PostgreSQL - 在关系策略中检测到无限递归

PostgreSQL - infinite recursion detected in policy for relation

数据库中有 3 tables - 部门、员工、客户。一个部门有很多员工。员工包含列 department_id bigint 帐户 table 包含列 login varcharemployee_id bigint 并用于将 Postgres 用户(角色)绑定到员工中的行。

我的目标是让用户仅查看和使用那些 department_id 的值与用户相同的 Employee 行。

一定是这样的:

CREATE POLICY locale_policy ON employee
TO justuser, operator
USING (department_id =
    (SELECT department_id FROM employee WHERE id =
        (SELECT employee_id FROM account WHERE login = CURRENT_USER)
    )
)

但是由于来自 Employee 的子查询,它正在引发 infinite recursion detected in policy for relation employee

编辑:关系定义为:

create table department(
    id serial primary key);
create table employee(
    id serial primary key,
    department_id int8 not null references department(id));
create table account(
    id serial primary key,
    login varchar(100) not null unique,
    employee_id int8 not null unique references employee(id));

唉 rexter 不允许创建角色.. http://rextester.com/QDYC6798

create table department(
    id serial primary key);
create table employee(
    id serial primary key,
    department_id int8 not null references department(id));
create table account(
    id serial primary key,
    login varchar(100) not null unique,
    employee_id int8 not null unique references employee(id));
insert into department default values;
insert into department default values;
insert into employee (department_id ) select 1;
insert into employee (department_id ) select 2;
insert into account (login,employee_id) select 'justuser',1;
insert into account (login,employee_id) select 'operator',2;
create role justuser;
create role operator;
set role justuser;
select * from employee;

无法重现。这不是答案 - 只是一个格式化的脚本。解决后我会删除它

好吧,我不知道它有多体面,但它对我有用。我找到了创建视图的解决方案,其中是 current_user 部门的 ID,然后检查它是否匹配:

CREATE VIEW curr_department AS
    (SELECT department_id as id FROM employee WHERE id =
        (SELECT employee_id FROM account WHERE login = current_user)
    );

CREATE POLICY locale_policy ON employee
    TO justuser, operator
    USING (department_id =
        (SELECT id FROM curr_department)
    );