surekhasaharan commented on a change in pull request #7579: Adjust required
permissions for system schema
URL: https://github.com/apache/incubator-druid/pull/7579#discussion_r279623866
##########
File path:
sql/src/main/java/org/apache/druid/sql/calcite/schema/SystemSchema.java
##########
@@ -493,11 +493,30 @@ public TableType getJdbcTableType()
@Override
public Enumerable<Object[]> scan(DataContext root)
{
+ final AuthenticationResult authenticationResult =
+ (AuthenticationResult)
root.get(PlannerContext.DATA_CTX_AUTHENTICATION_RESULT);
+
+ final Access stateAccess =
AuthorizationUtils.authorizeAllResourceActions(
+ authenticationResult,
+ Collections.singletonList(new ResourceAction(new Resource("STATE",
ResourceType.STATE), Action.READ)),
+ authorizerMapper
+ );
Review comment:
Since `authenticationResult` and `stateAccess` are being used in
`ServersTable` as well as here in `ServerSegmentsTable`, may be this part can
be placed in a common method like
```
private static boolean accessAllowed(DataContext root, AuthorizerMapper
authorizerMapper)
{
final AuthenticationResult authenticationResult =
(AuthenticationResult)
root.get(PlannerContext.DATA_CTX_AUTHENTICATION_RESULT);
final Access access = AuthorizationUtils.authorizeAllResourceActions(
authenticationResult,
Collections.singletonList(new ResourceAction(new Resource("STATE",
ResourceType.STATE), Action.READ)),
authorizerMapper
);
return access.isAllowed();
}
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]