[KYUUBI #5768][AUTHZ] Authz internal place holder should skip privile…

…ge check
apache · Nov 24, 2023 · 4a0cdaa · 4a0cdaa
1 parent 1e4d91e
commit 4a0cdaa
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/...i-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala b/...i-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
@@ -29,6 +29,7 @@ import org.apache.kyuubi.plugin.spark.authz.OperationType.OperationType
 import org.apache.kyuubi.plugin.spark.authz.PrivilegeObjectActionType._
 import org.apache.kyuubi.plugin.spark.authz.rule.Authorization._
 import org.apache.kyuubi.plugin.spark.authz.rule.permanentview.PermanentViewMarker
+import org.apache.kyuubi.plugin.spark.authz.rule.rowfilter._
 import org.apache.kyuubi.plugin.spark.authz.serde._
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
 import org.apache.kyuubi.util.reflect.ReflectUtils._
@@ -303,6 +304,14 @@ object PrivilegesBuilder {
     val inputObjs = new ArrayBuffer[PrivilegeObject]
     val outputObjs = new ArrayBuffer[PrivilegeObject]
     val opType = plan match {
+      case ObjectFilterPlaceHolder(child) if child.nodeName == "ShowTables" =>
+        OperationType.SHOWTABLES
+      case ObjectFilterPlaceHolder(child) if child.nodeName == "ShowNamespaces" =>
+        OperationType.SHOWTABLES
+      case _: FilteredShowTablesCommand => OperationType.SHOWTABLES
+      case _: FilteredShowFunctionsCommand => OperationType.SHOWFUNCTIONS
+      case _: FilteredShowColumnsCommand => OperationType.SHOWCOLUMNS
+
       // ExplainCommand run will execute the plan, should avoid check privilege for the plan.
       case _: ExplainCommand =>
         setExplainCommandExecutionId(spark)