AngersZhuuuu commented on code in PR #5504:
URL: https://github.com/apache/kyuubi/pull/5504#discussion_r1369674674
##########
extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala:
##########
@@ -65,49 +65,65 @@ object PrivilegesBuilder {
def mergeProjection(table: Table, plan: LogicalPlan): Unit = {
if (projectionList.isEmpty) {
- privilegeObjects += PrivilegeObject(table, plan.output.map(_.name))
+ plan match {
+ case pvm: PermanentViewMarker if pvm.output.isEmpty =>
+ privilegeObjects += PrivilegeObject(table,
pvm.catalogTable.schema.map(_.name))
+ case _ =>
+ privilegeObjects += PrivilegeObject(table, plan.output.map(_.name))
+ }
Review Comment:
Since we don't need handle Subquery, and w'd better handle view's output
here to make it can merge projection.
##########
extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala:
##########
@@ -65,49 +65,65 @@ object PrivilegesBuilder {
def mergeProjection(table: Table, plan: LogicalPlan): Unit = {
if (projectionList.isEmpty) {
- privilegeObjects += PrivilegeObject(table, plan.output.map(_.name))
+ plan match {
+ case pvm: PermanentViewMarker if pvm.output.isEmpty =>
+ privilegeObjects += PrivilegeObject(table,
pvm.catalogTable.schema.map(_.name))
+ case _ =>
+ privilegeObjects += PrivilegeObject(table, plan.output.map(_.name))
+ }
} else {
val cols = (projectionList ++ conditionList).flatMap(collectLeaves)
.filter(plan.outputSet.contains).map(_.name).distinct
privilegeObjects += PrivilegeObject(table, cols)
}
}
+ // Should execute this for all plan and skip PermanentViewMaker
+ def buildSubquery(): Unit = {
+ plan transformExpressions {
+ case subquery: SubqueryExpression =>
+ buildQuery(subquery.plan, privilegeObjects, projectionList,
conditionList, spark)
+ subquery
+ }
+ }
Review Comment:
Hanlde subquery expression here to avoid miss SubqueryExpression's privilege.
##########
extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala:
##########
@@ -91,14 +91,10 @@ class TableIdentifierTableExtractor extends TableExtractor {
*/
class CatalogTableTableExtractor extends TableExtractor {
override def apply(spark: SparkSession, v1: AnyRef): Option[Table] = {
- if (null == v1) {
- None
Review Comment:
Not need now.
##########
extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala:
##########
@@ -65,49 +65,65 @@ object PrivilegesBuilder {
def mergeProjection(table: Table, plan: LogicalPlan): Unit = {
if (projectionList.isEmpty) {
- privilegeObjects += PrivilegeObject(table, plan.output.map(_.name))
+ plan match {
+ case pvm: PermanentViewMarker if pvm.output.isEmpty =>
+ privilegeObjects += PrivilegeObject(table,
pvm.catalogTable.schema.map(_.name))
+ case _ =>
+ privilegeObjects += PrivilegeObject(table, plan.output.map(_.name))
+ }
} else {
val cols = (projectionList ++ conditionList).flatMap(collectLeaves)
.filter(plan.outputSet.contains).map(_.name).distinct
privilegeObjects += PrivilegeObject(table, cols)
}
}
+ // Should execute this for all plan and skip PermanentViewMaker
+ def buildSubquery(): Unit = {
+ plan transformExpressions {
+ case subquery: SubqueryExpression =>
+ buildQuery(subquery.plan, privilegeObjects, projectionList,
conditionList, spark)
+ subquery
+ }
+ }
+
plan match {
- case p: Project => buildQuery(p.child, privilegeObjects, p.projectList,
conditionList, spark)
+ case p: Project =>
+ buildSubquery()
+ buildQuery(p.child, privilegeObjects, p.projectList, conditionList,
spark)
case j: Join =>
val cols =
conditionList ++ j.condition.map(expr =>
collectLeaves(expr)).getOrElse(Nil)
+ buildSubquery()
buildQuery(j.left, privilegeObjects, projectionList, cols, spark)
buildQuery(j.right, privilegeObjects, projectionList, cols, spark)
case f: Filter =>
val cols = conditionList ++ collectLeaves(f.condition)
+ buildSubquery()
buildQuery(f.child, privilegeObjects, projectionList, cols, spark)
case w: Window =>
val orderCols = w.orderSpec.flatMap(orderSpec =>
collectLeaves(orderSpec))
val partitionCols = w.partitionSpec.flatMap(partitionSpec =>
collectLeaves(partitionSpec))
val cols = conditionList ++ orderCols ++ partitionCols
+ buildSubquery()
buildQuery(w.child, privilegeObjects, projectionList, cols, spark)
case s: Sort =>
val sortCols = s.order.flatMap(sortOrder => collectLeaves(sortOrder))
val cols = conditionList ++ sortCols
+ buildSubquery()
buildQuery(s.child, privilegeObjects, projectionList, cols, spark)
case a: Aggregate =>
val aggCols =
(a.aggregateExpressions ++ a.groupingExpressions).flatMap(e =>
collectLeaves(e))
val cols = conditionList ++ aggCols
+ buildSubquery()
buildQuery(a.child, privilegeObjects, projectionList, cols, spark)
- case pvm: PermanentViewMarker =>
- getScanSpec(pvm).tables(pvm, spark).foreach { table =>
- privilegeObjects += PrivilegeObject(table, pvm.visitColNames)
- }
-
case scan if isKnownScan(scan) && scan.resolved =>
getScanSpec(scan).tables(scan, spark).foreach(mergeProjection(_, scan))
Review Comment:
Son't need to handle SubqueryExpression for scan node and UnresolvedRelation
node
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
