This is the final state of the rule system for 6.4 after the

    patch is applied:

	Rewrite rules on relation level work fine now.

	Event qualifications on insert/update/delete  rules  work
	fine now.

	I  added  the  new  keyword  OLD to reference the CURRENT
	tuple. CURRENT will be removed in 6.5.

	Update rules can  reference  NEW  and  OLD  in  the  rule
	qualification and the actions.

	Insert/update/delete rules on views can be established to
	let them behave like real tables.

	For  insert/update/delete  rules  multiple  actions   are
	supported  now.   The  actions  can also be surrounded by
	parantheses to make psql  happy.   Multiple  actions  are
	required if update to a view requires updates to multiple
	tables.

	Regular users  are  permitted  to  create/drop  rules  on
	tables     they     have     RULE     permissions     for
	(DefineQueryRewrite() is  now  able  to  get  around  the
	access  restrictions  on  pg_rewrite).  This enables view
	creation for regular users too. This  required  an  extra
	boolean  parameter  to  pg_parse_and_plan() that tells to
	set skipAcl on all rangetable entries  of  the  resulting
	queries.       There      is      a      new     function
	pg_exec_query_acl_override()  that  could  be   used   by
	backend utilities to use this facility.

	All rule actions (not only views) inherit the permissions
	of the event relations  owner.  Sample:  User  A  creates
	tables    T1    and    T2,   creates   rules   that   log
	INSERT/UPDATE/DELETE on T1 in T2 (like in the  regression
	tests  for rules I created) and grants ALL but RULE on T1
	to user B.  User B  can  now  fully  access  T1  and  the
	logging  happens  in  T2.  But user B cannot access T2 at
	all, only the rule actions can. And due to  missing  RULE
	permissions on T1, user B cannot disable logging.

	Rules  on  the  attribute  level are disabled (they don't
	work properly and since regular users are  now  permitted
	to create rules I decided to disable them).

	Rules  on  select  must have exactly one action that is a
	select (so select rules must be a view definition).

	UPDATE NEW/OLD rules  are  disabled  (still  broken,  but
	triggers can do it).

	There are two new system views (pg_rule and pg_view) that
	show the definition of the rules or views so the db admin
	can  see  what  the  users do. They use two new functions
	pg_get_ruledef() and pg_get_viewdef() that are  builtins.

	The functions pg_get_ruledef() and pg_get_viewdef() could
	be used to implement rule and view support in pg_dump.

	PostgreSQL is now the only database system I  know,  that
	has rewrite rules on the query level. All others (where I
	found a  rule  statement  at  all)  use  stored  database
	procedures  or  the  like  (triggers as we call them) for
	active rules (as some call them).

    Future of the rule system:

	The now disabled parts  of  the  rule  system  (attribute
	level,  multiple  actions on select and update new stuff)
	require a complete new rewrite handler from scratch.  The
	old one is too badly wired up.

	After  6.4  I'll  start to work on a new rewrite handler,
	that fully supports the attribute level  rules,  multiple
	actions on select and update new.  This will be available
	for 6.5 so we get full rewrite rule capabilities.

Jan

Author: bmomjian

src/backend/catalog/heap.c

@@ -7,7 +7,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/catalog/heap.c,v 1.59 1998/08/20 22:07:32 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/catalog/heap.c,v 1.60 1998/08/24 01:37:46 momjian Exp $
  *
  * INTERFACE ROUTINES
  *		heap_create()			- Create an uncataloged heap relation
@@ -1448,7 +1448,7 @@ start:;
 	sprintf(str, "select %s%s from %.*s", attrdef->adsrc, cast,
 			NAMEDATALEN, rel->rd_rel->relname.data);
 	setheapoverride(true);
-	planTree_list = (List *) pg_parse_and_plan(str, NULL, 0, &queryTree_list, None);
+	planTree_list = (List *) pg_parse_and_plan(str, NULL, 0, &queryTree_list, None, FALSE);
 	setheapoverride(false);
 	query = (Query *) (queryTree_list->qtrees[0]);
 
@@ -1519,7 +1519,7 @@ StoreRelCheck(Relation rel, ConstrCheck *check)
 	sprintf(str, "select 1 from %.*s where %s",
 			NAMEDATALEN, rel->rd_rel->relname.data, check->ccsrc);
 	setheapoverride(true);
-	planTree_list = (List *) pg_parse_and_plan(str, NULL, 0, &queryTree_list, None);
+	planTree_list = (List *) pg_parse_and_plan(str, NULL, 0, &queryTree_list, None, FALSE);
 	setheapoverride(false);
 	query = (Query *) (queryTree_list->qtrees[0]);
 

src/backend/catalog/pg_proc.c

@@ -7,7 +7,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/catalog/pg_proc.c,v 1.19 1998/08/19 02:01:37 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/catalog/pg_proc.c,v 1.20 1998/08/24 01:37:47 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -214,7 +214,7 @@ ProcedureCreate(char *procedureName,
 	if (strcmp(languageName, "sql") == 0)
 	{
 		plan_list = pg_parse_and_plan(prosrc, typev, parameterCount,
-									  &querytree_list, dest);
+									  &querytree_list, dest, FALSE);
 
 		/* typecheck return value */
 		pg_checkretval(typeObjectId, querytree_list);

src/backend/executor/functions.c

@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/executor/functions.c,v 1.17 1998/06/15 19:28:20 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/executor/functions.c,v 1.18 1998/08/24 01:37:48 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -113,7 +113,7 @@ init_execution_state(FunctionCachePtr fcache,
 
 
 	planTree_list = (List *)
-		pg_parse_and_plan(fcache->src, fcache->argOidVect, nargs, &queryTree_list, None);
+		pg_parse_and_plan(fcache->src, fcache->argOidVect, nargs, &queryTree_list, None, FALSE);
 
 	for (i = 0; i < queryTree_list->len; i++)
 	{

src/backend/executor/spi.c

@@ -642,7 +642,7 @@ _SPI_execute(char *src, int tcount, _SPI_plan *plan)
 		argtypes = plan->argtypes;
 	}
 	ptlist = planTree_list = (List *)
-		pg_parse_and_plan(src, argtypes, nargs, &queryTree_list, None);
+		pg_parse_and_plan(src, argtypes, nargs, &queryTree_list, None, FALSE);
 
 	_SPI_current->qtlist = queryTree_list;
 

src/backend/libpq/be-pqexec.c

@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/libpq/Attic/be-pqexec.c,v 1.17 1998/06/15 19:28:25 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/libpq/Attic/be-pqexec.c,v 1.18 1998/08/24 01:37:52 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -137,7 +137,7 @@ PQexec(char *query)
 	 *	end up on the top of the portal stack.
 	 * ----------------
 	 */
-	pg_exec_query_dest(query, Local);
+	pg_exec_query_dest(query, Local, FALSE);
 
 	/* ----------------
 	 *	pop the portal off the portal stack and return the

src/backend/optimizer/path/xfunc.c

@@ -9,7 +9,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/optimizer/path/Attic/xfunc.c,v 1.19 1998/08/19 02:02:13 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/optimizer/path/Attic/xfunc.c,v 1.20 1998/08/24 01:37:53 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -528,7 +528,7 @@ xfunc_func_expense(LispValue node, LispValue args)
 			if (nargs > 0)
 				argOidVect = proc->proargtypes;
 			planlist = (List) pg_parse_and_plan(pq_src, argOidVect, nargs,
-												&parseTree_list, None);
+												&parseTree_list, None, FALSE);
 			if (IsA(node, Func))
 				set_func_planlist((Func) node, planlist);
 

src/backend/parser/keywords.c

@@ -7,7 +7,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/parser/keywords.c,v 1.38 1998/07/24 03:31:24 scrappy Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/parser/keywords.c,v 1.39 1998/08/24 01:37:55 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -66,7 +66,12 @@ static ScanKeyword ScanKeywords[] = {
 	{"createdb", CREATEDB},
 	{"createuser", CREATEUSER},
 	{"cross", CROSS},
-	{"current", CURRENT},
+	{"current", CURRENT},		/*
+					 * 6.4 to 6.5 is migration time!
+					 * CURRENT will be removed in 6.5!
+					 * Use OLD keyword in rules.
+					 *    Jan
+					 */
 	{"current_date", CURRENT_DATE},
 	{"current_time", CURRENT_TIME},
 	{"current_timestamp", CURRENT_TIMESTAMP},
@@ -152,6 +157,7 @@ static ScanKeyword ScanKeywords[] = {
 	{"null", NULL_P},
 	{"numeric", NUMERIC},
 	{"oids", OIDS},
+	{"old", OLD},
 	{"on", ON},
 	{"operator", OPERATOR},
 	{"option", OPTION},

src/backend/rewrite/locks.c

@@ -6,7 +6,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/rewrite/Attic/locks.c,v 1.10 1998/06/15 19:29:06 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/rewrite/Attic/locks.c,v 1.11 1998/08/24 01:37:56 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -18,6 +18,14 @@
 #include "utils/syscache.h"		/* for SearchSysCache */
 #include "rewrite/locks.h"		/* for rewrite specific lock defns */
 
+#include "access/heapam.h"		/* for ACL checking */
+#include "utils/syscache.h"
+#include "utils/acl.h"
+#include "utils/builtins.h"
+#include "catalog/pg_shadow.h"
+
+static void checkLockPerms(List *locks, Query *parsetree, int rt_index);
+
 /*
  * ThisLockWasTriggered
  *
@@ -156,5 +164,98 @@ matchLocks(CmdType event,
 		}
 	}
 
+	checkLockPerms(real_locks, parsetree, varno);
+
 	return (real_locks);
 }
+
+
+static void
+checkLockPerms(List *locks, Query *parsetree, int rt_index)
+{
+	Relation	ev_rel;
+	HeapTuple	usertup;
+	char		*evowner;
+	RangeTblEntry	*rte;
+	int32		reqperm;
+	int32		aclcheck_res;
+	int		i;
+	List		*l;
+
+	if (locks == NIL)
+		return;
+
+	/*
+	 * Get the usename of the rules event relation owner
+	 */
+	rte = (RangeTblEntry *)nth(rt_index - 1, parsetree->rtable);
+	ev_rel = heap_openr(rte->relname);
+	usertup = SearchSysCacheTuple(USESYSID,
+			ObjectIdGetDatum(ev_rel->rd_rel->relowner),
+			0, 0, 0);
+	if (!HeapTupleIsValid(usertup))
+	{
+		elog(ERROR, "cache lookup for userid %d failed",
+			 ev_rel->rd_rel->relowner);
+	}
+	heap_close(ev_rel);
+	evowner = nameout(&(((Form_pg_shadow) GETSTRUCT(usertup))->usename));
+	
+	/*
+	 * Check all the locks, that should get fired on this query
+	 */
+	foreach (l, locks) {
+		RewriteRule	*onelock = (RewriteRule *)lfirst(l);
+		List		*action;
+
+		/*
+		 * In each lock check every action
+		 */
+		foreach (action, onelock->actions) {
+			Query 	*query = (Query *)lfirst(action);
+
+			/*
+			 * In each action check every rangetable entry
+			 * for read/write permission of the event relations
+			 * owner depending on if it's the result relation
+			 * (write) or not (read)
+			 */
+			for (i = 2; i < length(query->rtable); i++) {
+				if (i + 1 == query->resultRelation)
+					switch (query->resultRelation) {
+						case CMD_INSERT:
+							reqperm = ACL_AP;
+							break;
+						default:
+							reqperm = ACL_WR;
+							break;
+					}
+				else
+					reqperm = ACL_RD;
+
+				rte = (RangeTblEntry *)nth(i, query->rtable);
+				aclcheck_res = pg_aclcheck(rte->relname, 
+							evowner, reqperm);
+				if (aclcheck_res != ACLCHECK_OK) {
+					elog(ERROR, "%s: %s", 
+						rte->relname,
+						aclcheck_error_strings[aclcheck_res]);
+				}
+
+				/*
+				 * So this is allowed due to the permissions
+				 * of the rules event relation owner. But
+				 * let's see if the next one too
+				 */
+				rte->skipAcl = TRUE;
+			}
+		}
+	}
+
+	/*
+	 * Phew, that was close
+	 */
+	return;
+}
+
+

src/backend/rewrite/rewriteDefine.c

@@ -7,7 +7,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/rewrite/rewriteDefine.c,v 1.18 1998/08/19 02:02:29 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/rewrite/rewriteDefine.c,v 1.19 1998/08/24 01:37:58 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -131,7 +131,7 @@ InsertRule(char *rulname,
 			rulname, evtype, eventrel_oid, evslot_index, actionbuf,
 			qualbuf, is_instead);
 
-	pg_exec_query(rulebuf);
+	pg_exec_query_acl_override(rulebuf);
 
 	return (LastOidProcessed);
 }
@@ -192,12 +192,61 @@ DefineQueryRewrite(RuleStmt *stmt)
 	Oid			event_attype = 0;
 	char	   *actionP,
 			   *event_qualP;
-
+	List	   *l;
+	Query	   *query;
+
+	/* ----------
+	 * The current rewrite handler is known to work on relation level
+	 * rules only. And for SELECT events, it expects one non-nothing
+	 * action that is instead. Since we now hand out views and rules
+	 * to regular users, we must deny anything else.
+	 * 
+	 * I know that I must write a new rewrite handler from scratch
+	 * for 6.5 so we can remove these checks and allow all the rules.
+	 *
+	 *     Jan
+	 * ----------
+	 */
 	if (event_obj->attrs)
+		elog(ERROR, "attribute level rules currently not supported");
+		/*
 		eslot_string = strVal(lfirst(event_obj->attrs));
+		*/
 	else
 		eslot_string = NULL;
 
+	if (action != NIL)
+		foreach (l, action) {
+			query = (Query *)lfirst(l);
+			if (query->resultRelation == 1) {
+				elog(NOTICE, "rule actions on OLD currently not supported");
+				elog(ERROR, " use views or triggers instead");
+			}
+			if (query->resultRelation == 2) {
+				elog(NOTICE, "rule actions on NEW currently not supported");
+				elog(ERROR, " use triggers instead");
+			}
+		}
+
+	if (event_type == CMD_SELECT) {
+		if (length(action) == 0) {
+			elog(NOTICE, "instead nothing rules on select currently not supported");
+			elog(ERROR, " use views instead");
+		}
+		if (length(action) > 1) {
+			elog(ERROR, "multiple action rules on select currently not supported");
+		}
+		query = (Query *)lfirst(action);
+		if (!is_instead || query->commandType != CMD_SELECT) {
+			elog(ERROR, "only instead-select rules currently supported on select");
+		}
+	}
+	/*
+	 * This rule is currently allowed - too restricted I know -
+	 * but women and children first
+	 *     Jan
+	 */
+
 	event_relation = heap_openr(event_obj->relname);
 	if (event_relation == NULL)
 		elog(ERROR, "virtual relations not supported yet");