somandal commented on code in PR #10534:
URL: https://github.com/apache/pinot/pull/10534#discussion_r1157522885
##########
pinot-broker/src/main/java/org/apache/pinot/broker/requesthandler/MultiStageBrokerRequestHandler.java:
##########
@@ -221,6 +242,11 @@ private BrokerResponse handleRequest(long requestId,
String query,
return brokerResponse;
}
+ private boolean hasTableAccess(RequesterIdentity requesterIdentity, RelNode
relRoot) {
+ Set<String> tableNames = new
HashSet<>(RelOptUtil.findAllTableQualifiedNames(relRoot));
+ return _accessControlFactory.create().hasAccess(requesterIdentity,
tableNames);
+ }
Review Comment:
Is looking at the `RelRoot` actually necessary to get the list of table
names? Later in the code i see that the `QueryPlan` has the list of tables:
```
List<String> tableNames =
queryPlan.getStageMetadataMap().get(entry.getKey()).getScannedTables();
```
Perhaps we can reuse the above rather than trying to expose the `RelRoot`?
Optionally do you think we should push down this validation to the actual
`explainPlan` or `planQuery` methods themselves instead if you really need
access to the `RelRoot` to get the table names?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
