This is an automated email from the ASF dual-hosted git repository.
frankgh pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/cassandra.git
The following commit(s) were added to refs/heads/trunk by this push:
new 7c3dea92cf Avoid permission checks for masked columns when the table
doesn't have any
7c3dea92cf is described below
commit 7c3dea92cf6e287e1a3b26d94636f3b9c955830b
Author: Francisco Guerrero <[email protected]>
AuthorDate: Fri Apr 10 16:28:44 2026 -0700
Avoid permission checks for masked columns when the table doesn't have any
patch by Francisco Guerrero; reviewed by Shailaja Koppu, Caleb Rackliffe,
Dmitry Konstantinov for CASSANDRA-21299
---
CHANGES.txt | 1 +
.../apache/cassandra/cql3/statements/SelectStatement.java | 3 ++-
src/java/org/apache/cassandra/schema/TableMetadata.java | 14 ++++++++------
3 files changed, 11 insertions(+), 7 deletions(-)
diff --git a/CHANGES.txt b/CHANGES.txt
index 7b3c3c86be..3e965bf7b4 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,4 +1,5 @@
6.0-alpha2
+ * Avoid permission checks for masked columns when the table doesn't have any
(CASSANDRA-21299)
* Reduce allocations and array copies due to buffer resizing in
LocalDataResponse during row serialization (CASSANDRA-21285)
* Implement a guardrail for client driver versions (CASSANDRA-21146)
* Enable IAuthenticator to declare supported and alterable role options
(CASSANDRA-20834)
diff --git a/src/java/org/apache/cassandra/cql3/statements/SelectStatement.java
b/src/java/org/apache/cassandra/cql3/statements/SelectStatement.java
index 1752fe0bc4..91361ae91c 100644
--- a/src/java/org/apache/cassandra/cql3/statements/SelectStatement.java
+++ b/src/java/org/apache/cassandra/cql3/statements/SelectStatement.java
@@ -321,7 +321,8 @@ public class SelectStatement implements
CQLStatement.SingleKeyspaceCqlStatement,
for (Function function : getFunctions())
state.ensurePermission(Permission.EXECUTE, function);
- if (!state.hasTablePermission(table, Permission.UNMASK) &&
+ if (table.hasMaskedColumns() &&
+ !state.hasTablePermission(table, Permission.UNMASK) &&
!state.hasTablePermission(table, Permission.SELECT_MASKED))
{
List<ColumnMetadata> queriedMaskedColumns = table.columns()
diff --git a/src/java/org/apache/cassandra/schema/TableMetadata.java
b/src/java/org/apache/cassandra/schema/TableMetadata.java
index 9589062c8b..05c92115b9 100644
--- a/src/java/org/apache/cassandra/schema/TableMetadata.java
+++ b/src/java/org/apache/cassandra/schema/TableMetadata.java
@@ -223,6 +223,9 @@ public class TableMetadata implements SchemaElement
public final List<ColumnMetadata> columnsWithConstraints;
public final List<ColumnMetadata> notNullColumns;
+ // remember whether there are masked columns or not
+ private final boolean hasMaskedColumns;
+
protected TableMetadata(Builder builder)
{
flags = Sets.immutableEnumSet(builder.flags);
@@ -285,6 +288,7 @@ public class TableMetadata implements SchemaElement
List<ColumnMetadata> columnsWithConstraints = new ArrayList<>();
List<ColumnMetadata> notNullColumns = new ArrayList<>();
+ boolean hasMaskedColumns = false;
for (ColumnMetadata column : this.columns())
{
@@ -295,7 +299,10 @@ public class TableMetadata implements SchemaElement
notNullColumns.add(column);
}
+ if (column.isMasked())
+ hasMaskedColumns = true;
}
+ this.hasMaskedColumns = hasMaskedColumns;
this.columnsWithConstraints = columnsWithConstraints;
this.notNullColumns = notNullColumns;
}
@@ -584,12 +591,7 @@ public class TableMetadata implements SchemaElement
*/
public boolean hasMaskedColumns()
{
- for (ColumnMetadata column : columns.values())
- {
- if (column.isMasked())
- return true;
- }
- return false;
+ return hasMaskedColumns;
}
/**
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
