Re: [PR] Returning tables names failing authorization in Exception of Multi State Engine Queries [pinot]

Sat, 25 May 2024 04:10:26 -0700 


eaugene commented on code in PR #13195:
URL: https://github.com/apache/pinot/pull/13195#discussion_r1614575117


##########
pinot-broker/src/main/java/org/apache/pinot/broker/api/AccessControl.java:
##########
@@ -42,21 +46,58 @@ default boolean hasAccess(RequesterIdentity 
requesterIdentity) {
 
   /**
    * Fine-grained access control on parsed broker request. May check table, 
column, permissions, etc.
-   *
+   * The default implementation is kept to have backward compatibility with 
the existing implementations
    * @param requesterIdentity requester identity
    * @param brokerRequest broker request (incl query)
    *
    * @return {@code true} if authorized, {@code false} otherwise
    */
-  boolean hasAccess(RequesterIdentity requesterIdentity, BrokerRequest 
brokerRequest);
+
+  default boolean hasAccess(RequesterIdentity requesterIdentity, BrokerRequest 
brokerRequest) {
+    return true;

Review Comment:
   Made the changes @Jackie-Jiang  . PTAL .
   
   > In that case we might also want to remove the override in 
BasicAuthAccessControlFactory and ZkBasicAuthAccessControlFactory
   
   I hope you meant to not have overrides for hasAccess() in 
`BasicAuthAccessControlFactory` and `ZkBasicAuthAccessControlFactory` . If Yes 
, they have been already removed . Only overrides of `authorize()` is present 
there
   
   _On a related note to this discussions :_ 
   I left this as it is ,
   ```
   default boolean hasAccess(RequesterIdentity requesterIdentity) {
       return true;
     }
   ```
   and created a new equivalent `authorize(RequesterIdentity 
requesterIdentity)` which in default calls `hasAccess(requesterIdentity)` . I 
don't suspect any backward incompatibility problems here .
   



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to