[KYUUBI #5475][FOLLOWUP] Authz check permanent view's subquery should check view's correct privilege

[AngersZhuuuu]

Why are the changes needed?

To fix #5475

In issue #5417 we fixed the problem that AUTHZ will still check scalar-subquery/in-subquery in permanent will.
But we just ignore the check, the subquery still will run, in this PR, we record the permanent view's visited column to check the permanent view's privilege to avoid extra execution effort.

For the test [KYUUBI #5417] should not check scalar-subquery in permanent view I print all the plan that pass to privilege builder as below

before this pr

This two graph shows this pr deny the execution of subquery when we don't have the veiw's privilege

How was this patch tested?

• Add some test cases that check the changes thoroughly including negative and positive cases if possible

• Add screenshots for manual tests if appropriate

• Run test locally before make a pull request

Was this patch authored or co-authored using generative AI tooling?

[AngersZhuuuu]

ping @yaooqinn

[codecov-commenter]

Codecov Report

Merging #5476 (f7585a4) into master (03d6223) will not change coverage.
Report is 2 commits behind head on master.
The diff coverage is 0.00%.

❗ Current head f7585a4 differs from pull request most recent head e1f7920. Consider uploading reports for the commit e1f7920 to get more accurate results

@@          Coverage Diff           @@
##           master   #5476   +/-   ##
======================================
  Coverage    0.00%   0.00%           
======================================
  Files         588     588           
  Lines       33480   33479    -1     
  Branches     4405    4402    -3     
======================================
+ Misses      33480   33479    -1     

Files	Coverage Δ
.../kyuubi/plugin/spark/authz/PrivilegesBuilder.scala	0.00% <0.00%> (ø)
.../plugin/spark/authz/util/PermanentViewMarker.scala	0.00% <0.00%> (ø)
...rk/authz/ranger/RuleApplyPermanentViewMarker.scala	0.00% <0.00%> (ø)

... and 2 files with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[cxzl25]

Incomplete image link in PR description.

[AngersZhuuuu]

Incomplete image link in PR description.

Yea, changed

[AngersZhuuuu]

ping @yaooqinn @bowenliang123 could you table a look?

[AngersZhuuuu]

Any suggestion?

[yaooqinn]

Can we add some tests for it?

[AngersZhuuuu]

Can we add some tests for it?

Existing ut already verified this? Since we skip check the subquery expression's privilege check

[yaooqinn]

The existing UT seems insufficient as it only has one col.

Let's update the test at least with create view v1 as select id, name, max(age) as max_age from xxxx.... to test

[AngersZhuuuu]

The existing UT seems insufficient as it only has one col.

Let's update the test at least with create view v1 as select id, name, max(age) as max_age from xxxx.... to test

How about current?

[bowenliang123]

LGTM.

[yaooqinn]

nit: it's not resolvedSubquery but a view?

[yaooqinn]

Thanks, merged to master