diff options
| author | Kevin Grittner <kgrittn@postgresql.org> | 2014-08-26 09:56:26 -0500 |
|---|---|---|
| committer | Kevin Grittner <kgrittn@postgresql.org> | 2014-08-26 09:56:26 -0500 |
| commit | a9d0f1cff3fb10151be05be61d24ac9b680c170c (patch) | |
| tree | 01f276e0920702f2990d55334d6196b240c347f1 /src/test | |
| parent | 5569d75d6a82f0d11d26404fceb848ae59869126 (diff) | |
| download | postgresql-a9d0f1cff3fb10151be05be61d24ac9b680c170c.tar.gz postgresql-a9d0f1cff3fb10151be05be61d24ac9b680c170c.zip | |
Fix superuser concurrent refresh of matview owned by another.
Use SECURITY_LOCAL_USERID_CHANGE while building temporary tables;
only escalate to SECURITY_RESTRICTED_OPERATION while potentially
running user-supplied code. The more secure mode was preventing
temp table creation. Add regression tests to cover this problem.
This fixes Bug #11208 reported by Bruno Emanuel de Andrade Silva.
Backpatch to 9.4, where the bug was introduced.
Diffstat (limited to 'src/test')
| -rw-r--r-- | src/test/regress/expected/matview.out | 12 | ||||
| -rw-r--r-- | src/test/regress/sql/matview.sql | 13 |
2 files changed, 25 insertions, 0 deletions
diff --git a/src/test/regress/expected/matview.out b/src/test/regress/expected/matview.out index ddac97bea66..b04cb931697 100644 --- a/src/test/regress/expected/matview.out +++ b/src/test/regress/expected/matview.out @@ -502,3 +502,15 @@ SELECT * FROM mv_v; DROP TABLE v CASCADE; NOTICE: drop cascades to materialized view mv_v +-- make sure running as superuser works when MV owned by another role (bug #11208) +CREATE ROLE user_dw; +SET ROLE user_dw; +CREATE TABLE foo_data AS SELECT i, md5(random()::text) + FROM generate_series(1, 10) i; +CREATE MATERIALIZED VIEW mv_foo AS SELECT * FROM foo_data; +CREATE UNIQUE INDEX ON mv_foo (i); +RESET ROLE; +REFRESH MATERIALIZED VIEW mv_foo; +REFRESH MATERIALIZED VIEW CONCURRENTLY mv_foo; +DROP OWNED BY user_dw CASCADE; +DROP ROLE user_dw; diff --git a/src/test/regress/sql/matview.sql b/src/test/regress/sql/matview.sql index 3a6a3276f84..fee1ddc8424 100644 --- a/src/test/regress/sql/matview.sql +++ b/src/test/regress/sql/matview.sql @@ -194,3 +194,16 @@ DELETE FROM v WHERE EXISTS ( SELECT * FROM mv_v WHERE mv_v.a = v.a ); SELECT * FROM v; SELECT * FROM mv_v; DROP TABLE v CASCADE; + +-- make sure running as superuser works when MV owned by another role (bug #11208) +CREATE ROLE user_dw; +SET ROLE user_dw; +CREATE TABLE foo_data AS SELECT i, md5(random()::text) + FROM generate_series(1, 10) i; +CREATE MATERIALIZED VIEW mv_foo AS SELECT * FROM foo_data; +CREATE UNIQUE INDEX ON mv_foo (i); +RESET ROLE; +REFRESH MATERIALIZED VIEW mv_foo; +REFRESH MATERIALIZED VIEW CONCURRENTLY mv_foo; +DROP OWNED BY user_dw CASCADE; +DROP ROLE user_dw; |