Skip to content

Move permissions handling into a QueryHook #254

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mjgarton merged 1 commit into from
Dec 3, 2025
Merged

Move permissions handling into a QueryHook #254

mjgarton merged 1 commit into from
Dec 3, 2025

Conversation

@mjgarton
Copy link
Collaborator

@mjgarton mjgarton commented Dec 2, 2025

This moves permission handling into a new QueryHook implementation called PermissionsHook

The AuthManager is now moved from HandlerFactory and DfSessionService and is now held only inside the PermissionsHook struct.

This does not yet move from string processing to query matching, nor do we yet try to completely decouple the permissions logic completely from everything else.

Note that did not and still does not have much test coverage, and it's haven't tested it very thoroughly.

@mjgarton
Move permissions handling into a QueryHook
461071f 
This moves permission handling into a new QueryHook implementation
called `PermissionsHook`

The `AuthManager` is now moved from `HandlerFactory` and
`DfSessionService` and is now held only inside the `PermissionsHook`
struct.

This does not yet move from string processing to query matching, nor do
we yet try to completely decouple the permissions logic completely from
everything else.
@mjgarton mjgarton mentioned this pull request Dec 2, 2025
Open
@sunng87
Copy link
Member

sunng87 commented Dec 3, 2025

@mjgarton This refactoring looks perfect to me. Let me know if you want to update those string matching to statement matching in this patch or next. For me, I think this is already good to merge.

The difficult part will be extracting table names from sql statement. I doubt if it's possible at SQL level. I can create a new patch to remove this table-level permission control from auth manager.

@mjgarton mjgarton merged commit c2d02d0 into datafusion-contrib:master Dec 3, 2025
7 checks passed
@mjgarton mjgarton deleted the move_permissions_into_hook branch December 3, 2025 08:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sunng87 sunng87 sunng87 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mjgarton @sunng87