Open
Description
This would sit parallel to policy_cmd_is, checking pg_catalog.pg_policy.polpermissive (boolean not null) (introduced in PostgreSQL 10).
Implementation of the base case:
-- policy_is_permissive( schema, table, policy, description )
CREATE OR REPLACE FUNCTION policy_is_permissive( NAME, NAME, NAME, text )
RETURNS TEXT AS $$
DECLARE
permissive boolean;
BEGIN
SELECT pp.polpermissive
FROM pg_catalog.pg_policy AS pp
JOIN pg_catalog.pg_class AS pc ON pc.oid = pp.polrelid
JOIN pg_catalog.pg_namespace AS pn ON pn.oid = pc.relnamespace
WHERE pn.nspname = $1
AND pc.relname = $2
AND pp.polname = $3
INTO permissive;
RETURN ok( permissive, $4 );
END;
$$ LANGUAGE plpgsql;and then either policy_is_restrictive or policy_isnt_permissive.
Metadata
Metadata
Assignees
Labels
No labels