vvivekiyer commented on code in PR #13574:
URL: https://github.com/apache/pinot/pull/13574#discussion_r1676205860
##########
pinot-controller/src/main/java/org/apache/pinot/controller/api/resources/PinotQueryResource.java:
##########
@@ -292,7 +293,7 @@ private String getQueryResponse(String query, @Nullable
SqlNode sqlNode, String
// Validate data access
AccessControl accessControl = _accessControlFactory.create();
- if (!accessControl.hasDataAccess(httpHeaders, rawTableName)) {
+ if (!accessControl.hasAccess(rawTableName, AccessType.READ, httpHeaders,
Actions.Table.DOWNLOAD_SEGMENT)) {
Review Comment:
@soumitra-st Passing endpointUrl is critical to allow implementations to
provide different access restrictions to different read endpoints. Hence I had
suggested that we add the relevant action.
All over our codebase (eg: PinotTableResstletResource), we pass the action
as endpointUrl. If we feel that a better identifier is needed to identify
endpointUrl, we can discuss.
@abhioncbr as this is the query endpoint, the action here should be
`Actions.Table.QUERY` ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
