pub fn enforce_column_access(
sql: &str,
schema: &DatasetSchema,
) -> Result<(), AppError>Expand description
Enforce a dataset’s column-level access filters on a raw-SQL statement.
The structured /query endpoint can tell a projection column from a
filter column, so it distinguishes the two filters precisely. Raw SQL
cannot be re-planned that cheaply, so the SQL endpoint applies a single
conservative rule: a column that is hidden from projection or blocked
from predicates may not be referenced at all, and SELECT * is
rejected whenever any column is hidden (it would otherwise expand to
include the hidden ones). A column reference that does not name a real
schema column (an alias, CTE column, or function) is ignored — only the
engine can resolve those.
schema is the referenced dataset’s schema. A no-op when the schema
carries no active filters. On a parse failure the statement is passed
through unchanged so the backend surfaces the real parse error.