */
@@ -517,7 +530,7 @@ DECLARE
 	v_relkind		CHAR;
 
 BEGIN
-	PERFORM @extschema@.validate_relname(parent_relid);
+	PERFORM @extschema@.check_permissions(parent_relid);
 
 	/* Drop trigger first */
 	PERFORM @[email protected]_triggers(parent_relid);
@@ -586,9 +599,6 @@ DECLARE
 	rec		RECORD;
 
 BEGIN
-	PERFORM @[email protected]_relname(parent_relid);
-	PERFORM @[email protected]_relname(partition);
-
 	FOR rec IN (SELECT oid as conid FROM pg_catalog.pg_constraint
 				WHERE conrelid = parent_relid AND contype = 'f')
 	LOOP

range.sql

@@ -95,6 +95,8 @@ DECLARE
 	i					INTEGER;
 
 BEGIN
+	PERFORM @[email protected]_permissions(parent_relid);
+
 	IF partition_data = true THEN
 		/* Acquire data modification lock */
 		PERFORM @[email protected]_relation_modification(parent_relid);
@@ -103,7 +105,6 @@ BEGIN
 		PERFORM @[email protected]_partitioned_relation(parent_relid);
 	END IF;
 
-	PERFORM @[email protected]_relname(parent_relid);
 	p_attribute := lower(p_attribute);
 	PERFORM @[email protected]_relation_checks(parent_relid, p_attribute);
 
@@ -207,6 +208,8 @@ DECLARE
 	i					INTEGER;
 
 BEGIN
+	PERFORM @[email protected]_permissions(parent_relid);
+
 	IF partition_data = true THEN
 		/* Acquire data modification lock */
 		PERFORM @[email protected]_relation_modification(parent_relid);
@@ -215,7 +218,6 @@ BEGIN
 		PERFORM @[email protected]_partitioned_relation(parent_relid);
 	END IF;
 
-	PERFORM @[email protected]_relname(parent_relid);
 	p_attribute := lower(p_attribute);
 	PERFORM @[email protected]_relation_checks(parent_relid, p_attribute);
 
@@ -314,6 +316,8 @@ DECLARE
 	part_count		INTEGER := 0;
 
 BEGIN
+	PERFORM @[email protected]_permissions(parent_relid);
+
 	IF partition_data = true THEN
 		/* Acquire data modification lock */
 		PERFORM @[email protected]_relation_modification(parent_relid);
@@ -322,7 +326,6 @@ BEGIN
 		PERFORM @[email protected]_partitioned_relation(parent_relid);
 	END IF;
 
-	PERFORM @[email protected]_relname(parent_relid);
 	p_attribute := lower(p_attribute);
 	PERFORM @[email protected]_relation_checks(parent_relid, p_attribute);
 
@@ -387,6 +390,8 @@ DECLARE
 	part_count		INTEGER := 0;
 
 BEGIN
+	PERFORM @[email protected]_permissions(parent_relid);
+
 	IF partition_data = true THEN
 		/* Acquire data modification lock */
 		PERFORM @[email protected]_relation_modification(parent_relid);
@@ -395,7 +400,6 @@ BEGIN
 		PERFORM @[email protected]_partitioned_relation(parent_relid);
 	END IF;
 
-	PERFORM @[email protected]_relname(parent_relid);
 	p_attribute := lower(p_attribute);
 	PERFORM @[email protected]_relation_checks(parent_relid, p_attribute);
 
@@ -559,7 +563,6 @@ DECLARE
 	v_check_name	TEXT;
 
 BEGIN
-	PERFORM @[email protected]_relname(p_partition);
 	v_parent = @[email protected]_parent_of_partition(p_partition);
 
 	/* Acquire lock on parent */