rework `disable_referential_integrity` for PostgreSQL.

[Toby Ovod-Everett & Andrey Nering & Yves Senn]

Closes #17726.
Closes #10939.

This patch makes three distinct modifications:

1. no longer fall back to disabling user triggers if system triggers can't be disabled
2. warn the user when referential integrity can't be disabled
3. restore aborted transactions when referential integrity can't be disabled

The motivation behind these changes is to make the behavior of Rails
transparent and less error-prone. To require superuser privileges is not optimal
but it's what Rails currently needs. Users who absolutely rely on disabling user triggers
can patch `disable_referential_integrity`.

We should investigate `SET CONSTRAINTS` as a possible solution which does not require
superuser privileges.

/cc @matthewd

1 files changed, 19 insertions, 0 deletions

diff --git a/activerecord/CHANGELOG.md b/activerecord/CHANGELOG.md
index 51c047479f..6cdf9ebd9b 100644
--- a/activerecord/CHANGELOG.md
+++ b/activerecord/CHANGELOG.md
@@ -1,3 +1,22 @@
+*   PostgreSQL, no longer disables user triggers if system triggers can't be
+    disabled. Disabling user triggers does not fulfill what the method promises.
+    Rails currently requires superuser privileges for this method.
+
+    If you absolutely rely on this behavior, consider patching
+    `disable_referential_integrity`.
+
+    *Yves Senn*
+
+*   Restore aborted transaction state when `disable_referential_integrity` fails
+    due to missing permissions.
+
+    *Toby Ovod-Everett*, *Yves Senn*
+
+*   PostgreSQL, print warning message if `disable_referential_integrity` fails
+    due to missing permissions.
+
+    *Andrey Nering*, *Yves Senn*
+
 *   Allow `:limit` option for MySQL bigint primary key support.
 
     Example: