[GitHub] [superset] betodealmeida edited a comment on pull request #19055: feat: helper functions for RLS

[GitBox <gi...@apache.org>]

betodealmeida edited a comment on pull request #19055:
URL: https://github.com/apache/superset/pull/19055#issuecomment-1064329958


   @suddjian I modified the logic to always include the RLS even if it's already present, since there are a few corner cases that are hard to identify. For example, if we have the RLS `user_id=1` and this query:
   
   ```sql
   SELECT * FROM table
   WHERE TRUE OR user_id=1
   ```
   
   Even though we already have the token `Comparison(user_id=1)` in the `WHERE` clause we still need to apply since in this case the comparison is a no-op. So we need to add it:
   
   ```sql
   SELECT * FROM table
   WHERE TRUE OR user_id=1 AND user_id=1
   ```
   
   More importantly, because of the precedence of `AND` over `OR`, we need to wrap the original predicate in parenthesis:
   
   ```sql
   SELECT * FROM table
   WHERE (TRUE OR user_id=1) AND user_id=1
   ```
   
   Without parenthesis the predicate evaluates to `TRUE OR (user_id=1 AND user_id=1)`, which bypasses the RLS!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org