Skip to content

Commit a175cdb

Browse files
authored
PostgreSQL: Support force row level security (apache#2169)
1 parent 3c7ecf3 commit a175cdb

File tree

4 files changed

+37
-0
lines changed

4 files changed

+37
-0
lines changed

src/ast/ddl.rs

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -192,6 +192,7 @@ pub enum AlterTableOperation {
192192
/// `DISABLE ROW LEVEL SECURITY`
193193
///
194194
/// Note: this is a PostgreSQL-specific operation.
195+
/// Please refer to [PostgreSQL documentation](https://www.postgresql.org/docs/current/sql-altertable.html)
195196
DisableRowLevelSecurity,
196197
/// `DISABLE RULE rewrite_rule_name`
197198
///
@@ -318,7 +319,18 @@ pub enum AlterTableOperation {
318319
/// `ENABLE ROW LEVEL SECURITY`
319320
///
320321
/// Note: this is a PostgreSQL-specific operation.
322+
/// Please refer to [PostgreSQL documentation](https://www.postgresql.org/docs/current/sql-altertable.html)
321323
EnableRowLevelSecurity,
324+
/// `FORCE ROW LEVEL SECURITY`
325+
///
326+
/// Note: this is a PostgreSQL-specific operation.
327+
/// Please refer to [PostgreSQL documentation](https://www.postgresql.org/docs/current/sql-altertable.html)
328+
ForceRowLevelSecurity,
329+
/// `NO FORCE ROW LEVEL SECURITY`
330+
///
331+
/// Note: this is a PostgreSQL-specific operation.
332+
/// Please refer to [PostgreSQL documentation](https://www.postgresql.org/docs/current/sql-altertable.html)
333+
NoForceRowLevelSecurity,
322334
/// `ENABLE RULE rewrite_rule_name`
323335
///
324336
/// Note: this is a PostgreSQL-specific operation.
@@ -876,6 +888,12 @@ impl fmt::Display for AlterTableOperation {
876888
AlterTableOperation::EnableRowLevelSecurity => {
877889
write!(f, "ENABLE ROW LEVEL SECURITY")
878890
}
891+
AlterTableOperation::ForceRowLevelSecurity => {
892+
write!(f, "FORCE ROW LEVEL SECURITY")
893+
}
894+
AlterTableOperation::NoForceRowLevelSecurity => {
895+
write!(f, "NO FORCE ROW LEVEL SECURITY")
896+
}
879897
AlterTableOperation::EnableRule { name } => {
880898
write!(f, "ENABLE RULE {name}")
881899
}

src/ast/spans.rs

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1121,6 +1121,8 @@ impl Spanned for AlterTableOperation {
11211121
AlterTableOperation::EnableReplicaRule { name } => name.span,
11221122
AlterTableOperation::EnableReplicaTrigger { name } => name.span,
11231123
AlterTableOperation::EnableRowLevelSecurity => Span::empty(),
1124+
AlterTableOperation::ForceRowLevelSecurity => Span::empty(),
1125+
AlterTableOperation::NoForceRowLevelSecurity => Span::empty(),
11241126
AlterTableOperation::EnableRule { name } => name.span,
11251127
AlterTableOperation::EnableTrigger { name } => name.span,
11261128
AlterTableOperation::RenamePartitions {

src/parser/mod.rs

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9825,6 +9825,21 @@ impl<'a> Parser<'a> {
98259825
self.peek_token(),
98269826
);
98279827
}
9828+
} else if self.parse_keywords(&[
9829+
Keyword::FORCE,
9830+
Keyword::ROW,
9831+
Keyword::LEVEL,
9832+
Keyword::SECURITY,
9833+
]) {
9834+
AlterTableOperation::ForceRowLevelSecurity
9835+
} else if self.parse_keywords(&[
9836+
Keyword::NO,
9837+
Keyword::FORCE,
9838+
Keyword::ROW,
9839+
Keyword::LEVEL,
9840+
Keyword::SECURITY,
9841+
]) {
9842+
AlterTableOperation::NoForceRowLevelSecurity
98289843
} else if self.parse_keywords(&[Keyword::CLEAR, Keyword::PROJECTION])
98299844
&& dialect_of!(self is ClickHouseDialect|GenericDialect)
98309845
{

tests/sqlparser_postgres.rs

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -640,6 +640,8 @@ fn parse_alter_table_enable() {
640640
pg_and_generic().verified_stmt("ALTER TABLE tab ENABLE REPLICA TRIGGER trigger_name");
641641
pg_and_generic().verified_stmt("ALTER TABLE tab ENABLE REPLICA RULE rule_name");
642642
pg_and_generic().verified_stmt("ALTER TABLE tab ENABLE ROW LEVEL SECURITY");
643+
pg_and_generic().verified_stmt("ALTER TABLE tab FORCE ROW LEVEL SECURITY");
644+
pg_and_generic().verified_stmt("ALTER TABLE tab NO FORCE ROW LEVEL SECURITY");
643645
pg_and_generic().verified_stmt("ALTER TABLE tab ENABLE RULE rule_name");
644646
pg_and_generic().verified_stmt("ALTER TABLE tab ENABLE TRIGGER ALL");
645647
pg_and_generic().verified_stmt("ALTER TABLE tab ENABLE TRIGGER USER");

0 commit comments

Comments
 (0)