From a1187c4efe024e5a1f5cf9221b13a3f3226d92c5 Mon Sep 17 00:00:00 2001
From: Dean Rasheed <dean.a.rasheed@gmail.com>
Date: Fri, 24 Nov 2017 14:12:50 +0000
Subject: [PATCH] RLS comment fixes.

The comments in get_policies_for_relation() say that CREATE POLICY
does not support defining restrictive policies. This is no longer
true, starting from PG10.
---
 src/backend/rewrite/rowsecurity.c | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/src/backend/rewrite/rowsecurity.c b/src/backend/rewrite/rowsecurity.c
index a0cd6b1075d..5bd33f7ba41 100644
--- a/src/backend/rewrite/rowsecurity.c
+++ b/src/backend/rewrite/rowsecurity.c
@@ -408,11 +408,7 @@ get_policies_for_relation(Relation relation, CmdType cmd, Oid user_id,
 	*permissive_policies = NIL;
 	*restrictive_policies = NIL;
 
-	/*
-	 * First find all internal policies for the relation.  CREATE POLICY does
-	 * not currently support defining restrictive policies, so for now all
-	 * internal policies are permissive.
-	 */
+	/* First find all internal policies for the relation. */
 	foreach(item, relation->rd_rsdesc->policies)
 	{
 		bool		cmd_matches = false;
@@ -450,7 +446,7 @@ get_policies_for_relation(Relation relation, CmdType cmd, Oid user_id,
 		}
 
 		/*
-		 * Add this policy to the list of permissive policies if it applies to
+		 * Add this policy to the relevant list of policies if it applies to
 		 * the specified role.
 		 */
 		if (cmd_matches && check_role_for_policy(policy->roles, user_id))
-- 
GitLab