From e7cbdfbe90caa8a73c792bfb2c96ff168d8d5efc Mon Sep 17 00:00:00 2001
From: TinyBag <zhengjx@vastdata.com.cn>
Date: Thu, 25 Jul 2024 11:07:14 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E6=A8=A1=E5=BC=8F=E6=9D=83?=
 =?UTF-8?q?=E9=99=90=E6=A0=A1=E9=AA=8C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../optimizer/rewrite/rewriteHandler.cpp      |  6 +--
 src/test/regress/expected/b_compatibility.out | 37 +++++++++++++++++++
 src/test/regress/sql/b_compatibility.sql      | 31 ++++++++++++++++
 3 files changed, 70 insertions(+), 4 deletions(-)

diff --git a/src/gausskernel/optimizer/rewrite/rewriteHandler.cpp b/src/gausskernel/optimizer/rewrite/rewriteHandler.cpp
index ccc14dd42..32026d9bf 100644
--- a/src/gausskernel/optimizer/rewrite/rewriteHandler.cpp
+++ b/src/gausskernel/optimizer/rewrite/rewriteHandler.cpp
@@ -2033,10 +2033,8 @@ static Query* ApplyRetrieveRule(Query* parsetree, RewriteRule* rule, int rt_inde
             /* default is definer in b format database */
             checkAsUser = RelationGetOwner(relation);
         }
-        if (checkAsUser != RelationGetOwner(relation)) {
-            /* set all relations' and functions' invoker information */
-            query_tree_walker((Query *)rule_action, (bool (*)())viewSecurityPassDown, (void *)&checkAsUser, QTW_EXAMINE_RTES);
-        }
+        /* set all relations' and functions' invoker information */
+        query_tree_walker((Query *)rule_action, (bool (*)())viewSecurityPassDown, (void *)&checkAsUser, QTW_EXAMINE_RTES);
     } else if (RelationHasViewSecurityOption(relation)) {
         ereport(ERROR,
             (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
diff --git a/src/test/regress/expected/b_compatibility.out b/src/test/regress/expected/b_compatibility.out
index b283cf5ef..5114f3657 100644
--- a/src/test/regress/expected/b_compatibility.out
+++ b/src/test/regress/expected/b_compatibility.out
@@ -2940,5 +2940,42 @@ select * from v_1144877_1 order by 1,2;
 reset role;
 drop user use_a_1144877 cascade;
 drop user use_b_1144877 cascade;
+create user use_a_1144480 identified by 'A@123456';
+create user use_b_1144480 identified by 'A@123456';
+--超户建表和视图
+create table sql_security_1144480(id int,cal int);
+insert into sql_security_1144480 values(1,1);
+insert into sql_security_1144480 values(2,2);
+insert into sql_security_1144480 values(3,3);
+create schema s_1144480;
+create table s_1144480.sql_security_1144480(id int,cal int);
+insert into s_1144480.sql_security_1144480 values(2,1);
+insert into s_1144480.sql_security_1144480 values(3,2);
+insert into s_1144480.sql_security_1144480 values(4,3);
+grant all on schema public to use_a_1144480;
+create definer=use_a_1144480 sql security invoker view v_1144480 as select * from s_1144480.sql_security_1144480;
+create definer=use_a_1144480 sql security definer view v_1144480_1 as select * from sql_security_1144480;
+--普通用户a 调用 ：v_1144480 报错没有模式的权限；v_1144480_1 成功
+grant all on table s_1144480.sql_security_1144480 to use_a_1144480;
+grant all on table sql_security_1144480 to use_a_1144480;
+set role use_a_1144480 password 'A@123456';
+select * from v_1144480 order by 1,2;
+ERROR:  permission denied for schema s_1144480
+DETAIL:  N/A
+select * from v_1144480_1 order by 1,2;
+ id | cal 
+----+-----
+  1 |   1
+  2 |   2
+  3 |   3
+(3 rows)
+
+reset role;
+drop schema s_1144480 cascade;
+NOTICE:  drop cascades to 2 other objects
+DETAIL:  drop cascades to table s_1144480.sql_security_1144480
+drop cascades to view v_1144480
+drop user use_b_1144480 cascade;
+drop user use_a_1144480 cascade;
 \c regression
 drop database db_a1144877;
diff --git a/src/test/regress/sql/b_compatibility.sql b/src/test/regress/sql/b_compatibility.sql
index 0bace5c64..6ca6e7ea2 100644
--- a/src/test/regress/sql/b_compatibility.sql
+++ b/src/test/regress/sql/b_compatibility.sql
@@ -1769,5 +1769,36 @@ reset role;
 drop user use_a_1144877 cascade;
 drop user use_b_1144877 cascade;
 
+create user use_a_1144480 identified by 'A@123456';
+create user use_b_1144480 identified by 'A@123456';
+
+--超户建表和视图
+create table sql_security_1144480(id int,cal int);
+insert into sql_security_1144480 values(1,1);
+insert into sql_security_1144480 values(2,2);
+insert into sql_security_1144480 values(3,3);
+
+create schema s_1144480;
+create table s_1144480.sql_security_1144480(id int,cal int);
+insert into s_1144480.sql_security_1144480 values(2,1);
+insert into s_1144480.sql_security_1144480 values(3,2);
+insert into s_1144480.sql_security_1144480 values(4,3);
+
+grant all on schema public to use_a_1144480;
+create definer=use_a_1144480 sql security invoker view v_1144480 as select * from s_1144480.sql_security_1144480;
+create definer=use_a_1144480 sql security definer view v_1144480_1 as select * from sql_security_1144480;
+
+--普通用户a 调用 ：v_1144480 报错没有模式的权限；v_1144480_1 成功
+grant all on table s_1144480.sql_security_1144480 to use_a_1144480;
+grant all on table sql_security_1144480 to use_a_1144480;
+set role use_a_1144480 password 'A@123456';
+select * from v_1144480 order by 1,2;
+select * from v_1144480_1 order by 1,2;
+
+reset role;
+drop schema s_1144480 cascade;
+drop user use_b_1144480 cascade;
+drop user use_a_1144480 cascade;
+
 \c regression
 drop database db_a1144877;
\ No newline at end of file