Hello guys!
I've faced an interesting case with cascade drops. If we drop some view that is dependency for another view then drop cascade will not check permissions for cascade-droppping views.
Short example is:
create user alice with password 'apassword';
create user bob with password 'bpassword';
create schema sandbox_a;
create schema sandbox_b;
grant all on schema sandbox_a to alice;
grant all on schema sandbox_b to bob;
grant usage on schema sandbox_a to bob;
-- alice
create or replace view sandbox_a.alice_view as
select category, name, setting
from pg_catalog.pg_settings;
grant select on sandbox_a.alice_view to bob;
-- bob
create or replace view sandbox_b.bob_view as
select distinct category
from sandbox_a.alice_view;
-- alice
drop view sandbox_a.alice_view cascade;
-- !!! will drop sandbox_b.bob_view although alice is not an owner of sandbox_b.bob_view
It seems strange to me that somebody who is not a member of owner role can drop an object bypassing permission checks.
Is this behaviour OK?
