9aman commented on code in PR #16043:
URL: https://github.com/apache/pinot/pull/16043#discussion_r2139200737
##########
pinot-broker/src/main/java/org/apache/pinot/broker/broker/BasicAuthAccessControlFactory.java:
##########
@@ -129,12 +132,43 @@ public TableAuthorizationResult
authorize(RequesterIdentity requesterIdentity, S
failedTables.add(table);
}
}
- if (failedTables.isEmpty()) {
- return TableAuthorizationResult.success();
- }
+// if (failedTables.isEmpty()) {
+// return TableAuthorizationResult.success();
+// }
return new TableAuthorizationResult(failedTables);
}
+ @Override
+ public TableRowColAuthResult getRowColFilters(RequesterIdentity
requesterIdentity, String table) {
+ Optional<BasicAuthPrincipal> principalOpt =
getPrincipalOpt(requesterIdentity);
+
+ if (principalOpt.isEmpty()) {
Review Comment:
The request is failed as the user doesn't have the right to access the
table.
I feel returning an empty list might be a bit misleading here.
Is there concern here that this function is working both as authorize and
fetch row filters ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org
For additional commands, e-mail: commits-h...@pinot.apache.org
