MgjLLL commented on code in PR #8136:
URL: https://github.com/apache/paimon/pull/8136#discussion_r3465388651


##########
paimon-python/pypaimon/table/file_store_table.py:
##########
@@ -407,11 +410,13 @@ def bucket_mode(self) -> BucketMode:
             else:
                 return BucketMode.HASH_FIXED
 
-    def new_read_builder(self) -> 'ReadBuilder':
-        return ReadBuilder(self)
+    def new_read_builder(self, *, _skip_auth=False) -> 'ReadBuilder':

Review Comment:
     The Python write paths (e.g. `table_update.py`, `table_upsert_by_key.py`,
     `file_store_write.py`) internally call `new_read_builder()` to read 
existing
     data for operations like UPDATE, UPSERT, and MERGE INTO. This is a 
pre-existing
     design that predates this PR.
   
     Once query auth is injected into `new_read_builder()`, those internal reads
     would also be subject to row filtering and column masking — returning a 
subset
     of rows or masked column values to the write engine, which would corrupt 
the
     write results.
   
     `_skip_auth=True` bypasses auth for these internal, system-initiated reads,
     matching Java's design: Java's write paths operate at a lower abstraction 
level
     (e.g. `LocalTableQuery`, `SortedGlobalIndexBuilder`) that never passes 
through
     `AbstractDataTableScan`'s auth injection point in the first place.
   
     The leading underscore signals that this is an internal API not intended 
for
     external callers.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to