jon-wei commented on a change in pull request #6094: Introduce SystemSchema
tables (#5989)
URL: https://github.com/apache/incubator-druid/pull/6094#discussion_r222118909
##########
File path:
sql/src/main/java/org/apache/druid/sql/calcite/schema/SystemSchema.java
##########
@@ -412,21 +418,16 @@ public TableType getJdbcTableType()
final List<ImmutableDruidServer> druidServers =
serverView.getDruidServers();
final AuthenticationResult authenticationResult =
(AuthenticationResult)
root.get(PlannerContext.DATA_CTX_AUTHENTICATION_RESULT);
+ final Access access = AuthorizationUtils.authorizeAllResourceActions(
+ authenticationResult,
+ Collections.singletonList(new ResourceAction(new Resource("STATE",
ResourceType.STATE), Action.READ)),
+ authorizerMapper
+ );
+ if (!access.isAllowed()) {
+ return Linq4j.asEnumerable(ImmutableList.of());
Review comment:
Since this is an "all or nothing" check, I think it'd be better to throw a
ForbiddenException here and let the user know they have insufficient privileges
to see the servers
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@druid.apache.org
For additional commands, e-mail: commits-h...@druid.apache.org
