Added security_invoker option while creating a view. pgadmin-org#6371

web/pgadmin/browser/server_groups/servers/databases/schemas/views/static/js/view.ui.js

@@ -74,6 +74,10 @@ export default class ViewSchema extends BaseUISchema {
       id: 'security_barrier', label: gettext('Security barrier?'),
       type: 'switch', min_version: '90200', group: gettext('Definition'),
       disabled: obj.notInSchema,
+    },{
+      id: 'security_invoker', label: gettext('Security invoker?'),
+      type: 'switch', min_version: '150000', group: gettext('Definition'),
+      disabled: obj.notInSchema,
     },{
       id: 'check_option', label: gettext('Check options'),
       type: 'select', group: gettext('Definition'),

web/pgadmin/browser/server_groups/servers/databases/schemas/views/templates/views/pg/15_plus/sql/create.sql

@@ -0,0 +1,32 @@
+{#============================Create new view=========================#}
+{% if display_comments %}
+-- View: {{ data.schema }}.{{ data.name }}
+
+-- DROP VIEW {{ conn|qtIdent(data.schema, data.name) }};
+
+{% endif %}
+{% if data.name and data.schema and data.definition %}
+CREATE{% if add_replace_clause %} OR REPLACE{% endif %} VIEW {{ conn|qtIdent(data.schema, data.name) }}
+{% if ((data.check_option and data.check_option.lower() != 'no') or data.security_barrier or data.security_invoker)%}
+WITH (
+{% if data.check_option and data.check_option.lower() != 'no' %}
+  check_option={{ data.check_option }}{% if data.check_option and data.check_option.lower() != 'no' and (data.security_barrier or data.security_invoker) %},
+{% endif %}{% endif %}
+{% if data.security_barrier %}
+  security_barrier={{ data.security_barrier|lower }}{% if data.security_barrier and data.security_invoker %},
+{% endif %}{% endif %}
+{% if data.security_invoker %}
+  security_invoker={{ data.security_invoker|lower }}{% endif %}
+
+){% endif %} AS
+{{ data.definition.rstrip(';') }};
+{% if data.owner and data.m_view is undefined %}
+
+ALTER TABLE {{ conn|qtIdent(data.schema, data.name) }}
+    OWNER TO {{ conn|qtIdent(data.owner) }};
+{% endif %}
+{% if data.comment %}
+COMMENT ON VIEW {{ conn|qtIdent(data.schema, data.name) }}
+    IS {{ data.comment|qtLiteral(conn) }};
+{% endif %}
+{% endif %}

web/pgadmin/browser/server_groups/servers/databases/schemas/views/templates/views/pg/15_plus/sql/properties.sql

@@ -0,0 +1,73 @@
+{# ========================== Fetch View Properties ========================= #}
+{% if (vid and datlastsysoid) or scid %}
+SELECT
+    c.oid,
+    c.xmin,
+    c.relkind,
+    description AS comment,
+    (CASE WHEN length(spc.spcname::text) > 0 THEN spc.spcname ELSE 'pg_default' END) as spcname,
+    c.relname AS name,
+    c.reltablespace AS spcoid,
+    nsp.nspname AS schema,
+    c.relispopulated AS ispopulated,
+    pg_catalog.pg_get_userbyid(c.relowner) AS owner,
+    pg_catalog.array_to_string(c.relacl::text[], ', ') AS acl,
+    pg_catalog.pg_get_viewdef(c.oid, true) AS definition,
+    {# ===== Checks if it is system view ===== #}
+    {% if vid and datlastsysoid %}
+    CASE WHEN {{vid}} <= {{datlastsysoid}} THEN True ELSE False END AS system_view,
+    {% endif %}
+    (SELECT
+        pg_catalog.array_agg(provider || '=' || label)
+     FROM
+        pg_catalog.pg_seclabels sl1
+     WHERE
+        sl1.objoid=c.oid AND sl1.objsubid=0
+    ) AS seclabels,
+    substring(pg_catalog.array_to_string(c.reloptions, ',')
+        FROM 'check_option=([a-z]*)') AS check_option,
+    (substring(pg_catalog.array_to_string(c.reloptions, ',')
+        FROM 'security_barrier=([a-z|0-9]*)'))::boolean AS security_barrier,
+    (substring(pg_catalog.array_to_string(c.reloptions, ',')
+        FROM 'security_invoker=([a-z|0-9]*)'))::boolean AS security_invoker
+FROM pg_catalog.pg_class c
+LEFT OUTER JOIN pg_catalog.pg_namespace nsp on nsp.oid = c.relnamespace
+LEFT OUTER JOIN pg_catalog.pg_tablespace spc on spc.oid=c.reltablespace
+LEFT OUTER JOIN pg_catalog.pg_description des ON (des.objoid=c.oid and des.objsubid=0 AND des.classoid='pg_class'::regclass)
+    WHERE ((c.relhasrules AND (EXISTS (
+        SELECT
+            r.rulename
+        FROM
+            pg_catalog.pg_rewrite r
+        WHERE
+            ((r.ev_class = c.oid)
+                AND (bpchar(r.ev_type) = '1'::bpchar)) )))
+            AND (c.relkind = 'v'::char)
+          )
+{% if (vid and datlastsysoid) %}
+    AND c.oid = {{vid}}::oid
+{% elif scid %}
+    AND c.relnamespace = {{scid}}::oid
+ORDER BY
+    c.relname
+{% endif %}
+
+{% elif type == 'roles' %}
+SELECT
+    pr.rolname
+FROM
+    pg_catalog.pg_roles pr
+WHERE
+    pr.rolcanlogin
+ORDER BY
+    pr.rolname
+
+{% elif type == 'schemas' %}
+SELECT
+    nsp.nspname
+FROM
+    pg_catalog.pg_namespace nsp
+WHERE
+    (nsp.nspname NOT LIKE E'pg\\_%'
+        AND nsp.nspname != 'information_schema')
+{% endif %}

web/pgadmin/browser/server_groups/servers/databases/schemas/views/templates/views/pg/15_plus/sql/update.sql

@@ -0,0 +1,106 @@
+{# ============================ Update View ========================= #}
+{% import 'macros/schemas/security.macros' as SECLABEL %}
+{% import 'macros/schemas/privilege.macros' as PRIVILEGE %}
+{% if data %}
+{% set view_name = data.name if data.name else o_data.name %}
+{% set view_schema = data.schema if data.schema else o_data.schema %}
+{% set def = data.definition.rstrip(';') if data.definition %}
+{% if data.name and data.name != o_data.name %}
+ALTER VIEW IF EXISTS {{ conn|qtIdent(o_data.schema, o_data.name) }}
+    RENAME TO {{ conn|qtIdent(data.name) }};
+{% endif %}
+{% if data.schema and data.schema != o_data.schema %}
+ALTER VIEW IF EXISTS {{ conn|qtIdent(o_data.schema, view_name ) }}
+    SET SCHEMA {{ conn|qtIdent(data.schema) }};
+{% endif %}
+{% if def and def != o_data.definition.rstrip(';') %}
+{% if data.del_sql %}
+DROP VIEW {{ conn|qtIdent(view_schema, view_name) }};
+
+{% endif %}
+CREATE OR REPLACE VIEW {{ conn|qtIdent(view_schema, view_name) }}
+{% if ((data.check_option and data.check_option.lower() != 'no') or data.security_barrier or data.security_invoker) %}
+    WITH ({% if (data.check_option or o_data.check_option) %}check_option={{ data.check_option if data.check_option else o_data.check_option }}{{', ' }}{% endif %}security_barrier={{ data.security_barrier|lower if data.security_barrier is defined else o_data.security_barrier|default('false', 'true')|lower }}{{', ' }}security_invoker={{ data.security_invoker|lower if data.security_invoker is defined else o_data.security_invoker|default('false', 'true')|lower }})
+{% endif %}
+    AS
+    {{ def }};
+{% if data.del_sql and data.owner is not defined %}
+
+ALTER TABLE {{ conn|qtIdent(view_schema, view_name) }}
+    OWNER TO {{ conn|qtIdent(o_data.owner) }};
+{% endif %}
+{% else %}
+{% if (data.security_barrier is defined and data.security_barrier|lower !=  o_data.security_barrier|lower) %}
+ALTER VIEW IF EXISTS {{ conn|qtIdent(view_schema, view_name) }}
+    SET (security_barrier={{ data.security_barrier|lower }});
+{% endif %}
+{% if (data.security_invoker is defined and data.security_invoker|lower !=  o_data.security_invoker|lower) %}
+ALTER VIEW IF EXISTS {{ conn|qtIdent(view_schema, view_name) }}
+    SET (security_invoker={{ data.security_invoker|lower }});
+{% endif %}
+{% if (data.check_option and data.check_option != o_data.check_option and data.check_option != 'no') %}
+ALTER VIEW IF EXISTS {{ conn|qtIdent(view_schema, view_name) }}
+    SET (check_option={{ data.check_option }});
+{% elif (data.check_option and data.check_option != o_data.check_option and data.check_option == 'no') %}
+ALTER VIEW IF EXISTS {{ conn|qtIdent(view_schema, view_name) }} RESET (check_option);
+{% endif %}
+{% endif %}
+{% if data.owner and data.owner != o_data.owner %}
+ALTER TABLE IF EXISTS {{ conn|qtIdent(view_schema, view_name) }}
+    OWNER TO {{ conn|qtIdent(data.owner) }};
+{% endif %}
+{% set old_comment = o_data.comment|default('', true) %}
+{% if (data.comment is defined and (data.comment != old_comment)) %}
+
+COMMENT ON VIEW {{ conn|qtIdent(view_schema, view_name) }}
+    IS {{ data.comment|qtLiteral(conn) }};
+{% elif  data.del_sql == True and old_comment != '' %}
+COMMENT ON VIEW {{ conn|qtIdent(view_schema, view_name) }}
+    IS {{ old_comment|qtLiteral(conn) }};
+{% endif %}
+{# The SQL generated below will change privileges #}
+{% if o_data.acl_sql and o_data.acl_sql != '' %}
+{{o_data['acl_sql']}}
+{% endif %}
+{% if data.datacl %}
+{% if 'deleted' in data.datacl %}
+{% for priv in data.datacl.deleted %}
+{{ PRIVILEGE.UNSETALL(conn, 'TABLE', priv.grantee, data.name, data.schema) }}
+{% endfor %}
+{% endif %}
+{% if 'changed' in data.datacl %}
+{% for priv in data.datacl.changed %}
+{% if priv.grantee != priv.old_grantee %}
+{{ PRIVILEGE.UNSETALL(conn, 'TABLE', priv.old_grantee, data.name, data.schema) }}
+{% else %}
+{{ PRIVILEGE.UNSETALL(conn, 'TABLE', priv.grantee, data.name, data.schema) }}
+{% endif %}
+{{ PRIVILEGE.SET(conn, 'TABLE', priv.grantee, data.name, priv.without_grant, priv.with_grant, data.schema) }}
+{% endfor %}
+{% endif %}
+{% if 'added' in data.datacl %}
+{% for priv in data.datacl.added %}
+{{ PRIVILEGE.SET(conn, 'TABLE', priv.grantee, data.name, priv.without_grant, priv.with_grant, data.schema) }}
+{% endfor %}
+{% endif %}
+{% endif %}
+{# The SQL generated below will change Security Label #}
+{% if data.seclabels is not none and data.seclabels|length > 0 %}
+{% set seclabels = data.seclabels %}
+{% if 'deleted' in seclabels and seclabels.deleted|length > 0 %}
+{% for r in seclabels.deleted %}
+{{ SECLABEL.UNSET(conn, 'VIEW', data.name, r.provider, data.schema) }}
+{% endfor %}
+{% endif %}
+{% if 'added' in seclabels and seclabels.added|length > 0 %}
+{% for r in seclabels.added %}
+{{ SECLABEL.SET(conn, 'VIEW', data.name, r.provider, r.label, data.schema) }}
+{% endfor %}
+{% endif %}
+{% if 'changed' in seclabels and seclabels.changed|length > 0 %}
+{% for r in seclabels.changed %}
+{{ SECLABEL.SET(conn, 'VIEW', data.name, r.provider, r.label, data.schema) }}
+{% endfor %}
+{% endif %}
+{% endif %}
+{% endif %}

web/pgadmin/browser/server_groups/servers/databases/schemas/views/templates/views/ppas/15_plus/sql/create.sql

@@ -0,0 +1,32 @@
+{#============================Create new view=========================#}
+{% if display_comments %}
+-- View: {{ data.schema }}.{{ data.name }}
+
+-- DROP VIEW {{ conn|qtIdent(data.schema, data.name) }};
+
+{% endif %}
+{% if data.name and data.schema and data.definition %}
+CREATE{% if add_replace_clause %} OR REPLACE{% endif %} VIEW {{ conn|qtIdent(data.schema, data.name) }}
+{% if ((data.check_option and data.check_option.lower() != 'no') or data.security_barrier or data.security_invoker) %}
+WITH (
+{% if data.check_option and data.check_option.lower() != 'no' %}
+  check_option={{ data.check_option }}{% if data.check_option and data.check_option.lower() != 'no' and (data.security_barrier or data.security_invoker) %},
+{% endif %}{% endif %}
+{% if data.security_barrier %}
+  security_barrier={{ data.security_barrier|lower }}{% if data.security_barrier and data.security_invoker %},
+{% endif %}{% endif %}
+{% if data.security_invoker %}
+  security_invoker={{ data.security_invoker|lower }}{% endif %}
+
+){% endif %} AS
+{{ data.definition.rstrip(';') }};
+{% if data.owner and data.m_view is undefined %}
+
+ALTER TABLE IF EXISTS {{ conn|qtIdent(data.schema, data.name) }}
+    OWNER TO {{ conn|qtIdent(data.owner) }};
+{% endif %}
+{% if data.comment %}
+COMMENT ON VIEW {{ conn|qtIdent(data.schema, data.name) }}
+    IS {{ data.comment|qtLiteral(conn) }};
+{% endif %}
+{% endif %}

web/pgadmin/browser/server_groups/servers/databases/schemas/views/templates/views/ppas/15_plus/sql/properties.sql

@@ -0,0 +1,73 @@
+{# ========================== Fetch View Properties ========================= #}
+{% if (vid and datlastsysoid) or scid %}
+SELECT
+    c.oid,
+    c.xmin,
+    c.relkind,
+    description AS comment,
+    (CASE WHEN length(spc.spcname::text) > 0 THEN spc.spcname ELSE 'pg_default' END) as spcname,
+    c.relname AS name,
+    c.reltablespace AS spcoid,
+    nsp.nspname AS schema,
+    c.relispopulated AS ispopulated,
+    pg_catalog.pg_get_userbyid(c.relowner) AS owner,
+    pg_catalog.array_to_string(c.relacl::text[], ', ') AS acl,
+    pg_catalog.pg_get_viewdef(c.oid) AS definition,
+    {# ===== Checks if it is system view ===== #}
+    {% if vid and datlastsysoid %}
+    CASE WHEN {{vid}} <= {{datlastsysoid}} THEN True ELSE False END AS system_view,
+    {% endif %}
+    (SELECT
+        pg_catalog.array_agg(provider || '=' || label)
+     FROM
+        pg_catalog.pg_seclabels sl1
+     WHERE
+        sl1.objoid=c.oid AND sl1.objsubid=0
+    ) AS seclabels,
+    substring(pg_catalog.array_to_string(c.reloptions, ',')
+        FROM 'check_option=([a-z]*)') AS check_option,
+    (substring(pg_catalog.array_to_string(c.reloptions, ',')
+        FROM 'security_barrier=([a-z|0-9]*)'))::boolean AS security_barrier,
+    (substring(pg_catalog.array_to_string(c.reloptions, ',')
+        FROM 'security_invoker=([a-z|0-9]*)'))::boolean AS security_invoker
+FROM pg_catalog.pg_class c
+LEFT OUTER JOIN pg_catalog.pg_namespace nsp on nsp.oid = c.relnamespace
+LEFT OUTER JOIN pg_catalog.pg_tablespace spc on spc.oid=c.reltablespace
+LEFT OUTER JOIN pg_catalog.pg_description des ON (des.objoid=c.oid and des.objsubid=0 AND des.classoid='pg_class'::regclass)
+    WHERE ((c.relhasrules AND (EXISTS (
+        SELECT
+            r.rulename
+        FROM
+            pg_catalog.pg_rewrite r
+        WHERE
+            ((r.ev_class = c.oid)
+                AND (pg_catalog.bpchar(r.ev_type) = '1'::bpchar)) )))
+            AND (c.relkind = 'v'::char)
+          )
+{% if (vid and datlastsysoid) %}
+    AND c.oid = {{vid}}::oid
+{% elif scid %}
+    AND c.relnamespace = {{scid}}::oid
+ORDER BY
+    c.relname
+{% endif %}
+
+{% elif type == 'roles' %}
+SELECT
+    pr.rolname
+FROM
+    pg_catalog.pg_roles pr
+WHERE
+    pr.rolcanlogin
+ORDER BY
+    pr.rolname
+
+{% elif type == 'schemas' %}
+SELECT
+    nsp.nspname
+FROM
+    pg_catalog.pg_namespace nsp
+WHERE
+    (nsp.nspname NOT LIKE E'pg\\_%'
+        AND nsp.nspname != 'information_schema')
+{% endif %}