[
https://issues.apache.org/jira/browse/CALCITE-2194?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16392630#comment-16392630
]
Piotr Bojko edited comment on CALCITE-2194 at 3/9/18 1:56 PM:
--------------------------------------------------------------
Ok, take your time.
For me the most important is whether SqlAccessEnum can be extended or not. With
INDIRECT_SELECT following schema:
{code}
{
"name": "HIDDEN_SCHEMA",
"type": "custom",
"factory": "some-factory",
"operand": {},
"access" : {
"factory" : "some-new-factory-for-user-based-access-logic",
"operand" : {
"user01" : "SELECT",
"user02" : "INDIRECT_SELECT"
"user03" : "SELECT, INDIRECT_SELECT"
}
}
}
{code}
* for user01 is forbidden to use it indirect through views from other schemas
* for user02 is hidden and it can access it only though views
* for user03 is open for all selects and views
By the time some patches to pull are delivered:
||Issue||Status||
|Reformattng, house style|todo|
|Periods|todo|
|Checkstyle on RexImpTable|done|
|SqlAccessEnum.INDIRECT_SELECT|explained, to be accepted or not|
|Immutability on RelOptTalbleImpl|It is still immutable, changes only in
MySchemaPlus which is not immutable, changes are unsupported like for example
RelOptTalbleImpl.MySchemaPlus.add methods|
|CalcitePrincipalFairy name and threadlocal implementation|todo|
|System.getProperty("user.name")|Number of usage not increased, used only for
backward compatibility|
|boolean indirect not explained|todo|
|messy .gitignore|done|
was (Author: ptrbojko):
Ok, take your time.
For me the most important is whether SqlAccessEnum can be extended or not. With
INDIRECT_SELECT following schema:
{code:json}
{
"name": "HIDDEN_SCHEMA",
"type": "custom",
"factory": "some-factory",
"operand": {},
"access" : {
"factory" : "some-new-factory-for-user-based-access-logic",
"operand" : {
"user01" : "SELECT",
"user02" : "INDIRECT_SELECT"
"user03" : "SELECT, INDIRECT_SELECT"
}
}
}
{code}
* for user01 is forbidden to use it indirect through views from other schemas
* for user02 is hidden and it can access it only though views
* for user03 is open for all selects and views
> Ability to hide a schema
> ------------------------
>
> Key: CALCITE-2194
> URL: https://issues.apache.org/jira/browse/CALCITE-2194
> Project: Calcite
> Issue Type: New Feature
> Components: core
> Affects Versions: 1.16.0
> Reporter: Piotr Bojko
> Assignee: Piotr Bojko
> Priority: Minor
>
> See:
> [https://mail-archives.apache.org/mod_mbox/calcite-dev/201711.mbox/ajax/%3C6F6E52D4-6860-4384-A1CB-A2301D05394D%40apache.org%3E]
> I've looked into the core and the notion of an user could be hard to achieved
> now.
> Though, I am able to implement the "hidden schema" feature through following
> changes:
> # JsonSchema - add a holder for the feature, boolean flag or flags field
> with enum (CACHED which now exists as a separate flag - some deprecation
> could be needed, HIDDEN)
> # CalciteSchema - pass through of a flag
> # RelOptSchema - pass through of a flag
> # CalciteCatalogReader - pass through of a flag
> # Other derivatives of RelOptSchema - mocked value, false
> # RelOptTable and impl - pass through of a flag
> # SqlValidatorImpl - validation whether object from hidden schema is used
> (in the same places like validateAccess)
> # ViewTableMacro.apply -> Schemas.analyzeView ->
> CalcitePrepareImpl.analyzeView -> CalcitePrepareImpl.parse_ ->
> CalcitePrepareImpl.CalcitePrepareImpl - this path of execution should build
> SqlValidatorImpl which has the check from point 7 disabled-
> Such feature could be useful for end users.
> If the solution is ok - I can contribute it.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
