sql - PostgreSQL - 在关系策略中检测到无限递归

Question

数据库中有 3 个表 - 部门、员工、帐户。一个部门有很多员工。Employee 包含列department_id bigintAccount 表包含列login varchar，employee_id bigint用于将 Postgres 用户（角色）绑定到 Employee 中的行。

我的目标是让用户只看到和使用那些值department_id与用户相同的 Employee 行。

必须有类似的东西：

CREATE POLICY locale_policy ON employee
TO justuser, operator
USING (department_id =
    (SELECT department_id FROM employee WHERE id =
        (SELECT employee_id FROM account WHERE login = CURRENT_USER)
    )
)

但是由于来自 Employee 的子查询，它正在提高infinite recursion detected in policy for relation employee.

编辑：关系由以下定义：

create table department(
    id serial primary key);
create table employee(
    id serial primary key,
    department_id int8 not null references department(id));
create table account(
    id serial primary key,
    login varchar(100) not null unique,
    employee_id int8 not null unique references employee(id));

Answer 1

好吧，我不知道它有多体面，但它对我有用。我在创建当前用户部门的 id 的视图中找到了解决方案，然后检查它是否匹配：

CREATE VIEW curr_department AS
    (SELECT department_id as id FROM employee WHERE id =
        (SELECT employee_id FROM account WHERE login = current_user)
    );

CREATE POLICY locale_policy ON employee
    TO justuser, operator
    USING (department_id =
        (SELECT id FROM curr_department)
    );

Answer 2

唉 rexter 不允许创建角色.. http://rextester.com/QDYC6798

create table department(
    id serial primary key);
create table employee(
    id serial primary key,
    department_id int8 not null references department(id));
create table account(
    id serial primary key,
    login varchar(100) not null unique,
    employee_id int8 not null unique references employee(id));
insert into department default values;
insert into department default values;
insert into employee (department_id ) select 1;
insert into employee (department_id ) select 2;
insert into account (login,employee_id) select 'justuser',1;
insert into account (login,employee_id) select 'operator',2;
create role justuser;
create role operator;
set role justuser;
select * from employee;

无法重现。这不是一个答案 - 只是一个格式化的脚本。解决后我会删除它