57 LogicalTableScan parentNode = call.rel(0);
61 visitedMemo.add(parentNode.toString());
63 RelOptTable table = parentNode.getTable();
64 List<String> qname = table.getQualifiedName();
66 String query_database = null;
67 String query_table = null;
68 if (qname.size() == 2) {
69 query_database = qname.get(0);
70 query_table = qname.get(1);
72 if (query_database == null || query_database.isEmpty() || query_table == null
73 || query_table.isEmpty()) {
74 throw new RuntimeException(
75 "Restrictions: Expected qualified name as [database, table] but got: "
79 ArrayList<RexNode> orList =
new ArrayList<RexNode>();
80 RelBuilder builder = call.builder();
81 RexBuilder rBuilder = builder.getRexBuilder();
82 builder = builder.push(parentNode);
83 boolean found =
false;
86 String rest_database = restriction.getRestrictionDatabase();
87 if (rest_database != null && !rest_database.isEmpty()
88 && !rest_database.equals(query_database)) {
90 HEAVYDBLOGGER.debug(
"RLS row-level security restriction for database "
91 + rest_database +
" ignored because this query is on database "
97 String rest_table = restriction.getRestrictionTable();
98 if (rest_table != null && !rest_table.isEmpty()
99 && !rest_table.equals(query_table)) {
101 HEAVYDBLOGGER.debug(
"RLS row-level security restriction for table " + rest_table
102 +
" ignored because this query is on table " + query_table);
107 RelDataTypeField
field = table.getRowType().getField(
108 restriction.getRestrictionColumn(),
false,
false);
110 HEAVYDBLOGGER.debug(
"RLS row-level security restriction for column "
111 + restriction.getRestrictionColumn()
112 +
" ignored because column not present in query table " + query_table);
119 "Scan is " + parentNode.toString() +
" TABLE is " + table.toString());
120 HEAVYDBLOGGER.debug(
"Column " + restriction.getRestrictionColumn()
121 +
" exists in table " + table.getQualifiedName());
123 for (String val : restriction.getRestrictionValues()) {
124 HEAVYDBLOGGER.debug(
"Column is " + restriction.getRestrictionColumn()
125 +
" literal is '" + val +
"'");
127 if (SqlTypeName.NUMERIC_TYPES.indexOf(field.getType().getSqlTypeName()) == -1) {
128 if (val.length() < 2 || val.charAt(0) !=
'\''
129 || val.charAt(val.length() - 1) !=
'\'') {
130 throw new RuntimeException(
131 "Restrictions: Expected a CREATE POLICY VALUES string with single quotes.");
133 lit = rBuilder.makeLiteral(
134 val.substring(1, val.length() - 1), field.getType(),
false);
136 lit = rBuilder.makeLiteral(Integer.parseInt(val), field.getType(),
false);
138 RexNode rn = builder.call(SqlStdOperatorTable.EQUALS,
139 builder.field(restriction.getRestrictionColumn()),
146 RexNode relOr = builder.call(SqlStdOperatorTable.OR, orList);
147 final RelNode newNode = builder.filter(relOr).build();
148 call.transformTo(newNode);
const rapidjson::Value & field(const rapidjson::Value &obj, const char field[]) noexcept
static Set< String > visitedMemo
final List< Restriction > restrictions