(kyuubi) branch master updated: Revert "[KYUUBI #5793][BUG] PVM with nested scala-subquery should not src table privilege"

yao Thu, 30 Nov 2023 02:13:53 -0800

This is an automated email from the ASF dual-hosted git repository.

yao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kyuubi.git



The following commit(s) were added to refs/heads/master by this push:
     new 7fcbce3e9 Revert "[KYUUBI #5793][BUG] PVM with nested scala-subquery 
should not src table privilege"
7fcbce3e9 is described below

commit 7fcbce3e9d0a26a3dd675c5d6bfbad7e2a548505
Author: Kent Yao <[email protected]>
AuthorDate: Thu Nov 30 18:12:50 2023 +0800

    Revert "[KYUUBI #5793][BUG] PVM with nested scala-subquery should not src 
table privilege"
    
    This reverts commit 30c9c1657fe5dd6bf6bc58b5b51c44707c69c929.
---
 .../RuleApplyPermanentViewMarker.scala             | 20 +++-------
 .../authz/ranger/RangerSparkExtensionSuite.scala   | 46 ----------------------
 2 files changed, 5 insertions(+), 61 deletions(-)

diff --git 
a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/permanentview/RuleApplyPermanentViewMarker.scala
 
b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/permanentview/RuleApplyPermanentViewMarker.scala
index fdea01490..b809d8f34 100644
--- 
a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/permanentview/RuleApplyPermanentViewMarker.scala
+++ 
b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/permanentview/RuleApplyPermanentViewMarker.scala
@@ -17,7 +17,6 @@
 
 package org.apache.kyuubi.plugin.spark.authz.rule.permanentview
 
-import org.apache.spark.sql.catalyst.catalog.CatalogTable
 import org.apache.spark.sql.catalyst.expressions.SubqueryExpression
 import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, View}
 import org.apache.spark.sql.catalyst.rules.Rule
@@ -33,24 +32,15 @@ import 
org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
  */
 class RuleApplyPermanentViewMarker extends Rule[LogicalPlan] {
 
-  private def resolveSubqueryExpression(
-      plan: LogicalPlan,
-      catalogTable: CatalogTable): LogicalPlan = {
-    plan.transformAllExpressions {
-      case subquery: SubqueryExpression =>
-        subquery.withNewPlan(plan = PermanentViewMarker(
-          resolveSubqueryExpression(subquery.plan, catalogTable),
-          catalogTable))
-    }
-  }
-
   override def apply(plan: LogicalPlan): LogicalPlan = {
     plan mapChildren {
       case p: PermanentViewMarker => p
       case permanentView: View if hasResolvedPermanentView(permanentView) =>
-        PermanentViewMarker(
-          resolveSubqueryExpression(permanentView, permanentView.desc),
-          permanentView.desc)
+        val resolved = permanentView.transformAllExpressions {
+          case subquery: SubqueryExpression =>
+            subquery.withNewPlan(plan = PermanentViewMarker(subquery.plan, 
permanentView.desc))
+        }
+        PermanentViewMarker(resolved, permanentView.desc)
       case other => apply(other)
     }
   }
diff --git 
a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
 
b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
index b2c23f4ef..c62cda5fa 100644
--- 
a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
+++ 
b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
@@ -1368,50 +1368,4 @@ class HiveCatalogRangerSparkExtensionSuite extends 
RangerSparkExtensionSuite {
       }
     }
   }
-
-  test("[KYUUBI #5793][BUG] PVM with nested scala-subquery should not src 
table privilege") {
-    val db1 = defaultDb
-    val table1 = "table1"
-    val table2 = "table2"
-    val table3 = "table3"
-    val view1 = "perm_view"
-    withSingleCallEnabled {
-      withCleanTmpResources(
-        Seq(
-          (s"$db1.$table1", "table"),
-          (s"$db1.$table2", "table"),
-          (s"$db1.$table3", "table"),
-          (s"$db1.$view1", "view"))) {
-        doAs(admin, sql(s"CREATE TABLE IF NOT EXISTS $db1.$table1(id int, 
scope int)"))
-        doAs(
-          admin,
-          sql(
-            s"""
-               | CREATE TABLE IF NOT EXISTS $db1.$table2(
-               |  id int,
-               |  name string,
-               |  age int,
-               |  scope int)
-               | """.stripMargin))
-        doAs(admin, sql(s"CREATE TABLE IF NOT EXISTS $db1.$table3(id int, 
scope int)"))
-        doAs(
-          admin,
-          sql(
-            s"""
-               |CREATE VIEW $db1.$view1
-               |AS
-               |SELECT id, name, max(scope) as max_scope, sum(age) sum_age
-               |FROM $db1.$table2
-               |WHERE scope in (
-               |    SELECT max(scope) max_scope
-               |    FROM $db1.$table1
-               |    WHERE id IN (SELECT id FROM $db1.$table3)
-               |)
-               |GROUP BY id, name
-               |""".stripMargin))
-
-        checkAnswer(permViewOnlyUser, s"SELECT * FROM $db1.$view1", 
Array.empty[Row])
-      }
-    }
-  }
 }

(kyuubi) branch master updated: Revert "[KYUUBI #5793][BUG] PVM with nested scala-subquery should not src table privilege"

Reply via email to