From aa4c44b495d4cf66bc9909e564793c3e481bc366 Mon Sep 17 00:00:00 2001
From: Sait Talha Nisanci <s.talhanisanci@gmail.com>
Date: Sun, 10 Jan 2021 19:44:57 +0300
Subject: [PATCH] Create CIMV related internal things in cimv_internal

When we create internal tables in citus_internal, a regular user cannot
really do that because they can't access citus_internal. Even if we
switch to extension owner, we will need to switch while also dropping
tables etc, which is not trivial and clear.

Hence cimv_internal schema is created and the owner of the CIMV will own
the tables in this schema, hence only they can access those tables.
---
 src/backend/distributed/cimv/create.c         | 24 ++++---------------
 src/backend/distributed/cimv/drop.c           |  8 -------
 src/backend/distributed/cimv/refresh.c        | 12 ----------
 .../distributed/sql/citus--9.5-1--10.0-1.sql  |  3 ++-
 src/include/distributed/cimv.h                |  2 +-
 5 files changed, 7 insertions(+), 42 deletions(-)

diff --git a/src/backend/distributed/cimv/create.c b/src/backend/distributed/cimv/create.c
index 2b7e83630..dfe7f6214 100644
--- a/src/backend/distributed/cimv/create.c
+++ b/src/backend/distributed/cimv/create.c
@@ -150,14 +150,6 @@ CreateCimv(CimvCreate *cimvCreate)
 		elog(ERROR, "SPI_connect failed");
 	}
 
-	Oid savedUserId = InvalidOid;
-	int savedSecurityContext = 0;
-
-	char* currentUserName = CurrentUserName();
-
-	GetUserIdAndSecContext(&savedUserId, &savedSecurityContext);
-	SetUserIdAndSecContext(CitusExtensionOwner(), SECURITY_LOCAL_USERID_CHANGE);
-
 	CreateMatTable(cimvCreate, false);
 
 	if (cimvCreate->createOptions->schedule != NULL)
@@ -172,14 +164,6 @@ CreateCimv(CimvCreate *cimvCreate)
 	CreateDataChangeTriggers(cimvCreate);
 	InsertIntoPgCimv(cimvCreate->formCimv);
 
-	AlterTableOwner(cimvCreate->matTableName, currentUserName);
-	AlterTableOwner(cimvCreate->refreshViewName, currentUserName);
-	AlterTableOwner(cimvCreate->userViewName, currentUserName);
-
-	SetUserIdAndSecContext(savedUserId, savedSecurityContext);
-
-
-
 	if (SPI_finish() != SPI_OK_FINISH)
 	{
 		elog(ERROR, "SPI_finish failed");
@@ -921,7 +905,7 @@ InitializeCimvCreate(const CreateTableAsStmt *stmt, MatViewCreateOptions *create
 
 	cimvCreate->prefixId = UniqueId();
 	cimvCreate->prefix = CIMVInternalPrefix(cimvCreate->baseTableName, cimvCreate->prefixId);
-	namestrcpy(&cimvCreate->formCimv->triggerfnnamespace, CITUS_INTERNAL_SCHEMA);
+	namestrcpy(&cimvCreate->formCimv->triggerfnnamespace, CIMV_INTERNAL_SCHEMA);
 	char* funcName = CIMVTriggerFuncName(cimvCreate->prefixId, stmt->into->rel->relname);
 	namestrcpy(&cimvCreate->formCimv->triggerfnname, funcName);
 	StringInfo mat = makeStringInfo();
@@ -933,10 +917,10 @@ InitializeCimvCreate(const CreateTableAsStmt *stmt, MatViewCreateOptions *create
 	StringInfo ld = makeStringInfo();
 	appendStringInfo(ld, "%s_cimv_%s", cimvCreate->prefix, LANDING_TABLE_SUFFIX);
 
-	cimvCreate->matTableName = makeRangeVar(CITUS_INTERNAL_SCHEMA, mat->data, -1);
+	cimvCreate->matTableName = makeRangeVar(CIMV_INTERNAL_SCHEMA, mat->data, -1);
 	cimvCreate->userViewName = stmt->into->rel;
-	cimvCreate->refreshViewName = makeRangeVar(CITUS_INTERNAL_SCHEMA, rv->data, -1);
-	cimvCreate->landingTableName = makeRangeVar(CITUS_INTERNAL_SCHEMA, ld->data, -1);
+	cimvCreate->refreshViewName = makeRangeVar(CIMV_INTERNAL_SCHEMA, rv->data, -1);
+	cimvCreate->landingTableName = makeRangeVar(CIMV_INTERNAL_SCHEMA, ld->data, -1);
 	cimvCreate->targetListEntries = NIL;
 	cimvCreate->groupTargetListEntries = NIL;
 	cimvCreate->aggTargetListEntries = NIL;
diff --git a/src/backend/distributed/cimv/drop.c b/src/backend/distributed/cimv/drop.c
index 5ae27fad9..b709eec9e 100644
--- a/src/backend/distributed/cimv/drop.c
+++ b/src/backend/distributed/cimv/drop.c
@@ -124,12 +124,6 @@ static void
 DropCimv(Form_pg_cimv formCimv, DropBehavior behavior)
 {
 
-	Oid savedUserId = InvalidOid;
-	int savedSecurityContext = 0;
-
-	// GetUserIdAndSecContext(&savedUserId, &savedSecurityContext);
-	// SetUserIdAndSecContext(CitusExtensionOwner(), SECURITY_LOCAL_USERID_CHANGE);
-
 	ObjectAddress matTableAddress;
 	matTableAddress.classId = RelationRelationId;
 	matTableAddress.objectId = formCimv->mattable;
@@ -199,8 +193,6 @@ DropCimv(Form_pg_cimv formCimv, DropBehavior behavior)
 
 	DeletePgCimvRow(userViewAddress.objectId);
 
-	// SetUserIdAndSecContext(savedUserId, savedSecurityContext);
-
 	/* Close SPI context. */
 	if (SPI_finish() != SPI_OK_FINISH)
 	{
diff --git a/src/backend/distributed/cimv/refresh.c b/src/backend/distributed/cimv/refresh.c
index 6dccd88f5..4d0f02ea7 100644
--- a/src/backend/distributed/cimv/refresh.c
+++ b/src/backend/distributed/cimv/refresh.c
@@ -57,9 +57,6 @@ RefreshCimv(Form_pg_cimv formCimv, bool skipData, bool isCreate)
 	matTableSchemaName = quote_identifier(matTableSchemaName);
 	matTableName = quote_identifier(matTableName);
 
-	Oid savedUserId = InvalidOid;
-	int savedSecurityContext = 0;
-
 	const char *landingTableSchemaName = NULL;
 	const char *landingTableName = NULL;
 	
@@ -74,8 +71,6 @@ RefreshCimv(Form_pg_cimv formCimv, bool skipData, bool isCreate)
 
 	if (skipData)
 	{
-		// GetUserIdAndSecContext(&savedUserId, &savedSecurityContext);
-		// SetUserIdAndSecContext(CitusExtensionOwner(), SECURITY_LOCAL_USERID_CHANGE);
 		if (formCimv->landingtable)
 		{
 			appendStringInfo(&querybuf,
@@ -108,9 +103,6 @@ RefreshCimv(Form_pg_cimv formCimv, bool skipData, bool isCreate)
 			SPI_commit();
 			SPI_start_transaction();
 
-			// GetUserIdAndSecContext(&savedUserId, &savedSecurityContext);
-			// SetUserIdAndSecContext(CitusExtensionOwner(), SECURITY_LOCAL_USERID_CHANGE);
-
 			/* TODO: cleanup if this fails */
 			appendStringInfo(&querybuf,
 							 "INSERT INTO %s.%s "
@@ -129,8 +121,6 @@ RefreshCimv(Form_pg_cimv formCimv, bool skipData, bool isCreate)
 		{
 			Snapshot snapshot = GetLatestSnapshot();
 
-			// GetUserIdAndSecContext(&savedUserId, &savedSecurityContext);
-			// SetUserIdAndSecContext(CitusExtensionOwner(), SECURITY_LOCAL_USERID_CHANGE);
 			/* TODO: DELETE only if !isCreate */
 			appendStringInfo(&querybuf,
 							 "DELETE FROM  %s.%s",
@@ -162,8 +152,6 @@ RefreshCimv(Form_pg_cimv formCimv, bool skipData, bool isCreate)
 		}
 	}
 
-    // SetUserIdAndSecContext(savedUserId, savedSecurityContext);
-
 	/* Close SPI context. */
 	if (SPI_finish() != SPI_OK_FINISH)
 	{
diff --git a/src/backend/distributed/sql/citus--9.5-1--10.0-1.sql b/src/backend/distributed/sql/citus--9.5-1--10.0-1.sql
index c5104e0a1..63fef6b0a 100644
--- a/src/backend/distributed/sql/citus--9.5-1--10.0-1.sql
+++ b/src/backend/distributed/sql/citus--9.5-1--10.0-1.sql
@@ -10,4 +10,5 @@ DROP FUNCTION IF EXISTS pg_catalog.citus_total_relation_size(regclass);
 
 #include "../../columnar/sql/columnar--9.5-1--10.0-1.sql"
 
-GRANT USAGE ON SCHEMA citus_internal TO public;
\ No newline at end of file
+CREATE SCHEMA cimv_internal;
+GRANT ALL ON SCHEMA cimv_internal to public;
\ No newline at end of file
diff --git a/src/include/distributed/cimv.h b/src/include/distributed/cimv.h
index ddd37901d..75f6d65e1 100644
--- a/src/include/distributed/cimv.h
+++ b/src/include/distributed/cimv.h
@@ -4,7 +4,7 @@
 #include "postgres.h"
 #include "nodes/plannodes.h"
 
-#define CITUS_INTERNAL_SCHEMA "citus_internal"
+#define CIMV_INTERNAL_SCHEMA "cimv_internal"
 #define CITUS_NAMESPACE "citus"
 #define MATERIALIZATION_TABLE_SUFFIX "mt"
 #define LANDING_TABLE_SUFFIX "ld"