[Bug] `security_invoker` does not work in ALTER VIEW

[czlowiek488]

I recently reported issue requesting support for security_invoker.

I'm testing this feature and it works only half-way.

It works well for statically defined views like below

CREATE OR REPLACE VIEW view_permission WITH (security_invoker = true) AS
 SELECT dcr.id,
    dcr.v0 AS role,
    dcr.v1 AS tenant_id,
    dt.decrypted_name AS tenant_name,
    dcr.decrypted_v2 AS object,
    dcr.decrypted_v3 AS action,
    dcr.decrypted_v4 AS rule,
    dcr.decrypted_v5 AS scope,
    dcr.decrypted_v6 AS feature
   FROM decrypted_casbin_rule dcr
     LEFT JOIN decrypted_user_tenant dt ON dt.tenant_id::text = dcr.v1
  WHERE dcr.ptype = 'p';

For some tables I use pgsodium labels to encrypt my data like below.

CREATE TABLE IF NOT EXISTS user_account (
    user_id uuid,
    email text NOT NULL,
    password_hash text NOT NULL,
    verified boolean DEFAULT false NOT NULL,
    token_version integer NOT NULL,
    created_at timestamptz DEFAULT now() NOT NULL,
    encryption_key_id uuid NOT NULL,
    CONSTRAINT user_account_pkey PRIMARY KEY (user_id),
    CONSTRAINT user_account_email_key UNIQUE (email)
);

SECURITY LABEL FOR pgsodium ON COLUMN user_account.email IS 'ENCRYPT WITH KEY COLUMN encryption_key_id';

ALTER VIEW decrypted_user_account SET (security_invoker = true);

decrypted_user_account is automatically generated view that is created when security label is set.

Currently I still need to apply query below in separate migration to make it work correctly.

ALTER VIEW decrypted_user_account SET (security_invoker = true);

I would expect to have security_invoker working with both ALTER VIEW ... SET and CREATE VIEW ... WITH statements.