feat(planner): check postgres user rights for view in duckdb planner (#949)

resolves #948

---------

Co-authored-by: Jelte Fennema-Nio <[email protected]>

Author: ggnmstr

src/pgduckdb_planner.cpp

@@ -20,8 +20,16 @@ extern "C" {
 #include "tcop/pquery.h"
 #include "utils/syscache.h"
 #include "utils/guc.h"
+#include "parser/parse_relation.h"
+#include "utils/acl.h"
+#include "utils/lsyscache.h"
+#include "utils/rel.h"
 
 #include "pgduckdb/pgduckdb_ruleutils.h"
+
+#if PG_VERSION_NUM >= 180000
+#include "executor/executor.h"
+#endif
 }
 
 #include "pgduckdb/pgduckdb_duckdb.hpp"
@@ -133,8 +141,56 @@ DuckdbRangeTableEntry(CustomScan *custom_scan) {
 	return rte;
 }
 
+static void
+check_view_perms_recursive(Query *query) {
+	ListCell *lc;
+
+	if (query == NULL) {
+		return;
+	}
+
+	foreach (lc, query->rtable) {
+		RangeTblEntry *rte = lfirst_node(RangeTblEntry, lc);
+
+#if PG_VERSION_NUM < 160000
+		if (rte->relkind == RELKIND_VIEW) {
+			bool result = ExecCheckRTEPerms(rte);
+			if (!result) {
+				aclcheck_error(ACLCHECK_NO_PRIV, OBJECT_VIEW, get_rel_name(rte->relid));
+			}
+		}
+#else
+		if (rte->perminfoindex != 0 && rte->relkind == RELKIND_VIEW) {
+			RTEPermissionInfo *perminfo = getRTEPermissionInfo(query->rteperminfos, rte);
+			bool result = ExecCheckOneRelPerms(perminfo);
+			if (!result) {
+				aclcheck_error(ACLCHECK_NO_PRIV, OBJECT_VIEW, get_rel_name(perminfo->relid));
+			}
+		}
+#endif
+
+		if (rte->rtekind == RTE_SUBQUERY && rte->subquery) {
+			check_view_perms_recursive(rte->subquery);
+		}
+	}
+
+	if (query->cteList) {
+		ListCell *lc_cte;
+		foreach (lc_cte, query->cteList) {
+			CommonTableExpr *cte = (CommonTableExpr *)lfirst(lc_cte);
+			if (IsA(cte->ctequery, Query)) {
+				check_view_perms_recursive((Query *)cte->ctequery);
+			}
+		}
+	}
+}
+
 PlannedStmt *
 DuckdbPlanNode(Query *parse, int cursor_options, bool throw_error) {
+
+	/* Properly check perms if there's a view or WITH statement */
+	check_view_perms_recursive(parse);
+
 	/* We need to check can we DuckDB create plan */
 
 	Plan *duckdb_plan = InvokeCPPFunc(CreatePlan, parse, throw_error);

test/regression/expected/duckdb_views.out

@@ -0,0 +1,41 @@
+CREATE USER duckdb_view_admin IN ROLE duckdb_group;
+GRANT ALL ON SCHEMA public TO duckdb_view_admin;
+CREATE USER duckdb_view_user1 IN ROLE duckdb_group;
+SET ROLE duckdb_view_admin;
+CREATE VIEW duckdb_view AS SELECT r['a']::int as a FROM duckdb.query($$ SELECT 1 a $$) r;
+CREATE VIEW postgres_view AS SELECT 2 from generate_series(1,2);
+SET ROLE duckdb_view_user1;
+SELECT * from duckdb_view;
+ERROR:  permission denied for view duckdb_view
+SELECT * from postgres_view;
+ERROR:  permission denied for view postgres_view
+SELECT * from duckdb.query($$ FROM pgduckdb.public.duckdb_view $$);
+ERROR:  (PGDuckDB/Duckdb_ExecCustomScan_Cpp) Executor Error: (PGDuckDB/Init) permission denied for view duckdb_view
+SELECT * from duckdb.query($$ FROM pgduckdb.public.postgres_view $$);
+ERROR:  (PGDuckDB/Duckdb_ExecCustomScan_Cpp) Executor Error: (PGDuckDB/Init) permission denied for view postgres_view
+SET ROLE duckdb_view_admin;
+GRANT SELECT ON duckdb_view TO duckdb_view_user1;
+GRANT SELECT ON postgres_view TO duckdb_view_user1;
+SET ROLE duckdb_view_user1;
+SELECT * from duckdb_view;
+ a 
+---
+ 1
+(1 row)
+
+SELECT * from postgres_view;
+ ?column? 
+----------
+        2
+        2
+(2 rows)
+
+SELECT * from duckdb.query($$ FROM pgduckdb.public.duckdb_view $$);
+ERROR:  (PGDuckDB/Duckdb_ExecCustomScan_Cpp) Executor Error: (PGDuckDB/GetNextTuple) Function 'duckdb.query' only works with DuckDB execution
+SELECT * from duckdb.query($$ FROM pgduckdb.public.postgres_view $$);
+ ?column? 
+----------
+        2
+        2
+(2 rows)
+

test/regression/expected/execution_error.out

@@ -16,7 +16,7 @@ Did you mean "main.pragma_user_agent"?
 
 LINE 1: SELECT raw_query FROM duckdb.raw_query('aaaaa'::text) raw_query(raw_query)
                               ^
-LOCATION:  CreatePlan, pgduckdb_planner.cpp:58
+LOCATION:  CreatePlan, pgduckdb_planner.cpp:66
 ERROR:  XX000: (PGDuckDB/pgduckdb_raw_query_cpp) Parser Error: syntax error at or near "aaaaa"
 
 LINE 1: aaaaa

test/regression/sql/duckdb_views.sql

@@ -0,0 +1,25 @@
+CREATE USER duckdb_view_admin IN ROLE duckdb_group;
+GRANT ALL ON SCHEMA public TO duckdb_view_admin;
+CREATE USER duckdb_view_user1 IN ROLE duckdb_group;
+
+SET ROLE duckdb_view_admin;
+
+CREATE VIEW duckdb_view AS SELECT r['a']::int as a FROM duckdb.query($$ SELECT 1 a $$) r;
+CREATE VIEW postgres_view AS SELECT 2 from generate_series(1,2);
+
+SET ROLE duckdb_view_user1;
+
+SELECT * from duckdb_view;
+SELECT * from postgres_view;
+SELECT * from duckdb.query($$ FROM pgduckdb.public.duckdb_view $$);
+SELECT * from duckdb.query($$ FROM pgduckdb.public.postgres_view $$);
+
+SET ROLE duckdb_view_admin;
+GRANT SELECT ON duckdb_view TO duckdb_view_user1;
+GRANT SELECT ON postgres_view TO duckdb_view_user1;
+SET ROLE duckdb_view_user1;
+
+SELECT * from duckdb_view;
+SELECT * from postgres_view;
+SELECT * from duckdb.query($$ FROM pgduckdb.public.duckdb_view $$);
+SELECT * from duckdb.query($$ FROM pgduckdb.public.postgres_view $$);