MgjLLL commented on code in PR #8136:
URL: https://github.com/apache/paimon/pull/8136#discussion_r3465388651
##########
paimon-python/pypaimon/table/file_store_table.py:
##########
@@ -407,11 +410,13 @@ def bucket_mode(self) -> BucketMode:
else:
return BucketMode.HASH_FIXED
- def new_read_builder(self) -> 'ReadBuilder':
- return ReadBuilder(self)
+ def new_read_builder(self, *, _skip_auth=False) -> 'ReadBuilder':
Review Comment:
The Python write paths (e.g. `table_update.py`, `table_upsert_by_key.py`,
`file_store_write.py`) internally call `new_read_builder()` to read
existing
data for operations like UPDATE, UPSERT, and MERGE INTO. This is a
pre-existing
design that predates this PR.
Once query auth is injected into `new_read_builder()`, those internal reads
would also be subject to row filtering and column masking — returning a
subset
of rows or masked column values to the write engine, which would corrupt
the
write results.
`_skip_auth=True` bypasses auth for these internal, system-initiated reads,
matching Java's design: Java's write paths operate at a lower abstraction
level
(e.g. `LocalTableQuery`, `SortedGlobalIndexBuilder`) that never passes
through
`AbstractDataTableScan`'s auth injection point in the first place.
The leading underscore signals that this is an internal API not intended
for
external callers.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]