Rename pg_rowsecurity -> pg_policy and other fixes

As pointed out by Robert, we should really have named pg_rowsecurity
pg_policy, as the objects stored in that catalog are policies.  This
patch fixes that and updates the column names to start with 'pol' to
match the new catalog name.

The security consideration for COPY with row level security, also
pointed out by Robert, has also been addressed by remembering and
re-checking the OID of the relation initially referenced during COPY
processing, to make sure it hasn't changed under us by the time we
finish planning out the query which has been built.

Robert and Alvaro also commented on missing OCLASS and OBJECT entries
for POLICY (formerly ROWSECURITY or POLICY, depending) in various
places.  This patch fixes that too, which also happens to add the
ability to COMMENT on policies.

In passing, attempt to improve the consistency of messages, comments,
and documentation as well.  This removes various incarnations of
'row-security', 'row-level security', 'Row-security', etc, in favor
of 'policy', 'row level security' or 'row_security' as appropriate.

Happy Thanksgiving!

1 files changed, 7 insertions, 7 deletions

diff --git a/src/backend/rewrite/rowsecurity.c b/src/backend/rewrite/rowsecurity.c
index 66c358cdec9..6c232dcf9ae 100644
--- a/src/backend/rewrite/rowsecurity.c
+++ b/src/backend/rewrite/rowsecurity.c
@@ -1,6 +1,6 @@
 /*
  * rewrite/rowsecurity.c
- *    Routines to support policies for row-level security.
+ *    Routines to support policies for row level security (aka RLS).
  *
  * Policies in PostgreSQL provide a mechanism to limit what records are
  * returned to a user and what records a user is permitted to add to a table.
@@ -38,7 +38,7 @@
 #include "access/sysattr.h"
 #include "catalog/pg_class.h"
 #include "catalog/pg_inherits_fn.h"
-#include "catalog/pg_rowsecurity.h"
+#include "catalog/pg_policy.h"
 #include "catalog/pg_type.h"
 #include "miscadmin.h"
 #include "nodes/makefuncs.h"
@@ -72,8 +72,8 @@ static bool check_role_for_policy(ArrayType *policy_roles, Oid user_id);
 row_security_policy_hook_type	row_security_policy_hook = NULL;
 
 /*
- * Check the given RTE to see whether it's already had row-security quals
- * expanded and, if not, prepend any row-security rules from built-in or
+ * Check the given RTE to see whether it's already had row security quals
+ * expanded and, if not, prepend any row security rules from built-in or
  * plug-in sources to the securityQuals. The security quals are rewritten (for
  * view expansion, etc) before being added to the RTE.
  *
@@ -154,14 +154,14 @@ prepend_row_security_policies(Query* root, RangeTblEntry* rte, int rt_index)
 	/*
 	 * Check if this is only the default-deny policy.
 	 *
-	 * Normally, if the table has row-security enabled but there are
+	 * Normally, if the table has row security enabled but there are
 	 * no policies, we use a default-deny policy and not allow anything.
 	 * However, when an extension uses the hook to add their own
 	 * policies, we don't want to include the default deny policy or
 	 * there won't be any way for a user to use an extension exclusively
 	 * for the policies to be used.
 	 */
-	if (((RowSecurityPolicy *) linitial(rowsec_policies))->rsecid
+	if (((RowSecurityPolicy *) linitial(rowsec_policies))->policy_id
 			== InvalidOid)
 		defaultDeny = true;
 
@@ -353,7 +353,7 @@ pull_row_security_policies(CmdType cmd, Relation relation, Oid user_id)
 
 		policy = palloc0(sizeof(RowSecurityPolicy));
 		policy->policy_name = pstrdup("default-deny policy");
-		policy->rsecid = InvalidOid;
+		policy->policy_id = InvalidOid;
 		policy->cmd = '\0';
 		policy->roles = construct_array(&role, 1, OIDOID, sizeof(Oid), true,
 										'i');