mirror of
https://github.com/postgres/postgres.git
synced 2026-02-18 18:25:17 -05:00
8ec569479f
Up until now, we've had a policy of only marking certain variables in the PostgreSQL header files with PGDLLIMPORT, but now we've decided to mark them all. This means that extensions running on Windows should no longer operate at a disadvantage as compared to extensions running on Linux: if the variable is present in a header file, it should be accessible. Discussion: http://postgr.es/m/CA+TgmoYanc1_FSfimhgiWSqVyP5KKmh5NP2BWNwDhO8Pg2vGYQ@mail.gmail.com
50 lines
1.7 KiB
C
50 lines
1.7 KiB
C
/*-------------------------------------------------------------------------
|
|
*
|
|
* rls.h
|
|
* Header file for Row Level Security (RLS) utility commands to be used
|
|
* with the rowsecurity feature.
|
|
*
|
|
* Copyright (c) 2007-2022, PostgreSQL Global Development Group
|
|
*
|
|
* src/include/utils/rls.h
|
|
*
|
|
*-------------------------------------------------------------------------
|
|
*/
|
|
#ifndef RLS_H
|
|
#define RLS_H
|
|
|
|
/* GUC variable */
|
|
extern PGDLLIMPORT bool row_security;
|
|
|
|
/*
|
|
* Used by callers of check_enable_rls.
|
|
*
|
|
* RLS could be completely disabled on the tables involved in the query,
|
|
* which is the simple case, or it may depend on the current environment
|
|
* (the role which is running the query or the value of the row_security
|
|
* GUC), or it might be simply enabled as usual.
|
|
*
|
|
* If RLS isn't on the table involved then RLS_NONE is returned to indicate
|
|
* that we don't need to worry about invalidating the query plan for RLS
|
|
* reasons. If RLS is on the table, but we are bypassing it for now, then
|
|
* we return RLS_NONE_ENV to indicate that, if the environment changes,
|
|
* we need to invalidate and replan. Finally, if RLS should be turned on
|
|
* for the query, then we return RLS_ENABLED, which means we also need to
|
|
* invalidate if the environment changes.
|
|
*
|
|
* Note that RLS_ENABLED will also be returned if noError is true
|
|
* (indicating that the caller simply want to know if RLS should be applied
|
|
* for this user but doesn't want an error thrown if it is; this is used
|
|
* by other error cases where we're just trying to decide if data from the
|
|
* table should be passed back to the user or not).
|
|
*/
|
|
enum CheckEnableRlsResult
|
|
{
|
|
RLS_NONE,
|
|
RLS_NONE_ENV,
|
|
RLS_ENABLED
|
|
};
|
|
|
|
extern int check_enable_rls(Oid relid, Oid checkAsUser, bool noError);
|
|
|
|
#endif /* RLS_H */
|