fallintoplace opened a new issue, #5155: URL: https://github.com/apache/texera/issues/5155
### What happened? `ProjectAccessResource.getProjectAccessPrivilege` builds a query that selects `PROJECT_USER_ACCESS.PRIVILEGE`, but the query starts from `WORKFLOW_USER_ACCESS` and filters on `DATASET_USER_ACCESS.UID`. Before: project grant/revoke authorization -> project privilege lookup -> SQL references workflow/dataset access tables. After: project grant/revoke authorization -> project privilege lookup -> SQL reads `PROJECT_USER_ACCESS` by `(pid, uid)`. This can make users with valid project access fail project write checks, and can surface database errors instead of the expected project privilege. ### How to reproduce? 1. On `main`, create a project through `ProjectResource.createProject`, which inserts a `PROJECT_USER_ACCESS` WRITE row for the creator. 2. Call `ProjectAccessResource.getProjectAccessPrivilege(pid, creatorUid)`. 3. The lookup should return `WRITE`, but the current query references the wrong access tables. ### Branch main ### Commit Hash (Optional) bf2f92c81 ### What browsers are you seeing the problem on? N/A - backend bug ### Relevant log output ```shell ProjectAccessResource.getProjectAccessPrivilege selects PROJECT_USER_ACCESS.PRIVILEGE from WORKFLOW_USER_ACCESS and filters DATASET_USER_ACCESS.UID. ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
