From 53e44fff938d50ed3a5845c7edb386a8a95031f8 Mon Sep 17 00:00:00 2001
From: masterlittle <shitij.goyal@dunzo.in>
Date: Fri, 10 Mar 2023 11:59:06 +0530
Subject: [PATCH 01/11] Add models for pii data

---
 redash/models/__init__.py         | 92 ++++++++++++++++++++++++++-----
 redash/query_runner/big_query.py  | 27 +++++----
 redash/tasks/queries/execution.py |  3 +-
 3 files changed, 95 insertions(+), 27 deletions(-)

diff --git a/redash/models/__init__.py b/redash/models/__init__.py
index cfd081ae44..a45705d109 100644
--- a/redash/models/__init__.py
+++ b/redash/models/__init__.py
@@ -3,13 +3,16 @@
 import logging
 import time
 import numbers
+from typing import List
+
 import pytz
 
-from sqlalchemy import distinct, or_, and_, UniqueConstraint, cast
+from sqlalchemy import distinct, or_, and_, UniqueConstraint, ForeignKey
 from sqlalchemy.dialects import postgresql
+from sqlalchemy.dialects.postgresql import ARRAY
 from sqlalchemy.event import listens_for
 from sqlalchemy.ext.hybrid import hybrid_property
-from sqlalchemy.orm import backref, contains_eager, joinedload, subqueryload, load_only
+from sqlalchemy.orm import backref, contains_eager, joinedload, load_only
 from sqlalchemy.orm.exc import NoResultFound  # noqa: F401
 from sqlalchemy import func
 from sqlalchemy_utils import generic_relationship
@@ -27,9 +30,6 @@
     with_ssh_tunnel,
     get_configuration_schema_for_query_runner_type,
     get_query_runner,
-    TYPE_BOOLEAN,
-    TYPE_DATE,
-    TYPE_DATETIME,
     BaseQueryRunner)
 from redash.utils import (
     generate_token,
@@ -48,7 +48,6 @@
 from .organizations import Organization
 from .types import (
     EncryptedConfiguration,
-    Configuration,
     MutableDict,
     MutableList,
     PseudoJSON,
@@ -82,6 +81,69 @@ def get(self, query_id):
 scheduled_queries_executions = ScheduledQueriesExecutions()
 
 
+class PolicyTag(db.Model):
+    policy_id = Column(db.String(100))
+    policy_name = Column(db.String(50), primary_key=True)
+    created_at = Column(db.DateTime(True), server_default=func.now())
+    updated_at = Column(db.DateTime(True), server_default=func.now(), onupdate=func.now())
+
+
+class QueryIdPolicyTagMapping(db.Model):
+    query_id = Column(db.String(100), primary_key=True)
+    policy_name = Column(db.String(50), ForeignKey(PolicyTag.policy_name), primary_key=True)
+    created_at = Column(db.DateTime(True), server_default=func.now())
+    updated_at = Column(db.DateTime(True), server_default=func.now(), onupdate=func.now())
+
+    @classmethod
+    def get_by_query_id(cls, query_id: int):
+        return cls.policy_name \
+            .filter(cls.query_id == query_id) \
+            .all()
+
+    @classmethod
+    def update_table(cls, query_hash, values):
+        QueryIdPolicyTagMapping.query.filter(QueryIdPolicyTagMapping.query_id == query_hash).delete()
+        db.session.add_all(values)
+        db.session.commit()
+
+
+class UserGroupMemberList(db.Model):
+    user_emails = Column(ARRAY(db.String))
+    policy_name = Column(db.String(50), ForeignKey(PolicyTag.policy_name), primary_key=True)
+    created_at = Column(db.DateTime(True), server_default=func.now())
+    updated_at = Column(db.DateTime(True), server_default=func.now(), onupdate=func.now())
+
+    @classmethod
+    def get_by_policy_name(cls, policy_names: List[str], user_email: str):
+        return cls.policy_name \
+            .filter(cls.policy_name.in_(policy_names)) \
+            .filter(cls.user_emails.any(user_email)) \
+            .one()
+
+
+class TableColumnPolicyTagMapping(db.Model):
+    project_id = Column(db.String(50), primary_key=True)
+    dataset_id = Column(db.String(50), primary_key=True)
+    table_name = Column(db.String(100), primary_key=True)
+    policy_tag = Column(db.String(50), ForeignKey(PolicyTag.policy_name))
+    column_name = Column(db.String(50), primary_key=True)
+    created_at = Column(db.DateTime(True), server_default=func.now())
+    updated_at = Column(db.DateTime(True), server_default=func.now(), onupdate=func.now())
+
+    @classmethod
+    def get_policy_name(cls, project_name: str, dataset_id: str, table_name: str, column_name: str):
+        return cls.policy_tag \
+            .filter(cls.project_id == project_name) \
+            .filter(cls.dataset_id == dataset_id) \
+            .filter(cls.table_name == table_name) \
+            .filter(cls.column_name == column_name) \
+            .one()
+
+    @classmethod
+    def get_all(cls):
+        return db.session.query(TableColumnPolicyTagMapping)
+
+
 @generic_repr("id", "name", "type", "org_id", "created_at")
 class DataSource(BelongsToOrgMixin, db.Model):
     id = primary_key("DataSource")
@@ -625,10 +687,10 @@ def past_scheduled_queries(cls):
             query
             for query in queries
             if query.schedule["until"] is not None
-            and pytz.utc.localize(
+               and pytz.utc.localize(
                 datetime.datetime.strptime(query.schedule["until"], "%Y-%m-%d")
             )
-            <= now
+               <= now
         ]
 
     @classmethod
@@ -736,11 +798,11 @@ def recent(cls, group_ids, user_id=None, limit=20):
                 Event.action.in_(
                     ["edit", "execute", "edit_name", "edit_description", "view_source"]
                 ),
-                Event.object_id != None,
+                Event.object_id is not None,
                 Event.object_type == "query",
                 DataSourceGroup.group_id.in_(group_ids),
-                or_(Query.is_draft == False, Query.user_id == user_id),
-                Query.is_archived == False,
+                or_(Query.is_draft is False, Query.user_id == user_id),
+                Query.is_archived is False,
             )
             .group_by(Event.object_id, Query.id)
             .order_by(db.desc(db.func.count(0)))
@@ -1128,7 +1190,7 @@ def all(cls, org, group_ids, user_id):
                 DataSourceGroup, Query.data_source_id == DataSourceGroup.data_source_id
             )
             .filter(
-                Dashboard.is_archived == False,
+                Dashboard.is_archived is False,
                 (
                     DataSourceGroup.group_id.in_(group_ids)
                     | (Dashboard.user_id == user_id)
@@ -1138,7 +1200,7 @@ def all(cls, org, group_ids, user_id):
         )
 
         query = query.filter(
-            or_(Dashboard.user_id == user_id, Dashboard.is_draft == False)
+            or_(Dashboard.user_id == user_id, Dashboard.is_draft is False)
         )
 
         return query
@@ -1335,14 +1397,14 @@ class ApiKey(TimestampMixin, GFKBase, db.Model):
 
     @classmethod
     def get_by_api_key(cls, api_key):
-        return cls.query.filter(cls.api_key == api_key, cls.active == True).one()
+        return cls.query.filter(cls.api_key == api_key, cls.active is True).one()
 
     @classmethod
     def get_by_object(cls, object):
         return cls.query.filter(
             cls.object_type == object.__class__.__tablename__,
             cls.object_id == object.id,
-            cls.active == True,
+            cls.active is True,
         ).first()
 
     @classmethod
diff --git a/redash/query_runner/big_query.py b/redash/query_runner/big_query.py
index 3a3edf35c9..47d1f0e1a9 100644
--- a/redash/query_runner/big_query.py
+++ b/redash/query_runner/big_query.py
@@ -1,7 +1,6 @@
 import datetime
 import logging
 import os
-import sys
 import time
 from base64 import b64decode
 from collections import defaultdict
@@ -9,11 +8,11 @@
 from typing import Dict, List, Set, Tuple
 
 import httplib2
-import requests
 from cachetools import cached, TTLCache
 
 from redash import settings
-from redash.models import User
+from redash.models import UserGroupMemberList, TableColumnPolicyTagMapping, QueryIdPolicyTagMapping
+# from redash.models import User, TableColumnPolicyTagMapping, UserGroupMemberList
 from redash.query_runner import *
 from redash.settings import parse_boolean
 from redash.utils import json_dumps, json_loads
@@ -235,9 +234,9 @@ def _get_columns_used_in_query(self, query_plan):
 
     @cached(cache=TTLCache(maxsize=3000, ttl=600))
     def _get_policy_tags(self):
-        return {"table": ["c1", "c2"]}
+        return TableColumnPolicyTagMapping.get_all()
 
-    def _get_query_result(self, jobs, query):
+    def _get_query_result(self, jobs, query, user):
         project_id = self._get_project_id()
         job_data = self._get_job_data(query)
         insert_response = jobs.insert(projectId=project_id, body=job_data).execute()
@@ -258,7 +257,7 @@ def _get_query_result(self, jobs, query):
         table_column_map: Dict[str, Set[str]] = self._get_columns_used_in_query(
             job_stats["statistics"]["query"]["queryPlan"])
         get_policy_tag_mapping: Dict[str, List[Tuple[str, str]]] = self._get_policy_tags()
-
+        logger.debug(get_policy_tag_mapping)
         results = defaultdict(set)
         policy_tags_accessed = set()
         for table_name, column_list in table_column_map.items():
@@ -269,8 +268,16 @@ def _get_query_result(self, jobs, query):
                         policy_tags_accessed.add(tag)
         if policy_tags_accessed:
             # Check if user email has access
-            raise ValueError("PII")
-
+            access = UserGroupMemberList.get_by_policy_name(policy_names=list(policy_tags_accessed),
+                                                            user_email=user.email)
+            if len(access) != len(policy_tags_accessed):
+                missing_access = policy_tags_accessed - set(access)
+                raise Exception(f"User does not have permission to query {missing_access}")
+
+        query_hash = self.gen_query_hash(query)
+        query_policy_tags = [QueryIdPolicyTagMapping(query_id=query_hash, policy_tag=tag) for tag in
+                             policy_tags_accessed]
+        QueryIdPolicyTagMapping.update_table(query_hash, query_policy_tags)
         rows = []
 
         while ("rows" in query_reply) and current_row < int(query_reply["totalRows"]):
@@ -360,7 +367,7 @@ def get_schema(self, get_stats=False):
 
         return list(schema.values())
 
-    def run_query(self, query, user: User):
+    def run_query(self, query, user):
         logger.debug("BigQuery got query: %s", query)
 
         bigquery_service = self._get_bigquery_service()
@@ -379,7 +386,7 @@ def run_query(self, query, user: User):
                         % (limitMB, processedMB),
                     )
 
-            data = self._get_query_result(jobs, query)
+            data = self._get_query_result(jobs, query, user)
             error = None
 
             json_data = json_dumps(data, ignore_nan=True)
diff --git a/redash/tasks/queries/execution.py b/redash/tasks/queries/execution.py
index 2fe592801f..4b02e00d7c 100644
--- a/redash/tasks/queries/execution.py
+++ b/redash/tasks/queries/execution.py
@@ -12,7 +12,7 @@
 from redash.tasks.worker import Queue, Job
 from redash.tasks.alerts import check_alerts_for_query
 from redash.tasks.failure_report import track_failure
-from redash.utils import gen_query_hash, json_dumps, utcnow
+from redash.utils import gen_query_hash, utcnow
 from redash.worker import get_job_logger
 
 logger = get_job_logger(__name__)
@@ -183,7 +183,6 @@ def run(self):
 
         query_runner = self.data_source.query_runner
         annotated_query = self._annotate_query(query_runner)
-
         try:
             data, error = query_runner.run_query(annotated_query, self.user)
         except Exception as e:

From 55acd0cbf4f48cbf3d342aa365ce62fb3deaefde Mon Sep 17 00:00:00 2001
From: masterlittle <shitij.goyal@dunzo.in>
Date: Mon, 13 Mar 2023 19:26:33 +0530
Subject: [PATCH 02/11] Add policy tag checks and additional tables in redash
 db

---
 redash/handlers/query_results.py            | 18 ++++++
 redash/models/__init__.py                   | 23 +++----
 redash/query_runner/athena.py               |  4 +-
 redash/query_runner/big_query.py            | 66 ++++++++++++++-------
 redash/serializers/__init__.py              |  2 +-
 redash/utils/permission_denied_exception.py |  2 +
 tests/handlers/test_visualizations.py       |  4 +-
 tests/tasks/test_alerts.py                  |  6 +-
 8 files changed, 83 insertions(+), 42 deletions(-)
 create mode 100644 redash/utils/permission_denied_exception.py

diff --git a/redash/handlers/query_results.py b/redash/handlers/query_results.py
index cb8b8d14f2..d8f5514d36 100644
--- a/redash/handlers/query_results.py
+++ b/redash/handlers/query_results.py
@@ -2,12 +2,15 @@
 import time
 
 import unicodedata
+from typing import List
+
 from flask import make_response, request
 from flask_login import current_user
 from flask_restful import abort
 from werkzeug.urls import url_quote
 from redash import models, settings
 from redash.handlers.base import BaseResource, get_object_or_404, record_event
+from redash.models import UserGroupMemberList
 from redash.permissions import (
     has_access,
     not_view_only,
@@ -36,6 +39,7 @@
     serialize_query_result_to_xlsx,
     serialize_job,
 )
+from redash.utils.permission_denied_exception import PermissionDeniedException
 
 
 def error_response(message, http_status=400):
@@ -319,6 +323,18 @@ def post(self, query_id):
             else:
                 return error_messages["no_permission"]
 
+    def check_for_policy_tag_permissions(self, query_hash: str):
+        query_policy_tags: List[str] = get_object_or_404(models.QueryIdPolicyTagMapping.get_by_query_id,
+                                                         query_hash
+                                                         )
+        if query_policy_tags:
+            access: List[str] = UserGroupMemberList.get_by_policy_name(policy_names=list(query_policy_tags),
+                                                                       user_email=self.current_user.email)
+            if len(access) != len(query_policy_tags):
+                missing_access_policy_tags = set(query_policy_tags) - set(access)
+                abort(400,
+                      message=f"User {self.current_user.email} does not have permission to query {missing_access_policy_tags}")
+
     @require_any_of_permission(("view_query", "execute_query"))
     def get(self, query_id=None, query_result_id=None, filetype="json"):
         """
@@ -349,11 +365,13 @@ def get(self, query_id=None, query_result_id=None, filetype="json"):
             query_result = get_object_or_404(
                 models.QueryResult.get_by_id_and_org, query_result_id, self.current_org
             )
+            self.check_for_policy_tag_permissions(query_result.query_hash)
 
         if query_id is not None:
             query = get_object_or_404(
                 models.Query.get_by_id_and_org, query_id, self.current_org
             )
+            self.check_for_policy_tag_permissions(query.query_hash)
 
             if (
                 query_result is None
diff --git a/redash/models/__init__.py b/redash/models/__init__.py
index a45705d109..d2eb65ac07 100644
--- a/redash/models/__init__.py
+++ b/redash/models/__init__.py
@@ -89,20 +89,21 @@ class PolicyTag(db.Model):
 
 
 class QueryIdPolicyTagMapping(db.Model):
-    query_id = Column(db.String(100), primary_key=True)
+    query_hash = Column(db.String(100), primary_key=True)
     policy_name = Column(db.String(50), ForeignKey(PolicyTag.policy_name), primary_key=True)
-    created_at = Column(db.DateTime(True), server_default=func.now())
+    created_at = Column(db.DateTime(True), server_default=func.now(), index=True)
     updated_at = Column(db.DateTime(True), server_default=func.now(), onupdate=func.now())
 
     @classmethod
-    def get_by_query_id(cls, query_id: int):
-        return cls.policy_name \
-            .filter(cls.query_id == query_id) \
+    def get_by_query_id(cls, query_id: str):
+        return db.session.query(QueryIdPolicyTagMapping.policy_name) \
+            .filter(QueryIdPolicyTagMapping.query_hash == query_id)\
+            .distinct()\
             .all()
 
     @classmethod
     def update_table(cls, query_hash, values):
-        QueryIdPolicyTagMapping.query.filter(QueryIdPolicyTagMapping.query_id == query_hash).delete()
+        QueryIdPolicyTagMapping.query.filter(QueryIdPolicyTagMapping.query_hash == query_hash).delete()
         db.session.add_all(values)
         db.session.commit()
 
@@ -115,10 +116,10 @@ class UserGroupMemberList(db.Model):
 
     @classmethod
     def get_by_policy_name(cls, policy_names: List[str], user_email: str):
-        return cls.policy_name \
-            .filter(cls.policy_name.in_(policy_names)) \
-            .filter(cls.user_emails.any(user_email)) \
-            .one()
+        return db.session.query(UserGroupMemberList.policy_name) \
+            .filter(UserGroupMemberList.policy_name.in_(policy_names)) \
+            .filter(UserGroupMemberList.user_emails.any(user_email)) \
+            .all()
 
 
 class TableColumnPolicyTagMapping(db.Model):
@@ -141,7 +142,7 @@ def get_policy_name(cls, project_name: str, dataset_id: str, table_name: str, co
 
     @classmethod
     def get_all(cls):
-        return db.session.query(TableColumnPolicyTagMapping)
+        return db.session.query(TableColumnPolicyTagMapping).all()
 
 
 @generic_repr("id", "name", "type", "org_id", "created_at")
diff --git a/redash/query_runner/athena.py b/redash/query_runner/athena.py
index 2fbd962490..321080766e 100644
--- a/redash/query_runner/athena.py
+++ b/redash/query_runner/athena.py
@@ -245,7 +245,7 @@ def run_query(self, query, user):
             except AttributeError as e:
                 logger.debug("Athena Upstream can't get data_scanned_in_bytes: %s", e)
             try:
-                athena_query_id = cursor.query_id
+                athena_query_id = cursor.query_hash
             except AttributeError as e:
                 logger.debug("Athena Upstream can't get query_id: %s", e)
 
@@ -263,7 +263,7 @@ def run_query(self, query, user):
             json_data = json_dumps(data, ignore_nan=True)
             error = None
         except Exception:
-            if cursor.query_id:
+            if cursor.query_hash:
                 cursor.cancel()
             raise
 
diff --git a/redash/query_runner/big_query.py b/redash/query_runner/big_query.py
index 47d1f0e1a9..388772ba65 100644
--- a/redash/query_runner/big_query.py
+++ b/redash/query_runner/big_query.py
@@ -16,6 +16,7 @@
 from redash.query_runner import *
 from redash.settings import parse_boolean
 from redash.utils import json_dumps, json_loads
+from redash.utils.permission_denied_exception import PermissionDeniedException
 
 logger = logging.getLogger(__name__)
 
@@ -233,8 +234,13 @@ def _get_columns_used_in_query(self, query_plan):
         return results
 
     @cached(cache=TTLCache(maxsize=3000, ttl=600))
-    def _get_policy_tags(self):
-        return TableColumnPolicyTagMapping.get_all()
+    def _get_policy_tags(self) -> Dict[str, List[Tuple[str, str]]]:
+        all_policy_tag_mappings: List[TableColumnPolicyTagMapping] = TableColumnPolicyTagMapping.get_all()
+        grouped_map = defaultdict(list)
+        for policy_tags in all_policy_tag_mappings:
+            policy_tag_table_name = f"{policy_tags.project_id}.{policy_tags.dataset_id}.{policy_tags.table_name}"
+            grouped_map[policy_tag_table_name].append((policy_tags.column_name, policy_tags.policy_tag))
+        return grouped_map
 
     def _get_query_result(self, jobs, query, user):
         project_id = self._get_project_id()
@@ -256,28 +262,13 @@ def _get_query_result(self, jobs, query, user):
             **{"projectId": project_id, "jobId": self.current_job_id, "location": self._get_location()}).execute()
         table_column_map: Dict[str, Set[str]] = self._get_columns_used_in_query(
             job_stats["statistics"]["query"]["queryPlan"])
-        get_policy_tag_mapping: Dict[str, List[Tuple[str, str]]] = self._get_policy_tags()
-        logger.debug(get_policy_tag_mapping)
-        results = defaultdict(set)
-        policy_tags_accessed = set()
-        for table_name, column_list in table_column_map.items():
-            if table_name in get_policy_tag_mapping:
-                for column, tag in get_policy_tag_mapping[table_name]:
-                    if column in column_list:
-                        results[table_name].add(column)
-                        policy_tags_accessed.add(tag)
-        if policy_tags_accessed:
-            # Check if user email has access
-            access = UserGroupMemberList.get_by_policy_name(policy_names=list(policy_tags_accessed),
-                                                            user_email=user.email)
-            if len(access) != len(policy_tags_accessed):
-                missing_access = policy_tags_accessed - set(access)
-                raise Exception(f"User does not have permission to query {missing_access}")
+        get_policy_tag_mapping: Dict[str, Tuple[str, str]] = self._get_policy_tags()
+        policy_tags_accessed = self.get_policy_tags_in_query(get_policy_tag_mapping, table_column_map)
+
+        self.update_query_policy_tags(policy_tags_accessed, query)
+
+        self._check_for_policy_tags_in_query(policy_tags_accessed, user)
 
-        query_hash = self.gen_query_hash(query)
-        query_policy_tags = [QueryIdPolicyTagMapping(query_id=query_hash, policy_tag=tag) for tag in
-                             policy_tags_accessed]
-        QueryIdPolicyTagMapping.update_table(query_hash, query_policy_tags)
         rows = []
 
         while ("rows" in query_reply) and current_row < int(query_reply["totalRows"]):
@@ -320,6 +311,35 @@ def _get_query_result(self, jobs, query, user):
 
         return data
 
+    def _check_for_policy_tags_in_query(self, policy_tags_accessed, user):
+        if policy_tags_accessed:
+            # Check if user email has access
+            access: List[str] = UserGroupMemberList.get_by_policy_name(policy_names=list(policy_tags_accessed.keys()),
+                                                                       user_email=user.email)
+            if len(access) != len(policy_tags_accessed):
+                missing_access_policy_tags = set(policy_tags_accessed.keys()) - set(access)
+                filtered_results: dict = {k: v for k, v in policy_tags_accessed.items() if
+                                          k in missing_access_policy_tags}
+                f = [f"Policy tag- {k}, Columns accessed- {v}" for k, v in filtered_results.items()]
+
+                raise PermissionDeniedException(
+                    "User does not have permission to query columns. \n{} ".format('\n'.join(f)))
+
+    def update_query_policy_tags(self, policy_tags_accessed, query):
+        query_hash = self.gen_query_hash(query)
+        query_policy_tags = [QueryIdPolicyTagMapping(query_id=query_hash, policy_name=tag) for tag in
+                             policy_tags_accessed.keys()]
+        QueryIdPolicyTagMapping.update_table(query_hash, query_policy_tags)
+
+    def get_policy_tags_in_query(self, get_policy_tag_mapping, table_column_map):
+        policy_tags_accessed = defaultdict(set)
+        for table_name, column_list in table_column_map.items():
+            if table_name in get_policy_tag_mapping.keys():
+                for column, tag in get_policy_tag_mapping[table_name]:
+                    if column in column_list:
+                        policy_tags_accessed[tag].add((table_name, column))
+        return policy_tags_accessed
+
     def _get_project_datasets(self, project_id):
         result = []
         service = self._get_bigquery_service()
diff --git a/redash/serializers/__init__.py b/redash/serializers/__init__.py
index 6105364c49..19a30e19b4 100644
--- a/redash/serializers/__init__.py
+++ b/redash/serializers/__init__.py
@@ -209,7 +209,7 @@ def serialize_alert(alert, full=True):
         d["query"] = serialize_query(alert.query_rel)
         d["user"] = alert.user.to_dict()
     else:
-        d["query_id"] = alert.query_id
+        d["query_id"] = alert.query_hash
         d["user_id"] = alert.user_id
 
     return d
diff --git a/redash/utils/permission_denied_exception.py b/redash/utils/permission_denied_exception.py
new file mode 100644
index 0000000000..e51660f678
--- /dev/null
+++ b/redash/utils/permission_denied_exception.py
@@ -0,0 +1,2 @@
+class PermissionDeniedException(Exception):
+    pass
diff --git a/tests/handlers/test_visualizations.py b/tests/handlers/test_visualizations.py
index 42a5b61668..bf5d6d5097 100644
--- a/tests/handlers/test_visualizations.py
+++ b/tests/handlers/test_visualizations.py
@@ -105,7 +105,7 @@ def test_only_owner_collaborator_or_admin_can_edit_visualization(self):
 
         self.make_request(
             "post",
-            "/api/queries/{}/acl".format(vis.query_id),
+            "/api/queries/{}/acl".format(vis.query_hash),
             data={"access_type": "modify", "user_id": other_user.id},
         )
         rv = self.make_request("post", path, user=other_user, data=data)
@@ -139,7 +139,7 @@ def test_only_owner_collaborator_or_admin_can_delete_visualization(self):
 
         self.make_request(
             "post",
-            "/api/queries/{}/acl".format(vis.query_id),
+            "/api/queries/{}/acl".format(vis.query_hash),
             data={"access_type": "modify", "user_id": other_user.id},
         )
 
diff --git a/tests/tasks/test_alerts.py b/tests/tasks/test_alerts.py
index 305e782436..49c3fd8234 100644
--- a/tests/tasks/test_alerts.py
+++ b/tests/tasks/test_alerts.py
@@ -16,7 +16,7 @@ def test_notifies_subscribers_when_should(self):
         Alert.evaluate = MagicMock(return_value=Alert.TRIGGERED_STATE)
 
         alert = self.factory.create_alert()
-        check_alerts_for_query(alert.query_id)
+        check_alerts_for_query(alert.query_hash)
 
         self.assertTrue(redash.tasks.alerts.notify_subscriptions.called)
 
@@ -25,7 +25,7 @@ def test_doesnt_notify_when_nothing_changed(self):
         Alert.evaluate = MagicMock(return_value=Alert.OK_STATE)
 
         alert = self.factory.create_alert()
-        check_alerts_for_query(alert.query_id)
+        check_alerts_for_query(alert.query_hash)
 
         self.assertFalse(redash.tasks.alerts.notify_subscriptions.called)
 
@@ -34,7 +34,7 @@ def test_doesnt_notify_when_muted(self):
         Alert.evaluate = MagicMock(return_value=Alert.TRIGGERED_STATE)
 
         alert = self.factory.create_alert(options={"muted": True})
-        check_alerts_for_query(alert.query_id)
+        check_alerts_for_query(alert.query_hash)
 
         self.assertFalse(redash.tasks.alerts.notify_subscriptions.called)
 

From a4ab72f5025e740325133a53db71a6623c857627 Mon Sep 17 00:00:00 2001
From: masterlittle <shitij.goyal@dunzo.in>
Date: Wed, 15 Mar 2023 14:30:21 +0530
Subject: [PATCH 03/11] Fix user permissions

---
 redash/models/__init__.py        |  1 -
 redash/query_runner/big_query.py | 14 ++++++++------
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/redash/models/__init__.py b/redash/models/__init__.py
index d2eb65ac07..ba7d502792 100644
--- a/redash/models/__init__.py
+++ b/redash/models/__init__.py
@@ -82,7 +82,6 @@ def get(self, query_id):
 
 
 class PolicyTag(db.Model):
-    policy_id = Column(db.String(100))
     policy_name = Column(db.String(50), primary_key=True)
     created_at = Column(db.DateTime(True), server_default=func.now())
     updated_at = Column(db.DateTime(True), server_default=func.now(), onupdate=func.now())
diff --git a/redash/query_runner/big_query.py b/redash/query_runner/big_query.py
index 388772ba65..c85b1ff17e 100644
--- a/redash/query_runner/big_query.py
+++ b/redash/query_runner/big_query.py
@@ -265,7 +265,7 @@ def _get_query_result(self, jobs, query, user):
         get_policy_tag_mapping: Dict[str, Tuple[str, str]] = self._get_policy_tags()
         policy_tags_accessed = self.get_policy_tags_in_query(get_policy_tag_mapping, table_column_map)
 
-        self.update_query_policy_tags(policy_tags_accessed, query)
+        self._update_query_policy_tags(policy_tags_accessed, query)
 
         self._check_for_policy_tags_in_query(policy_tags_accessed, user)
 
@@ -314,10 +314,11 @@ def _get_query_result(self, jobs, query, user):
     def _check_for_policy_tags_in_query(self, policy_tags_accessed, user):
         if policy_tags_accessed:
             # Check if user email has access
-            access: List[str] = UserGroupMemberList.get_by_policy_name(policy_names=list(policy_tags_accessed.keys()),
+            access_results: List[Tuple[str]] = UserGroupMemberList.get_by_policy_name(policy_names=list(policy_tags_accessed.keys()),
                                                                        user_email=user.email)
+            access = {a[0] for a in access_results}
             if len(access) != len(policy_tags_accessed):
-                missing_access_policy_tags = set(policy_tags_accessed.keys()) - set(access)
+                missing_access_policy_tags = set(policy_tags_accessed.keys()) - access
                 filtered_results: dict = {k: v for k, v in policy_tags_accessed.items() if
                                           k in missing_access_policy_tags}
                 f = [f"Policy tag- {k}, Columns accessed- {v}" for k, v in filtered_results.items()]
@@ -325,9 +326,9 @@ def _check_for_policy_tags_in_query(self, policy_tags_accessed, user):
                 raise PermissionDeniedException(
                     "User does not have permission to query columns. \n{} ".format('\n'.join(f)))
 
-    def update_query_policy_tags(self, policy_tags_accessed, query):
+    def _update_query_policy_tags(self, policy_tags_accessed, query):
         query_hash = self.gen_query_hash(query)
-        query_policy_tags = [QueryIdPolicyTagMapping(query_id=query_hash, policy_name=tag) for tag in
+        query_policy_tags = [QueryIdPolicyTagMapping(query_hash=query_hash, policy_name=tag) for tag in
                              policy_tags_accessed.keys()]
         QueryIdPolicyTagMapping.update_table(query_hash, query_policy_tags)
 
@@ -372,8 +373,9 @@ def get_schema(self, get_stats=False):
             dataset_id = dataset["datasetReference"]["datasetId"]
             query = query_base.format(schema_project_id=schema_project_id, dataset_id=dataset_id)
             queries.append(query)
-
+        logger.debug(datasets)
         query = '\nUNION ALL\n'.join(queries)
+        logger.debug(queries)
         results, error = self.run_query(query, None)
         if error is not None:
             self._handle_run_query_error(error)

From 0fa0bf40ed5295afdc53957f058ff741758b6ea6 Mon Sep 17 00:00:00 2001
From: masterlittle <shitij.goyal@dunzo.in>
Date: Thu, 16 Mar 2023 12:07:31 +0530
Subject: [PATCH 04/11] Fix query_id change

---
 .github/create_image.yml              | 43 +++++++++++++++++++++++++++
 Dockerfile                            |  1 +
 redash/query_runner/athena.py         |  4 +--
 redash/serializers/__init__.py        |  2 +-
 tests/handlers/test_visualizations.py |  4 +--
 tests/tasks/test_alerts.py            |  6 ++--
 6 files changed, 52 insertions(+), 8 deletions(-)
 create mode 100644 .github/create_image.yml

diff --git a/.github/create_image.yml b/.github/create_image.yml
new file mode 100644
index 0000000000..0adc442e21
--- /dev/null
+++ b/.github/create_image.yml
@@ -0,0 +1,43 @@
+name: Build custom redash image
+
+on:
+  push:
+    tags:
+      - '*'
+
+jobs:
+  deploy:
+    permissions:
+      contents: 'read'
+      id-token: 'write'
+    environment:
+      name: Prod
+      url: "app.{{ vars.BASE_DOMAIN }}"
+    runs-on: ubuntu-latest
+    env:
+      IMAGE_NAME: asia-south1-python.pkg.dev/prod-data-platform/redash
+
+    steps:
+      - uses: actions/checkout@v3
+      - id: 'auth'
+        name: 'Authenticate to Google Cloud'
+        uses: 'google-github-actions/auth@v1'
+        with:
+          workload_identity_provider: 'projects/1027534050611/locations/global/workloadIdentityPools/github-pool/providers/github'
+          service_account: 'prod-data-eng-deployment@prod-data-platform.iam.gserviceaccount.com'
+          token_format: 'access_token'
+
+      - uses: olegtarasov/get-tag@v2.1
+        id: tag_name
+
+      - # Add support for more platforms with QEMU (optional)
+        # https://github.com/docker/setup-qemu-action
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+        platforms: linux/amd64,linux/arm64
+
+      - name: Build & push custom image
+        run: DOCKER_BUILDKIT=1 docker buildx build -t ${{ vars.IMAGE_NAME }}:${{ steps.tag_name.outputs.tag }} . --push
diff --git a/Dockerfile b/Dockerfile
index 5a80b67990..c361316e76 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1.3
 FROM node:14.17 as frontend-builder
 
 RUN npm install --global --force yarn@1.22.10
diff --git a/redash/query_runner/athena.py b/redash/query_runner/athena.py
index 321080766e..2fbd962490 100644
--- a/redash/query_runner/athena.py
+++ b/redash/query_runner/athena.py
@@ -245,7 +245,7 @@ def run_query(self, query, user):
             except AttributeError as e:
                 logger.debug("Athena Upstream can't get data_scanned_in_bytes: %s", e)
             try:
-                athena_query_id = cursor.query_hash
+                athena_query_id = cursor.query_id
             except AttributeError as e:
                 logger.debug("Athena Upstream can't get query_id: %s", e)
 
@@ -263,7 +263,7 @@ def run_query(self, query, user):
             json_data = json_dumps(data, ignore_nan=True)
             error = None
         except Exception:
-            if cursor.query_hash:
+            if cursor.query_id:
                 cursor.cancel()
             raise
 
diff --git a/redash/serializers/__init__.py b/redash/serializers/__init__.py
index 19a30e19b4..6105364c49 100644
--- a/redash/serializers/__init__.py
+++ b/redash/serializers/__init__.py
@@ -209,7 +209,7 @@ def serialize_alert(alert, full=True):
         d["query"] = serialize_query(alert.query_rel)
         d["user"] = alert.user.to_dict()
     else:
-        d["query_id"] = alert.query_hash
+        d["query_id"] = alert.query_id
         d["user_id"] = alert.user_id
 
     return d
diff --git a/tests/handlers/test_visualizations.py b/tests/handlers/test_visualizations.py
index bf5d6d5097..42a5b61668 100644
--- a/tests/handlers/test_visualizations.py
+++ b/tests/handlers/test_visualizations.py
@@ -105,7 +105,7 @@ def test_only_owner_collaborator_or_admin_can_edit_visualization(self):
 
         self.make_request(
             "post",
-            "/api/queries/{}/acl".format(vis.query_hash),
+            "/api/queries/{}/acl".format(vis.query_id),
             data={"access_type": "modify", "user_id": other_user.id},
         )
         rv = self.make_request("post", path, user=other_user, data=data)
@@ -139,7 +139,7 @@ def test_only_owner_collaborator_or_admin_can_delete_visualization(self):
 
         self.make_request(
             "post",
-            "/api/queries/{}/acl".format(vis.query_hash),
+            "/api/queries/{}/acl".format(vis.query_id),
             data={"access_type": "modify", "user_id": other_user.id},
         )
 
diff --git a/tests/tasks/test_alerts.py b/tests/tasks/test_alerts.py
index 49c3fd8234..305e782436 100644
--- a/tests/tasks/test_alerts.py
+++ b/tests/tasks/test_alerts.py
@@ -16,7 +16,7 @@ def test_notifies_subscribers_when_should(self):
         Alert.evaluate = MagicMock(return_value=Alert.TRIGGERED_STATE)
 
         alert = self.factory.create_alert()
-        check_alerts_for_query(alert.query_hash)
+        check_alerts_for_query(alert.query_id)
 
         self.assertTrue(redash.tasks.alerts.notify_subscriptions.called)
 
@@ -25,7 +25,7 @@ def test_doesnt_notify_when_nothing_changed(self):
         Alert.evaluate = MagicMock(return_value=Alert.OK_STATE)
 
         alert = self.factory.create_alert()
-        check_alerts_for_query(alert.query_hash)
+        check_alerts_for_query(alert.query_id)
 
         self.assertFalse(redash.tasks.alerts.notify_subscriptions.called)
 
@@ -34,7 +34,7 @@ def test_doesnt_notify_when_muted(self):
         Alert.evaluate = MagicMock(return_value=Alert.TRIGGERED_STATE)
 
         alert = self.factory.create_alert(options={"muted": True})
-        check_alerts_for_query(alert.query_hash)
+        check_alerts_for_query(alert.query_id)
 
         self.assertFalse(redash.tasks.alerts.notify_subscriptions.called)
 

From 777bab6775adbe17574f44e2187bd1ebb8efd603 Mon Sep 17 00:00:00 2001
From: masterlittle <shitij.goyal@dunzo.in>
Date: Thu, 16 Mar 2023 13:55:35 +0530
Subject: [PATCH 05/11] Add DDL statement file

---
 redash/models/privacy_models.sql | 109 +++++++++++++++++++++++++++++++
 1 file changed, 109 insertions(+)
 create mode 100644 redash/models/privacy_models.sql

diff --git a/redash/models/privacy_models.sql b/redash/models/privacy_models.sql
new file mode 100644
index 0000000000..e1faab1d82
--- /dev/null
+++ b/redash/models/privacy_models.sql
@@ -0,0 +1,109 @@
+
+--
+-- Name: policy_tag; Type: TABLE; Schema: public; Owner: postgres
+--
+
+CREATE TABLE public.policy_tag (
+    policy_name character varying(50) NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL
+);
+
+--
+-- Name: policy_tag policy_tag_pkey; Type: CONSTRAINT; Schema: public; Owner: postgres
+--
+
+ALTER TABLE ONLY public.policy_tag
+    ADD CONSTRAINT policy_tag_pkey PRIMARY KEY (policy_name);
+
+--
+-- Name: query_id_policy_tag_mapping; Type: TABLE; Schema: public; Owner: postgres
+--
+
+CREATE TABLE public.query_id_policy_tag_mapping (
+    query_hash character varying(100) NOT NULL,
+    policy_name character varying(50) NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL
+);
+
+--
+-- Name: query_id_policy_tag_mapping query_id_policy_tag_mapping_pkey; Type: CONSTRAINT; Schema: public; Owner: postgres
+--
+
+ALTER TABLE ONLY public.query_id_policy_tag_mapping
+    ADD CONSTRAINT query_id_policy_tag_mapping_pkey PRIMARY KEY (query_hash, policy_name);
+
+
+--
+-- Name: ix_query_id_policy_tag_mapping_created_at; Type: INDEX; Schema: public; Owner: postgres
+--
+
+CREATE INDEX ix_query_id_policy_tag_mapping_created_at ON public.query_id_policy_tag_mapping USING btree (created_at);
+
+
+--
+-- Name: query_id_policy_tag_mapping query_id_policy_tag_mapping_policy_name_fkey; Type: FK CONSTRAINT; Schema: public; Owner: postgres
+--
+
+ALTER TABLE ONLY public.query_id_policy_tag_mapping
+    ADD CONSTRAINT query_id_policy_tag_mapping_policy_name_fkey FOREIGN KEY (policy_name) REFERENCES public.policy_tag(policy_name);
+
+
+--
+-- Name: table_column_policy_tag_mapping; Type: TABLE; Schema: public; Owner: postgres
+--
+
+CREATE TABLE public.table_column_policy_tag_mapping (
+    project_id character varying(50) NOT NULL,
+    dataset_id character varying(50) NOT NULL,
+    table_name character varying(100) NOT NULL,
+    policy_tag character varying(50) NOT NULL,
+    column_name character varying(50) NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL
+);
+
+--
+-- Name: table_column_policy_tag_mapping table_column_policy_tag_mapping_pkey; Type: CONSTRAINT; Schema: public; Owner: postgres
+--
+
+ALTER TABLE ONLY public.table_column_policy_tag_mapping
+    ADD CONSTRAINT table_column_policy_tag_mapping_pkey PRIMARY KEY (project_id, dataset_id, table_name, column_name);
+
+
+--
+-- Name: table_column_policy_tag_mapping table_column_policy_tag_mapping_policy_tag_fkey; Type: FK CONSTRAINT; Schema: public; Owner: postgres
+--
+
+ALTER TABLE ONLY public.table_column_policy_tag_mapping
+    ADD CONSTRAINT table_column_policy_tag_mapping_policy_tag_fkey FOREIGN KEY (policy_tag) REFERENCES public.policy_tag(policy_name);
+
+
+--
+-- Name: user_group_member_list; Type: TABLE; Schema: public; Owner: postgres
+--
+
+CREATE TABLE public.user_group_member_list (
+    user_emails character varying[] NOT NULL,
+    policy_name character varying(50) NOT NULL,
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    updated_at timestamp with time zone DEFAULT now() NOT NULL
+);
+
+
+--
+-- Name: user_group_member_list user_group_member_list_pkey; Type: CONSTRAINT; Schema: public; Owner: postgres
+--
+
+ALTER TABLE ONLY public.user_group_member_list
+    ADD CONSTRAINT user_group_member_list_pkey PRIMARY KEY (policy_name);
+
+
+--
+-- Name: user_group_member_list user_group_member_list_policy_name_fkey; Type: FK CONSTRAINT; Schema: public; Owner: postgres
+--
+
+ALTER TABLE ONLY public.user_group_member_list
+    ADD CONSTRAINT user_group_member_list_policy_name_fkey FOREIGN KEY (policy_name) REFERENCES public.policy_tag(policy_name);
+

From 0c1ccaf15556e9aeae6b3259cd3090aef4495b7b Mon Sep 17 00:00:00 2001
From: masterlittle <shitij.goyal@dunzo.in>
Date: Mon, 20 Mar 2023 15:08:49 +0530
Subject: [PATCH 06/11] Remove foreign key constraints from privacy tables

---
 redash/models/__init__.py        |  6 +++---
 redash/models/privacy_models.sql | 24 ------------------------
 2 files changed, 3 insertions(+), 27 deletions(-)

diff --git a/redash/models/__init__.py b/redash/models/__init__.py
index ba7d502792..7fc8238376 100644
--- a/redash/models/__init__.py
+++ b/redash/models/__init__.py
@@ -89,7 +89,7 @@ class PolicyTag(db.Model):
 
 class QueryIdPolicyTagMapping(db.Model):
     query_hash = Column(db.String(100), primary_key=True)
-    policy_name = Column(db.String(50), ForeignKey(PolicyTag.policy_name), primary_key=True)
+    policy_name = Column(db.String(50), primary_key=True)
     created_at = Column(db.DateTime(True), server_default=func.now(), index=True)
     updated_at = Column(db.DateTime(True), server_default=func.now(), onupdate=func.now())
 
@@ -109,7 +109,7 @@ def update_table(cls, query_hash, values):
 
 class UserGroupMemberList(db.Model):
     user_emails = Column(ARRAY(db.String))
-    policy_name = Column(db.String(50), ForeignKey(PolicyTag.policy_name), primary_key=True)
+    policy_name = Column(db.String(50), primary_key=True)
     created_at = Column(db.DateTime(True), server_default=func.now())
     updated_at = Column(db.DateTime(True), server_default=func.now(), onupdate=func.now())
 
@@ -125,7 +125,7 @@ class TableColumnPolicyTagMapping(db.Model):
     project_id = Column(db.String(50), primary_key=True)
     dataset_id = Column(db.String(50), primary_key=True)
     table_name = Column(db.String(100), primary_key=True)
-    policy_tag = Column(db.String(50), ForeignKey(PolicyTag.policy_name))
+    policy_tag = Column(db.String(50))
     column_name = Column(db.String(50), primary_key=True)
     created_at = Column(db.DateTime(True), server_default=func.now())
     updated_at = Column(db.DateTime(True), server_default=func.now(), onupdate=func.now())
diff --git a/redash/models/privacy_models.sql b/redash/models/privacy_models.sql
index e1faab1d82..389b9ee678 100644
--- a/redash/models/privacy_models.sql
+++ b/redash/models/privacy_models.sql
@@ -42,14 +42,6 @@ ALTER TABLE ONLY public.query_id_policy_tag_mapping
 CREATE INDEX ix_query_id_policy_tag_mapping_created_at ON public.query_id_policy_tag_mapping USING btree (created_at);
 
 
---
--- Name: query_id_policy_tag_mapping query_id_policy_tag_mapping_policy_name_fkey; Type: FK CONSTRAINT; Schema: public; Owner: postgres
---
-
-ALTER TABLE ONLY public.query_id_policy_tag_mapping
-    ADD CONSTRAINT query_id_policy_tag_mapping_policy_name_fkey FOREIGN KEY (policy_name) REFERENCES public.policy_tag(policy_name);
-
-
 --
 -- Name: table_column_policy_tag_mapping; Type: TABLE; Schema: public; Owner: postgres
 --
@@ -72,13 +64,6 @@ ALTER TABLE ONLY public.table_column_policy_tag_mapping
     ADD CONSTRAINT table_column_policy_tag_mapping_pkey PRIMARY KEY (project_id, dataset_id, table_name, column_name);
 
 
---
--- Name: table_column_policy_tag_mapping table_column_policy_tag_mapping_policy_tag_fkey; Type: FK CONSTRAINT; Schema: public; Owner: postgres
---
-
-ALTER TABLE ONLY public.table_column_policy_tag_mapping
-    ADD CONSTRAINT table_column_policy_tag_mapping_policy_tag_fkey FOREIGN KEY (policy_tag) REFERENCES public.policy_tag(policy_name);
-
 
 --
 -- Name: user_group_member_list; Type: TABLE; Schema: public; Owner: postgres
@@ -98,12 +83,3 @@ CREATE TABLE public.user_group_member_list (
 
 ALTER TABLE ONLY public.user_group_member_list
     ADD CONSTRAINT user_group_member_list_pkey PRIMARY KEY (policy_name);
-
-
---
--- Name: user_group_member_list user_group_member_list_policy_name_fkey; Type: FK CONSTRAINT; Schema: public; Owner: postgres
---
-
-ALTER TABLE ONLY public.user_group_member_list
-    ADD CONSTRAINT user_group_member_list_policy_name_fkey FOREIGN KEY (policy_name) REFERENCES public.policy_tag(policy_name);
-

From b7300a2e70963bf45ba567248484101390babdfd Mon Sep 17 00:00:00 2001
From: masterlittle <shitij.goyal@dunzo.in>
Date: Thu, 23 Mar 2023 13:39:20 +0530
Subject: [PATCH 07/11] Update docker compose file

---
 client/app/pages/queries/QueryView.jsx | 241 -------------------------
 docker-compose-f.yml                   | 106 ++++++++---
 2 files changed, 84 insertions(+), 263 deletions(-)
 delete mode 100644 client/app/pages/queries/QueryView.jsx

diff --git a/client/app/pages/queries/QueryView.jsx b/client/app/pages/queries/QueryView.jsx
deleted file mode 100644
index cbd582b480..0000000000
--- a/client/app/pages/queries/QueryView.jsx
+++ /dev/null
@@ -1,241 +0,0 @@
-import React, { useState, useEffect, useCallback } from "react";
-import PropTypes from "prop-types";
-import cx from "classnames";
-import useMedia from "use-media";
-import Button from "antd/lib/button";
-
-import FullscreenOutlinedIcon from "@ant-design/icons/FullscreenOutlined";
-import FullscreenExitOutlinedIcon from "@ant-design/icons/FullscreenExitOutlined";
-
-import routeWithUserSession from "@/components/ApplicationArea/routeWithUserSession";
-import EditInPlace from "@/components/EditInPlace";
-import Parameters from "@/components/Parameters";
-import DynamicComponent from "@/components/DynamicComponent";
-import PlainButton from "@/components/PlainButton";
-
-import DataSource from "@/services/data-source";
-import { ExecutionStatus } from "@/services/query-result";
-import routes from "@/services/routes";
-import { policy } from "@/services/policy";
-
-import useQueryResultData from "@/lib/useQueryResultData";
-
-import QueryPageHeader from "./components/QueryPageHeader";
-import QueryVisualizationTabs from "./components/QueryVisualizationTabs";
-import QueryExecutionStatus from "./components/QueryExecutionStatus";
-import QueryMetadata from "./components/QueryMetadata";
-import wrapQueryPage from "./components/wrapQueryPage";
-import QueryViewButton from "./components/QueryViewButton";
-import QueryExecutionMetadata from "./components/QueryExecutionMetadata";
-
-import useVisualizationTabHandler from "./hooks/useVisualizationTabHandler";
-import useQueryExecute from "./hooks/useQueryExecute";
-import useUpdateQueryDescription from "./hooks/useUpdateQueryDescription";
-import useQueryFlags from "./hooks/useQueryFlags";
-import useQueryParameters from "./hooks/useQueryParameters";
-import useEditScheduleDialog from "./hooks/useEditScheduleDialog";
-import useEditVisualizationDialog from "./hooks/useEditVisualizationDialog";
-import useDeleteVisualization from "./hooks/useDeleteVisualization";
-import useFullscreenHandler from "../../lib/hooks/useFullscreenHandler";
-
-import "./QueryView.less";
-
-function QueryView(props) {
-  const [query, setQuery] = useState(props.query);
-  const [dataSource, setDataSource] = useState();
-  const queryFlags = useQueryFlags(query, dataSource);
-  const [parameters, areParametersDirty, updateParametersDirtyFlag] = useQueryParameters(query);
-  const [selectedVisualization, setSelectedVisualization] = useVisualizationTabHandler(query.visualizations);
-  const isDesktop = useMedia({ minWidth: 768 });
-  const isFixedLayout = useMedia({ minHeight: 500 }) && isDesktop;
-  const [fullscreen, toggleFullscreen] = useFullscreenHandler(isDesktop);
-  const [addingDescription, setAddingDescription] = useState(false);
-
-  const {
-    queryResult,
-    loadedInitialResults,
-    isExecuting,
-    executionStatus,
-    executeQuery,
-    error: executionError,
-    cancelCallback: cancelExecution,
-    isCancelling: isExecutionCancelling,
-    updatedAt,
-  } = useQueryExecute(query);
-
-  const queryResultData = useQueryResultData(queryResult);
-
-  const updateQueryDescription = useUpdateQueryDescription(query, setQuery);
-  const editSchedule = useEditScheduleDialog(query, setQuery);
-  const addVisualization = useEditVisualizationDialog(query, queryResult, (newQuery, visualization) => {
-    setQuery(newQuery);
-    setSelectedVisualization(visualization.id);
-  });
-  const editVisualization = useEditVisualizationDialog(query, queryResult, newQuery => setQuery(newQuery));
-  const deleteVisualization = useDeleteVisualization(query, setQuery);
-
-  const doExecuteQuery = useCallback(
-    (skipParametersDirtyFlag = false) => {
-      if (!queryFlags.canExecute || (!skipParametersDirtyFlag && (areParametersDirty || isExecuting))) {
-        return;
-      }
-      executeQuery();
-    },
-    [areParametersDirty, executeQuery, isExecuting, queryFlags.canExecute]
-  );
-
-  useEffect(() => {
-    document.title = query.name;
-  }, [query.name]);
-
-  useEffect(() => {
-    DataSource.get({ id: query.data_source_id }).then(setDataSource);
-  }, [query.data_source_id]);
-
-  return (
-    <div
-      className={cx("query-page-wrapper", {
-        "query-view-fullscreen": fullscreen,
-        "query-fixed-layout": isFixedLayout,
-      })}>
-      <div className="container w-100">
-        <QueryPageHeader
-          query={query}
-          dataSource={dataSource}
-          onChange={setQuery}
-          selectedVisualization={selectedVisualization}
-          headerExtra={
-            <DynamicComponent name="QueryView.HeaderExtra" query={query}>
-              {policy.canRun(query) && (
-                <QueryViewButton
-                  className="m-r-5"
-                  type="primary"
-                  shortcut="mod+enter, alt+enter, ctrl+enter"
-                  disabled={!queryFlags.canExecute || isExecuting || areParametersDirty}
-                  onClick={doExecuteQuery}>
-                  Refresh
-                </QueryViewButton>
-              )}
-            </DynamicComponent>
-          }
-          tagsExtra={
-            !query.description &&
-            queryFlags.canEdit &&
-            !addingDescription &&
-            !fullscreen && (
-              <PlainButton className="label label-tag hidden-xs" role="none" onClick={() => setAddingDescription(true)}>
-                <i className="zmdi zmdi-plus m-r-5" aria-hidden="true" />
-                Add description
-              </PlainButton>
-            )
-          }
-        />
-        {(query.description || addingDescription) && (
-          <div className={cx("m-t-5", { hidden: fullscreen })}>
-            <EditInPlace
-              className="w-100"
-              value={query.description}
-              isEditable={queryFlags.canEdit}
-              onDone={updateQueryDescription}
-              onStopEditing={() => setAddingDescription(false)}
-              placeholder="Add description"
-              ignoreBlanks={false}
-              editorProps={{ autoSize: { minRows: 2, maxRows: 4 } }}
-              defaultEditing={addingDescription}
-              multiline
-            />
-          </div>
-        )}
-      </div>
-      <div className="query-view-content">
-        {query.hasParameters() && (
-          <div className={cx("bg-white tiled p-15 m-t-15 m-l-15 m-r-15", { hidden: fullscreen })}>
-            <Parameters
-              parameters={parameters}
-              onValuesChange={() => {
-                updateParametersDirtyFlag(false);
-                doExecuteQuery(true);
-              }}
-              onPendingValuesChange={() => updateParametersDirtyFlag()}
-            />
-          </div>
-        )}
-        <div className="query-results m-t-15">
-          {loadedInitialResults && (
-            <QueryVisualizationTabs
-              queryResult={queryResult}
-              visualizations={query.visualizations}
-              showNewVisualizationButton={queryFlags.canEdit && queryResultData.status === ExecutionStatus.DONE}
-              canDeleteVisualizations={queryFlags.canEdit}
-              selectedTab={selectedVisualization}
-              onChangeTab={setSelectedVisualization}
-              onAddVisualization={addVisualization}
-              onDeleteVisualization={deleteVisualization}
-              refreshButton={
-                policy.canRun(query) && (
-                  <Button
-                    type="primary"
-                    disabled={!queryFlags.canExecute || areParametersDirty}
-                    loading={isExecuting}
-                    onClick={doExecuteQuery}>
-                    {!isExecuting && <i className="zmdi zmdi-refresh m-r-5" aria-hidden="true" />}
-                    Refresh Now
-                  </Button>
-                )
-              }
-              canRefresh={policy.canRun(query)}
-            />
-          )}
-          <div className="query-results-footer">
-            {queryResult && !queryResult.getError() && (
-              <QueryExecutionMetadata
-                query={query}
-                queryResult={queryResult}
-                selectedVisualization={selectedVisualization}
-                isQueryExecuting={isExecuting}
-                showEditVisualizationButton={queryFlags.canEdit}
-                onEditVisualization={editVisualization}
-                extraActions={
-                  <QueryViewButton
-                    className="icon-button m-r-5 hidden-xs"
-                    title="Toggle Fullscreen"
-                    type="default"
-                    shortcut="alt+f"
-                    onClick={toggleFullscreen}>
-                    {fullscreen ? <FullscreenExitOutlinedIcon /> : <FullscreenOutlinedIcon />}
-                  </QueryViewButton>
-                }
-              />
-            )}
-            {(executionError || isExecuting) && (
-              <div className="query-execution-status">
-                <QueryExecutionStatus
-                  status={executionStatus}
-                  error={executionError}
-                  isCancelling={isExecutionCancelling}
-                  onCancel={cancelExecution}
-                  updatedAt={updatedAt}
-                />
-              </div>
-            )}
-          </div>
-        </div>
-        <div className={cx("p-t-15 p-r-15 p-l-15", { hidden: fullscreen })}>
-          <QueryMetadata layout="horizontal" query={query} dataSource={dataSource} onEditSchedule={editSchedule} />
-        </div>
-      </div>
-    </div>
-  );
-}
-
-QueryView.propTypes = { query: PropTypes.object.isRequired }; // eslint-disable-line react/forbid-prop-types
-
-const QueryViewPage = wrapQueryPage(QueryView);
-
-routes.register(
-  "Queries.View",
-  routeWithUserSession({
-    path: "/queries/:queryId",
-    render: pageProps => <QueryViewPage {...pageProps} />,
-  })
-);
diff --git a/docker-compose-f.yml b/docker-compose-f.yml
index 902f0b74a5..104c5b354f 100644
--- a/docker-compose-f.yml
+++ b/docker-compose-f.yml
@@ -1,16 +1,19 @@
 ---
 version: "2"
 x-redash-service: &redash-service
-  image: redash_server
+  image: asia-south1-docker.pkg.dev/prod-data-platform/redash/redash-v9:7
+  env_file: /opt/redash/env
   restart: always
+  logging:
+    driver: "local"
 services:
   server:
     <<: *redash-service
     command: server
     container_name: redash
-    ports:
-      - "5000:5000"
-      - "5678:5678"
+    expose:
+      - 5000
+      - 5678
     environment:
       PYTHONUNBUFFERED: 0
       REDASH_WEB_WORKERS: 5
@@ -53,22 +56,81 @@ services:
     depends_on:
       - server
     mem_limit: 7516192768
-  redis:
-    image: redis:3-alpine
-    restart: unless-stopped
-  postgres:
-    image: postgres:9.5-alpine
-    # The following turns the DB into less durable, but gains significant performance improvements for the tests run (x3
-    # improvement on my personal machine). We should consider moving this into a dedicated Docker Compose configuration for
-    # tests.
-    ports:
-      - "15432:5432"
-    command: "postgres -c fsync=off -c full_page_writes=off -c synchronous_commit=OFF"
-    restart: unless-stopped
-    environment:
-      POSTGRES_HOST_AUTH_METHOD: "trust"
-  email:
-    image: djfarrelly/maildev
+  adhoc_worker5:
+    <<: *redash-service
+    command: worker
+    depends_on:
+      - server
+    mem_limit: 7516192768
+  adhoc_worker6:
+    <<: *redash-service
+    command: worker
+    depends_on:
+      - server
+    mem_limit: 7516192768
+  adhoc_worker7:
+    <<: *redash-service
+    command: worker
+    depends_on:
+      - server
+    mem_limit: 7516192768
+  adhoc_worker8:
+    <<: *redash-service
+    command: worker
+    depends_on:
+      - server
+    mem_limit: 7516192768
+  adhoc_worker9:
+    <<: *redash-service
+    command: worker
+    depends_on:
+      - server
+    mem_limit: 7516192768
+  adhoc_worker10:
+    <<: *redash-service
+    command: worker
+    depends_on:
+      - server
+    mem_limit: 7516192768
+  adhoc_worker11:
+    <<: *redash-service
+    command: worker
+    depends_on:
+      - server
+    mem_limit: 7516192768
+  adhoc_worker12:
+    <<: *redash-service
+    command: worker
+    depends_on:
+      - server
+    mem_limit: 7516192768
+  adhoc_worker13:
+    <<: *redash-service
+    command: worker
+    depends_on:
+      - server
+    mem_limit: 7516192768
+  adhoc_worker14:
+    <<: *redash-service
+    command: worker
+    depends_on:
+      - server
+    mem_limit: 7516192768
+  adhoc_worker15:
+    <<: *redash-service
+    command: worker
+    depends_on:
+      - server
+    mem_limit: 7516192768
+  nginx:
+    image: nginx:latest
+    volumes:
+      - /opt/redash/nginx/nginx.conf:/etc/nginx/conf.d/default.conf
+      - /etc/certs:/etc/certs
     ports:
-      - "1080:80"
-    restart: unless-stopped
+      - "80:80"
+      - "443:443"
+    depends_on:
+      - server
+    links:
+      - server:redash

From f914aad9b75bccbf414aeae82ccede9c851109a9 Mon Sep 17 00:00:00 2001
From: masterlittle <shitij.goyal@dunzo.in>
Date: Sat, 1 Apr 2023 14:44:51 +0530
Subject: [PATCH 08/11] Add datatype to bigquery column name Enable auto limit
 for bigquery Show slots in bigquery queries in UI Fix docker-compose.yml by
 adding postgres container name

---
 .github/create_image.yml               |  13 +-
 Dockerfile                             |   4 +-
 client/app/pages/queries/QueryView.jsx | 241 +++++++++++++++++++++++++
 3 files changed, 254 insertions(+), 4 deletions(-)
 create mode 100644 client/app/pages/queries/QueryView.jsx

diff --git a/.github/create_image.yml b/.github/create_image.yml
index 0adc442e21..14a69444db 100644
--- a/.github/create_image.yml
+++ b/.github/create_image.yml
@@ -15,7 +15,7 @@ jobs:
       url: "app.{{ vars.BASE_DOMAIN }}"
     runs-on: ubuntu-latest
     env:
-      IMAGE_NAME: asia-south1-python.pkg.dev/prod-data-platform/redash
+      IMAGE_NAME: asia-south1-python.pkg.dev/prod-data-platform/redash/redash
 
     steps:
       - uses: actions/checkout@v3
@@ -39,5 +39,12 @@ jobs:
         uses: docker/setup-buildx-action@v2
         platforms: linux/amd64,linux/arm64
 
-      - name: Build & push custom image
-        run: DOCKER_BUILDKIT=1 docker buildx build -t ${{ vars.IMAGE_NAME }}:${{ steps.tag_name.outputs.tag }} . --push
+      - name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          push: true
+          platforms: linux/amd64,linux/arm64
+          tags: "${{ vars.IMAGE_NAME }}:${{ steps.tag_name.outputs.tag }}"
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
diff --git a/Dockerfile b/Dockerfile
index c361316e76..ed312a8e72 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:1.3
-FROM node:14.17 as frontend-builder
+FROM node:19 as frontend-builder
 
 RUN npm install --global --force yarn@1.22.10
 
@@ -20,6 +20,8 @@ COPY --chown=redash viz-lib /frontend/viz-lib
 ARG code_coverage
 ENV BABEL_ENV=${code_coverage:+test}
 
+ENV NODE_OPTIONS=--openssl-legacy-provider
+
 RUN if [ "x$skip_frontend_build" = "x" ] ; then yarn --frozen-lockfile --network-concurrency 1; fi
 
 COPY --chown=redash client /frontend/client
diff --git a/client/app/pages/queries/QueryView.jsx b/client/app/pages/queries/QueryView.jsx
new file mode 100644
index 0000000000..cbd582b480
--- /dev/null
+++ b/client/app/pages/queries/QueryView.jsx
@@ -0,0 +1,241 @@
+import React, { useState, useEffect, useCallback } from "react";
+import PropTypes from "prop-types";
+import cx from "classnames";
+import useMedia from "use-media";
+import Button from "antd/lib/button";
+
+import FullscreenOutlinedIcon from "@ant-design/icons/FullscreenOutlined";
+import FullscreenExitOutlinedIcon from "@ant-design/icons/FullscreenExitOutlined";
+
+import routeWithUserSession from "@/components/ApplicationArea/routeWithUserSession";
+import EditInPlace from "@/components/EditInPlace";
+import Parameters from "@/components/Parameters";
+import DynamicComponent from "@/components/DynamicComponent";
+import PlainButton from "@/components/PlainButton";
+
+import DataSource from "@/services/data-source";
+import { ExecutionStatus } from "@/services/query-result";
+import routes from "@/services/routes";
+import { policy } from "@/services/policy";
+
+import useQueryResultData from "@/lib/useQueryResultData";
+
+import QueryPageHeader from "./components/QueryPageHeader";
+import QueryVisualizationTabs from "./components/QueryVisualizationTabs";
+import QueryExecutionStatus from "./components/QueryExecutionStatus";
+import QueryMetadata from "./components/QueryMetadata";
+import wrapQueryPage from "./components/wrapQueryPage";
+import QueryViewButton from "./components/QueryViewButton";
+import QueryExecutionMetadata from "./components/QueryExecutionMetadata";
+
+import useVisualizationTabHandler from "./hooks/useVisualizationTabHandler";
+import useQueryExecute from "./hooks/useQueryExecute";
+import useUpdateQueryDescription from "./hooks/useUpdateQueryDescription";
+import useQueryFlags from "./hooks/useQueryFlags";
+import useQueryParameters from "./hooks/useQueryParameters";
+import useEditScheduleDialog from "./hooks/useEditScheduleDialog";
+import useEditVisualizationDialog from "./hooks/useEditVisualizationDialog";
+import useDeleteVisualization from "./hooks/useDeleteVisualization";
+import useFullscreenHandler from "../../lib/hooks/useFullscreenHandler";
+
+import "./QueryView.less";
+
+function QueryView(props) {
+  const [query, setQuery] = useState(props.query);
+  const [dataSource, setDataSource] = useState();
+  const queryFlags = useQueryFlags(query, dataSource);
+  const [parameters, areParametersDirty, updateParametersDirtyFlag] = useQueryParameters(query);
+  const [selectedVisualization, setSelectedVisualization] = useVisualizationTabHandler(query.visualizations);
+  const isDesktop = useMedia({ minWidth: 768 });
+  const isFixedLayout = useMedia({ minHeight: 500 }) && isDesktop;
+  const [fullscreen, toggleFullscreen] = useFullscreenHandler(isDesktop);
+  const [addingDescription, setAddingDescription] = useState(false);
+
+  const {
+    queryResult,
+    loadedInitialResults,
+    isExecuting,
+    executionStatus,
+    executeQuery,
+    error: executionError,
+    cancelCallback: cancelExecution,
+    isCancelling: isExecutionCancelling,
+    updatedAt,
+  } = useQueryExecute(query);
+
+  const queryResultData = useQueryResultData(queryResult);
+
+  const updateQueryDescription = useUpdateQueryDescription(query, setQuery);
+  const editSchedule = useEditScheduleDialog(query, setQuery);
+  const addVisualization = useEditVisualizationDialog(query, queryResult, (newQuery, visualization) => {
+    setQuery(newQuery);
+    setSelectedVisualization(visualization.id);
+  });
+  const editVisualization = useEditVisualizationDialog(query, queryResult, newQuery => setQuery(newQuery));
+  const deleteVisualization = useDeleteVisualization(query, setQuery);
+
+  const doExecuteQuery = useCallback(
+    (skipParametersDirtyFlag = false) => {
+      if (!queryFlags.canExecute || (!skipParametersDirtyFlag && (areParametersDirty || isExecuting))) {
+        return;
+      }
+      executeQuery();
+    },
+    [areParametersDirty, executeQuery, isExecuting, queryFlags.canExecute]
+  );
+
+  useEffect(() => {
+    document.title = query.name;
+  }, [query.name]);
+
+  useEffect(() => {
+    DataSource.get({ id: query.data_source_id }).then(setDataSource);
+  }, [query.data_source_id]);
+
+  return (
+    <div
+      className={cx("query-page-wrapper", {
+        "query-view-fullscreen": fullscreen,
+        "query-fixed-layout": isFixedLayout,
+      })}>
+      <div className="container w-100">
+        <QueryPageHeader
+          query={query}
+          dataSource={dataSource}
+          onChange={setQuery}
+          selectedVisualization={selectedVisualization}
+          headerExtra={
+            <DynamicComponent name="QueryView.HeaderExtra" query={query}>
+              {policy.canRun(query) && (
+                <QueryViewButton
+                  className="m-r-5"
+                  type="primary"
+                  shortcut="mod+enter, alt+enter, ctrl+enter"
+                  disabled={!queryFlags.canExecute || isExecuting || areParametersDirty}
+                  onClick={doExecuteQuery}>
+                  Refresh
+                </QueryViewButton>
+              )}
+            </DynamicComponent>
+          }
+          tagsExtra={
+            !query.description &&
+            queryFlags.canEdit &&
+            !addingDescription &&
+            !fullscreen && (
+              <PlainButton className="label label-tag hidden-xs" role="none" onClick={() => setAddingDescription(true)}>
+                <i className="zmdi zmdi-plus m-r-5" aria-hidden="true" />
+                Add description
+              </PlainButton>
+            )
+          }
+        />
+        {(query.description || addingDescription) && (
+          <div className={cx("m-t-5", { hidden: fullscreen })}>
+            <EditInPlace
+              className="w-100"
+              value={query.description}
+              isEditable={queryFlags.canEdit}
+              onDone={updateQueryDescription}
+              onStopEditing={() => setAddingDescription(false)}
+              placeholder="Add description"
+              ignoreBlanks={false}
+              editorProps={{ autoSize: { minRows: 2, maxRows: 4 } }}
+              defaultEditing={addingDescription}
+              multiline
+            />
+          </div>
+        )}
+      </div>
+      <div className="query-view-content">
+        {query.hasParameters() && (
+          <div className={cx("bg-white tiled p-15 m-t-15 m-l-15 m-r-15", { hidden: fullscreen })}>
+            <Parameters
+              parameters={parameters}
+              onValuesChange={() => {
+                updateParametersDirtyFlag(false);
+                doExecuteQuery(true);
+              }}
+              onPendingValuesChange={() => updateParametersDirtyFlag()}
+            />
+          </div>
+        )}
+        <div className="query-results m-t-15">
+          {loadedInitialResults && (
+            <QueryVisualizationTabs
+              queryResult={queryResult}
+              visualizations={query.visualizations}
+              showNewVisualizationButton={queryFlags.canEdit && queryResultData.status === ExecutionStatus.DONE}
+              canDeleteVisualizations={queryFlags.canEdit}
+              selectedTab={selectedVisualization}
+              onChangeTab={setSelectedVisualization}
+              onAddVisualization={addVisualization}
+              onDeleteVisualization={deleteVisualization}
+              refreshButton={
+                policy.canRun(query) && (
+                  <Button
+                    type="primary"
+                    disabled={!queryFlags.canExecute || areParametersDirty}
+                    loading={isExecuting}
+                    onClick={doExecuteQuery}>
+                    {!isExecuting && <i className="zmdi zmdi-refresh m-r-5" aria-hidden="true" />}
+                    Refresh Now
+                  </Button>
+                )
+              }
+              canRefresh={policy.canRun(query)}
+            />
+          )}
+          <div className="query-results-footer">
+            {queryResult && !queryResult.getError() && (
+              <QueryExecutionMetadata
+                query={query}
+                queryResult={queryResult}
+                selectedVisualization={selectedVisualization}
+                isQueryExecuting={isExecuting}
+                showEditVisualizationButton={queryFlags.canEdit}
+                onEditVisualization={editVisualization}
+                extraActions={
+                  <QueryViewButton
+                    className="icon-button m-r-5 hidden-xs"
+                    title="Toggle Fullscreen"
+                    type="default"
+                    shortcut="alt+f"
+                    onClick={toggleFullscreen}>
+                    {fullscreen ? <FullscreenExitOutlinedIcon /> : <FullscreenOutlinedIcon />}
+                  </QueryViewButton>
+                }
+              />
+            )}
+            {(executionError || isExecuting) && (
+              <div className="query-execution-status">
+                <QueryExecutionStatus
+                  status={executionStatus}
+                  error={executionError}
+                  isCancelling={isExecutionCancelling}
+                  onCancel={cancelExecution}
+                  updatedAt={updatedAt}
+                />
+              </div>
+            )}
+          </div>
+        </div>
+        <div className={cx("p-t-15 p-r-15 p-l-15", { hidden: fullscreen })}>
+          <QueryMetadata layout="horizontal" query={query} dataSource={dataSource} onEditSchedule={editSchedule} />
+        </div>
+      </div>
+    </div>
+  );
+}
+
+QueryView.propTypes = { query: PropTypes.object.isRequired }; // eslint-disable-line react/forbid-prop-types
+
+const QueryViewPage = wrapQueryPage(QueryView);
+
+routes.register(
+  "Queries.View",
+  routeWithUserSession({
+    path: "/queries/:queryId",
+    render: pageProps => <QueryViewPage {...pageProps} />,
+  })
+);

From 51106962e4f07c83dbbf2e4a038f11ce5df88ed6 Mon Sep 17 00:00:00 2001
From: masterlittle <shitij.goyal@dunzo.in>
Date: Sun, 2 Apr 2023 15:36:43 +0530
Subject: [PATCH 09/11] Add component to show all policy tags accessed

---
 client/app/pages/queries/QuerySource.jsx      | 65 +++++++++++--------
 .../QueryExecutionMetadataAdditionalInfo.jsx  | 57 ++++++++++++++++
 .../QueryExecutionMetadataAdditionalInfo.less | 27 ++++++++
 redash/query_runner/big_query.py              | 16 +++--
 4 files changed, 132 insertions(+), 33 deletions(-)
 create mode 100644 client/app/pages/queries/components/QueryExecutionMetadataAdditionalInfo.jsx
 create mode 100644 client/app/pages/queries/components/QueryExecutionMetadataAdditionalInfo.less

diff --git a/client/app/pages/queries/QuerySource.jsx b/client/app/pages/queries/QuerySource.jsx
index 774b720963..3415cd9ea7 100644
--- a/client/app/pages/queries/QuerySource.jsx
+++ b/client/app/pages/queries/QuerySource.jsx
@@ -1,8 +1,8 @@
-import { extend, find, includes, isEmpty, map } from "lodash";
-import React, { useCallback, useEffect, useRef, useState } from "react";
+import {extend, find, includes, isEmpty, map} from "lodash";
+import React, {useCallback, useEffect, useRef, useState} from "react";
 import PropTypes from "prop-types";
 import cx from "classnames";
-import { useDebouncedCallback } from "use-debounce";
+import {useDebouncedCallback} from "use-debounce";
 import useMedia from "use-media";
 import Button from "antd/lib/button";
 import routeWithUserSession from "@/components/ApplicationArea/routeWithUserSession";
@@ -11,7 +11,7 @@ import Parameters from "@/components/Parameters";
 import EditInPlace from "@/components/EditInPlace";
 import DynamicComponent from "@/components/DynamicComponent";
 import recordEvent from "@/services/recordEvent";
-import { ExecutionStatus } from "@/services/query-result";
+import {ExecutionStatus} from "@/services/query-result";
 import routes from "@/services/routes";
 import notification from "@/services/notification";
 import * as queryFormat from "@/lib/queryFormat";
@@ -22,9 +22,10 @@ import QueryVisualizationTabs from "./components/QueryVisualizationTabs";
 import QueryExecutionStatus from "./components/QueryExecutionStatus";
 import QuerySourceAlerts from "./components/QuerySourceAlerts";
 import wrapQueryPage from "./components/wrapQueryPage";
+import QueryExecutionMetadataAdditionalInfo from "./components/QueryExecutionMetadataAdditionalInfo";
 import QueryExecutionMetadata from "./components/QueryExecutionMetadata";
 
-import { getEditorComponents } from "@/components/queries/editor-components";
+import {getEditorComponents} from "@/components/queries/editor-components";
 import useQuery from "./hooks/useQuery";
 import useVisualizationTabHandler from "./hooks/useVisualizationTabHandler";
 import useAutocompleteFlags from "./hooks/useAutocompleteFlags";
@@ -52,14 +53,14 @@ function chooseDataSourceId(dataSourceIds, availableDataSources) {
 }
 
 function QuerySource(props) {
-  const { query, setQuery, isDirty, saveQuery } = useQuery(props.query);
-  const { dataSourcesLoaded, dataSources, dataSource } = useQueryDataSources(query);
+  const {query, setQuery, isDirty, saveQuery} = useQuery(props.query);
+  const {dataSourcesLoaded, dataSources, dataSource} = useQueryDataSources(query);
   const [schema, setSchema] = useState([]);
   const queryFlags = useQueryFlags(query, dataSource);
   const [parameters, areParametersDirty, updateParametersDirtyFlag] = useQueryParameters(query);
   const [selectedVisualization, setSelectedVisualization] = useVisualizationTabHandler(query.visualizations);
-  const { QueryEditor, SchemaBrowser } = getEditorComponents(dataSource && dataSource.type);
-  const isMobile = !useMedia({ minWidth: 768 });
+  const {QueryEditor, SchemaBrowser} = getEditorComponents(dataSource && dataSource.type);
+  const isMobile = !useMedia({minWidth: 768});
 
   useUnsavedChangesAlert(isDirty);
 
@@ -82,7 +83,7 @@ function QuerySource(props) {
   const [autoLimitAvailable, autoLimitChecked, setAutoLimit] = useAutoLimitFlags(dataSource, query, setQuery);
 
   const [handleQueryEditorChange] = useDebouncedCallback(queryText => {
-    setQuery(extend(query.clone(), { query: queryText }));
+    setQuery(extend(query.clone(), {query: queryText}));
   }, 100);
 
   useEffect(() => {
@@ -101,7 +102,7 @@ function QuerySource(props) {
   const formatQuery = () => {
     try {
       const formattedQueryText = queryFormat.formatQuery(query.query, querySyntax);
-      setQuery(extend(query.clone(), { query: formattedQueryText }));
+      setQuery(extend(query.clone(), {query: formattedQueryText}));
     } catch (err) {
       notification.error(String(err));
     }
@@ -117,14 +118,14 @@ function QuerySource(props) {
         }
       }
       if (query.data_source_id !== dataSourceId) {
-        recordEvent("update_data_source", "query", query.id, { dataSourceId });
+        recordEvent("update_data_source", "query", query.id, {dataSourceId});
         const updates = {
           data_source_id: dataSourceId,
           latest_query_data_id: null,
           latest_query_data: null,
         };
         setQuery(extend(query.clone(), updates));
-        updateQuery(updates, { successMessage: null }); // show message only on error
+        updateQuery(updates, {successMessage: null}); // show message only on error
       }
     },
     [query, setQuery, updateQuery]
@@ -193,15 +194,15 @@ function QuerySource(props) {
   const deleteVisualization = useDeleteVisualization(query, setQuery);
 
   return (
-    <div className={cx("query-page-wrapper", { "query-fixed-layout": !isMobile })}>
-      <QuerySourceAlerts query={query} dataSourcesAvailable={!dataSourcesLoaded || dataSources.length > 0} />
+    <div className={cx("query-page-wrapper", {"query-fixed-layout": !isMobile})}>
+      <QuerySourceAlerts query={query} dataSourcesAvailable={!dataSourcesLoaded || dataSources.length > 0}/>
       <div className="container w-100 p-b-10">
         <QueryPageHeader
           query={query}
           dataSource={dataSource}
           sourceMode
           selectedVisualization={selectedVisualization}
-          headerExtra={<DynamicComponent name="QuerySource.HeaderExtra" query={query} />}
+          headerExtra={<DynamicComponent name="QuerySource.HeaderExtra" query={query}/>}
           onChange={setQuery}
         />
       </div>
@@ -225,7 +226,7 @@ function QuerySource(props) {
                 dataSource={dataSource}
                 options={query.options.schemaOptions}
                 onOptionsUpdate={schemaOptions =>
-                  setQuery(extend(query.clone(), { options: { ...query.options, schemaOptions } }))
+                  setQuery(extend(query.clone(), {options: {...query.options, schemaOptions}}))
                 }
                 onSchemaUpdate={setSchema}
                 onItemSelect={handleSchemaItemSelect}
@@ -246,7 +247,7 @@ function QuerySource(props) {
               </div>
             )}
 
-            {!query.isNew() && <QueryMetadata layout="table" query={query} onEditSchedule={editSchedule} />}
+            {!query.isNew() && <QueryMetadata layout="table" query={query} onEditSchedule={editSchedule}/>}
           </nav>
         </Resizable>
 
@@ -254,7 +255,7 @@ function QuerySource(props) {
           <div className="flex-fill p-relative">
             <div
               className="p-absolute d-flex flex-column p-l-15 p-r-15"
-              style={{ left: 0, top: 0, right: 0, bottom: 0, overflow: "auto" }}>
+              style={{left: 0, top: 0, right: 0, bottom: 0, overflow: "auto"}}>
               <Resizable direction="vertical" sizeAttribute="flex-basis">
                 <div className="row editor">
                   <section className="query-editor-wrapper" data-test="QueryEditor">
@@ -317,11 +318,11 @@ function QuerySource(props) {
                       dataSourceSelectorProps={
                         dataSource
                           ? {
-                              disabled: !queryFlags.canEdit,
-                              value: dataSource.id,
-                              onChange: handleDataSourceChange,
-                              options: map(dataSources, ds => ({ value: ds.id, label: ds.name })),
-                            }
+                            disabled: !queryFlags.canEdit,
+                            value: dataSource.id,
+                            onChange: handleDataSourceChange,
+                            options: map(dataSources, ds => ({value: ds.id, label: ds.name})),
+                          }
                           : false
                       }
                     />
@@ -329,7 +330,7 @@ function QuerySource(props) {
                 </div>
               </Resizable>
 
-              {!queryFlags.isNew && <QueryMetadata layout="horizontal" query={query} onEditSchedule={editSchedule} />}
+              {!queryFlags.isNew && <QueryMetadata layout="horizontal" query={query} onEditSchedule={editSchedule}/>}
 
               <section className="query-results-wrapper">
                 {query.hasParameters() && (
@@ -393,7 +394,7 @@ function QuerySource(props) {
                           disabled={!queryFlags.canExecute || areParametersDirty}
                           loading={isQueryExecuting}
                           onClick={doExecuteQuery}>
-                          {!isQueryExecuting && <i className="zmdi zmdi-refresh m-r-5" aria-hidden="true" />}
+                          {!isQueryExecuting && <i className="zmdi zmdi-refresh m-r-5" aria-hidden="true"/>}
                           Refresh Now
                         </Button>
                       }
@@ -403,6 +404,18 @@ function QuerySource(props) {
               </section>
             </div>
           </div>
+          {queryResult && !queryResult.getError() && (
+            <div className="bottom-controller-container">
+              <QueryExecutionMetadataAdditionalInfo
+                query={query}
+                queryResult={queryResult}
+                selectedVisualization={selectedVisualization}
+                isQueryExecuting={isQueryExecuting}
+                showEditVisualizationButton={!queryFlags.isNew && queryFlags.canEdit}
+                onEditVisualization={editVisualization}
+              />
+            </div>
+          )}
           {queryResult && !queryResult.getError() && (
             <div className="bottom-controller-container">
               <QueryExecutionMetadata
diff --git a/client/app/pages/queries/components/QueryExecutionMetadataAdditionalInfo.jsx b/client/app/pages/queries/components/QueryExecutionMetadataAdditionalInfo.jsx
new file mode 100644
index 0000000000..2914097f25
--- /dev/null
+++ b/client/app/pages/queries/components/QueryExecutionMetadataAdditionalInfo.jsx
@@ -0,0 +1,57 @@
+import React from "react";
+import PropTypes from "prop-types";
+import WarningTwoTone from "@ant-design/icons/WarningTwoTone";
+import TimeAgo from "@/components/TimeAgo";
+import Tooltip from "@/components/Tooltip";
+import useAddToDashboardDialog from "../hooks/useAddToDashboardDialog";
+import useEmbedDialog from "../hooks/useEmbedDialog";
+import QueryControlDropdown from "@/components/EditVisualizationButton/QueryControlDropdown";
+import EditVisualizationButton from "@/components/EditVisualizationButton";
+import useQueryResultData from "@/lib/useQueryResultData";
+import {durationHumanize, formatNumber, pluralize, prettySize} from "@/lib/utils";
+
+import "./QueryExecutionMetadataAdditionalInfo.less";
+
+export default function QueryExecutionMetadataAdditionalInfo({
+                                                 query,
+                                                 queryResult,
+                                                 isQueryExecuting,
+                                                 selectedVisualization,
+                                                 showEditVisualizationButton,
+                                                 onEditVisualization,
+                                                 extraActions,
+                                               }) {
+  const queryResultData = useQueryResultData(queryResult);
+  return (
+    <div className="query-execution-metadata">
+      {extraActions}
+      <span className="m-l-5 m-r-10">
+        {queryResultData.metadata.policy_tag_columns && (
+          <span className="m-l-5" >
+            <strong>Policy tagged columns used:  </strong>
+            {queryResultData.metadata.policy_tag_columns}
+          </span>
+        )}
+      </span>
+    </div>
+  );
+}
+
+QueryExecutionMetadataAdditionalInfo.propTypes = {
+  query: PropTypes.object.isRequired, // eslint-disable-line react/forbid-prop-types
+  queryResult: PropTypes.object.isRequired, // eslint-disable-line react/forbid-prop-types
+  isQueryExecuting: PropTypes.bool,
+  selectedVisualization: PropTypes.number,
+  showEditVisualizationButton: PropTypes.bool,
+  onEditVisualization: PropTypes.func,
+  extraActions: PropTypes.node,
+};
+
+QueryExecutionMetadataAdditionalInfo.defaultProps = {
+  isQueryExecuting: false,
+  selectedVisualization: null,
+  showEditVisualizationButton: false,
+  onEditVisualization: () => {
+  },
+  extraActions: null,
+};
diff --git a/client/app/pages/queries/components/QueryExecutionMetadataAdditionalInfo.less b/client/app/pages/queries/components/QueryExecutionMetadataAdditionalInfo.less
new file mode 100644
index 0000000000..c3eacf4812
--- /dev/null
+++ b/client/app/pages/queries/components/QueryExecutionMetadataAdditionalInfo.less
@@ -0,0 +1,27 @@
+.query-execution-metadata {
+  padding: 10px 15px;
+  background: #fff;
+  display: flex;
+  align-items: center;
+
+  button,
+  div,
+  span {
+    position: relative;
+  }
+
+  div:last-child {
+    flex-grow: 1;
+    text-align: right;
+  }
+
+  &:before {
+    content: "";
+    height: 50px;
+    position: fixed;
+    bottom: 0;
+    width: 100%;
+    pointer-events: none;
+    left: 0;
+  }
+}
diff --git a/redash/query_runner/big_query.py b/redash/query_runner/big_query.py
index c85b1ff17e..c610275eb0 100644
--- a/redash/query_runner/big_query.py
+++ b/redash/query_runner/big_query.py
@@ -267,7 +267,7 @@ def _get_query_result(self, jobs, query, user):
 
         self._update_query_policy_tags(policy_tags_accessed, query)
 
-        self._check_for_policy_tags_in_query(policy_tags_accessed, user)
+        policy_tag_columns: str = self._check_for_policy_tags_in_query(policy_tags_accessed, user)
 
         rows = []
 
@@ -306,7 +306,8 @@ def _get_query_result(self, jobs, query, user):
             "columns": columns,
             "rows": rows,
             "metadata": {"data_scanned": _get_total_bytes_processed_for_resp(query_reply),
-                         "slots_used": _get_total_slots_for_resp(current_job_statistics)},
+                         "slots_used": _get_total_slots_for_resp(current_job_statistics),
+                         "policy_tag_columns": policy_tag_columns},
         }
 
         return data
@@ -317,14 +318,15 @@ def _check_for_policy_tags_in_query(self, policy_tags_accessed, user):
             access_results: List[Tuple[str]] = UserGroupMemberList.get_by_policy_name(policy_names=list(policy_tags_accessed.keys()),
                                                                        user_email=user.email)
             access = {a[0] for a in access_results}
+            missing_access_policy_tags = set(policy_tags_accessed.keys()) - access
+            filtered_results: dict = {k: v for k, v in policy_tags_accessed.items() if
+                                      k in missing_access_policy_tags}
+            f = [f"Policy tag- {k}, Columns accessed- {v}" for k, v in filtered_results.items()]
             if len(access) != len(policy_tags_accessed):
-                missing_access_policy_tags = set(policy_tags_accessed.keys()) - access
-                filtered_results: dict = {k: v for k, v in policy_tags_accessed.items() if
-                                          k in missing_access_policy_tags}
-                f = [f"Policy tag- {k}, Columns accessed- {v}" for k, v in filtered_results.items()]
-
                 raise PermissionDeniedException(
                     "User does not have permission to query columns. \n{} ".format('\n'.join(f)))
+            else:
+                return '\n'.join([f"Policy tag- {k}, Columns accessed- {v}" for k, v in policy_tags_accessed.items()])
 
     def _update_query_policy_tags(self, policy_tags_accessed, query):
         query_hash = self.gen_query_hash(query)

From 4241241d97b9b8718719aed08a7dc63d24c7adcd Mon Sep 17 00:00:00 2001
From: masterlittle <shitij.goyal@dunzo.in>
Date: Sun, 2 Apr 2023 20:29:38 +0530
Subject: [PATCH 10/11] Add functionality to use bigquery parser for pii

---
 redash/query_runner/big_query.py | 60 +++++++++++++++++++++++++++-----
 requirements.txt                 |  1 +
 2 files changed, 52 insertions(+), 9 deletions(-)

diff --git a/redash/query_runner/big_query.py b/redash/query_runner/big_query.py
index c610275eb0..feaa9847b2 100644
--- a/redash/query_runner/big_query.py
+++ b/redash/query_runner/big_query.py
@@ -1,4 +1,5 @@
 import datetime
+import json
 import logging
 import os
 import time
@@ -8,16 +9,20 @@
 from typing import Dict, List, Set, Tuple
 
 import httplib2
+import requests
+import google.auth.transport.requests
+import google.oauth2.id_token
 from cachetools import cached, TTLCache
 
 from redash import settings
 from redash.models import UserGroupMemberList, TableColumnPolicyTagMapping, QueryIdPolicyTagMapping
-# from redash.models import User, TableColumnPolicyTagMapping, UserGroupMemberList
 from redash.query_runner import *
 from redash.settings import parse_boolean
 from redash.utils import json_dumps, json_loads
 from redash.utils.permission_denied_exception import PermissionDeniedException
 
+BIGQUERY_PARSER_URL = os.getenv("REDASH_BIGQUERY_PARSER_URL", False)
+
 logger = logging.getLogger(__name__)
 
 try:
@@ -242,7 +247,41 @@ def _get_policy_tags(self) -> Dict[str, List[Tuple[str, str]]]:
             grouped_map[policy_tag_table_name].append((policy_tags.column_name, policy_tags.policy_tag))
         return grouped_map
 
+    def get_cloud_function_token(self, audience):
+        """
+        make_authorized_get_request makes a GET request to the specified HTTP endpoint
+        by authenticating with the ID token obtained from the google-auth client library
+        using the specified audience value.
+        """
+
+        # Cloud Functions uses your function's URL as the `audience` value
+        # audience = https://project-region-projectid.cloudfunctions.net/myFunction
+        # For Cloud Functions, `endpoint` and `audience` should be equal
+
+        auth_req = google.auth.transport.requests.Request()
+        id_token = google.oauth2.id_token.fetch_id_token(auth_req, audience)
+        return {"Authorization": f"Bearer {id_token}"}
+
+    def get_headers(self):
+        common = {
+            "Accept": "text/plain,text/html,application/json,application/xhtml+xml,application/xml;q=0.9,/;q=0.8",
+            "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.1 Safari/605.1.15"
+        }
+        auth = self.get_cloud_function_token(BIGQUERY_PARSER_URL)
+        return {**common , **auth}
+
     def _get_query_result(self, jobs, query, user):
+        if BIGQUERY_PARSER_URL:
+            query_metadata_from_parser = requests.post(BIGQUERY_PARSER_URL, headers=self.get_headers(), json=[query])
+            if query_metadata_from_parser.status_code == 200 and query_metadata_from_parser.json()["success"]:
+                table_column_mapping = defaultdict(set)
+                result = query_metadata_from_parser.json()
+                for success in result["success"]:
+                    for table in success["tableMetadataList"]:
+                        for column in table["columnMetadataList"]:
+                            table_column_mapping[table["tableName"]].add(column["column"])
+                self.check_for_pii_access(table_column_mapping, query, user)
+
         project_id = self._get_project_id()
         job_data = self._get_job_data(query)
         insert_response = jobs.insert(projectId=project_id, body=job_data).execute()
@@ -262,12 +301,7 @@ def _get_query_result(self, jobs, query, user):
             **{"projectId": project_id, "jobId": self.current_job_id, "location": self._get_location()}).execute()
         table_column_map: Dict[str, Set[str]] = self._get_columns_used_in_query(
             job_stats["statistics"]["query"]["queryPlan"])
-        get_policy_tag_mapping: Dict[str, Tuple[str, str]] = self._get_policy_tags()
-        policy_tags_accessed = self.get_policy_tags_in_query(get_policy_tag_mapping, table_column_map)
-
-        self._update_query_policy_tags(policy_tags_accessed, query)
-
-        policy_tag_columns: str = self._check_for_policy_tags_in_query(policy_tags_accessed, user)
+        policy_tag_columns = self.check_for_pii_access(table_column_map, query, user)
 
         rows = []
 
@@ -312,11 +346,19 @@ def _get_query_result(self, jobs, query, user):
 
         return data
 
+    def check_for_pii_access(self, table_column_map, query, user):
+        get_policy_tag_mapping: Dict[str, Tuple[str, str]] = self._get_policy_tags()
+        policy_tags_accessed = self.get_policy_tags_in_query(get_policy_tag_mapping, table_column_map)
+        self._update_query_policy_tags(policy_tags_accessed, query)
+        policy_tag_columns: str = self._check_for_policy_tags_in_query(policy_tags_accessed, user)
+        return policy_tag_columns
+
     def _check_for_policy_tags_in_query(self, policy_tags_accessed, user):
         if policy_tags_accessed:
             # Check if user email has access
-            access_results: List[Tuple[str]] = UserGroupMemberList.get_by_policy_name(policy_names=list(policy_tags_accessed.keys()),
-                                                                       user_email=user.email)
+            access_results: List[Tuple[str]] = UserGroupMemberList.get_by_policy_name(
+                policy_names=list(policy_tags_accessed.keys()),
+                user_email=user.email)
             access = {a[0] for a in access_results}
             missing_access_policy_tags = set(policy_tags_accessed.keys()) - access
             filtered_results: dict = {k: v for k, v in policy_tags_accessed.items() if
diff --git a/requirements.txt b/requirements.txt
index 41b2016a91..1ead0f4f6c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -62,6 +62,7 @@ sshtunnel==0.1.5
 supervisor==4.1.0
 supervisor_checks==0.8.1
 werkzeug==0.16.1
+google-auth==2.17.1
 # Install the dependencies of the bin/bundle-extensions script here.
 # It has its own requirements file to simplify the frontend client build process
 # -r requirements_bundles.txt

From 55fa52d5759da75dfdaa3397271010e07681cc39 Mon Sep 17 00:00:00 2001
From: masterlittle <shitij.goyal@dunzo.in>
Date: Wed, 12 Apr 2023 13:33:37 +0530
Subject: [PATCH 11/11] Add formatting changes

---
 .../components/QueryExecutionMetadata.jsx     | 15 ++++----
 .../components/QueryExecutionMetadata.less    |  4 +++
 .../QueryExecutionMetadataAdditionalInfo.jsx  | 12 ++-----
 .../QueryExecutionMetadataAdditionalInfo.less |  6 +++-
 redash/handlers/dashboards.py                 |  1 +
 redash/handlers/query_results.py              | 25 +++++++------
 redash/models/__init__.py                     |  4 +--
 redash/query_runner/big_query.py              | 35 ++++++++++---------
 8 files changed, 56 insertions(+), 46 deletions(-)

diff --git a/client/app/pages/queries/components/QueryExecutionMetadata.jsx b/client/app/pages/queries/components/QueryExecutionMetadata.jsx
index 1dd1b453ff..687b525f47 100644
--- a/client/app/pages/queries/components/QueryExecutionMetadata.jsx
+++ b/client/app/pages/queries/components/QueryExecutionMetadata.jsx
@@ -70,18 +70,19 @@ export default function QueryExecutionMetadata({
         {queryResultData.metadata.data_scanned && (
           <span className="m-l-5">
             Data Scanned:
-            <strong>{prettySize(queryResultData.metadata.data_scanned)}</strong>
-          </span>
-        )}
-        {queryResultData.metadata.slots_used && (
-          <span className="m-l-5">
-            Slots used:
-            <strong>{formatNumber(queryResultData.metadata.slots_used)}</strong>
+            <strong> {prettySize(queryResultData.metadata.data_scanned)} </strong>
           </span>
         )}
+
       </span>
       <div>
         <span className="m-r-10">
+                  {queryResultData.metadata.slots_used && (
+                    <span className="metadata-info m-l-5">
+            Slots used:
+            <strong> {formatNumber(queryResultData.metadata.slots_used)} </strong>
+          </span>
+                  )}
           <span className="hidden-xs">Refreshed </span>
           <strong>
             <TimeAgo date={queryResultData.retrievedAt} placeholder="-"/>
diff --git a/client/app/pages/queries/components/QueryExecutionMetadata.less b/client/app/pages/queries/components/QueryExecutionMetadata.less
index c3eacf4812..6988ab6b11 100644
--- a/client/app/pages/queries/components/QueryExecutionMetadata.less
+++ b/client/app/pages/queries/components/QueryExecutionMetadata.less
@@ -1,3 +1,7 @@
+.metadata-info {
+  color: indianred;
+}
+
 .query-execution-metadata {
   padding: 10px 15px;
   background: #fff;
diff --git a/client/app/pages/queries/components/QueryExecutionMetadataAdditionalInfo.jsx b/client/app/pages/queries/components/QueryExecutionMetadataAdditionalInfo.jsx
index 2914097f25..24486929c3 100644
--- a/client/app/pages/queries/components/QueryExecutionMetadataAdditionalInfo.jsx
+++ b/client/app/pages/queries/components/QueryExecutionMetadataAdditionalInfo.jsx
@@ -1,14 +1,6 @@
 import React from "react";
 import PropTypes from "prop-types";
-import WarningTwoTone from "@ant-design/icons/WarningTwoTone";
-import TimeAgo from "@/components/TimeAgo";
-import Tooltip from "@/components/Tooltip";
-import useAddToDashboardDialog from "../hooks/useAddToDashboardDialog";
-import useEmbedDialog from "../hooks/useEmbedDialog";
-import QueryControlDropdown from "@/components/EditVisualizationButton/QueryControlDropdown";
-import EditVisualizationButton from "@/components/EditVisualizationButton";
 import useQueryResultData from "@/lib/useQueryResultData";
-import {durationHumanize, formatNumber, pluralize, prettySize} from "@/lib/utils";
 
 import "./QueryExecutionMetadataAdditionalInfo.less";
 
@@ -27,8 +19,8 @@ export default function QueryExecutionMetadataAdditionalInfo({
       {extraActions}
       <span className="m-l-5 m-r-10">
         {queryResultData.metadata.policy_tag_columns && (
-          <span className="m-l-5" >
-            <strong>Policy tagged columns used:  </strong>
+          <span className="policy_text m-l-5">
+            <strong>WARNING:  </strong>
             {queryResultData.metadata.policy_tag_columns}
           </span>
         )}
diff --git a/client/app/pages/queries/components/QueryExecutionMetadataAdditionalInfo.less b/client/app/pages/queries/components/QueryExecutionMetadataAdditionalInfo.less
index c3eacf4812..e7caac3b33 100644
--- a/client/app/pages/queries/components/QueryExecutionMetadataAdditionalInfo.less
+++ b/client/app/pages/queries/components/QueryExecutionMetadataAdditionalInfo.less
@@ -1,6 +1,10 @@
+.policy_text{
+  color: #0c7cd5;
+}
+
 .query-execution-metadata {
   padding: 10px 15px;
-  background: #fff;
+  background: #0a6ebd;
   display: flex;
   align-items: center;
 
diff --git a/redash/handlers/dashboards.py b/redash/handlers/dashboards.py
index b86fb5e30d..05b1f805c5 100644
--- a/redash/handlers/dashboards.py
+++ b/redash/handlers/dashboards.py
@@ -1,3 +1,4 @@
+
 from flask import request, url_for
 from funcy import project, partial
 
diff --git a/redash/handlers/query_results.py b/redash/handlers/query_results.py
index d8f5514d36..00d8432abf 100644
--- a/redash/handlers/query_results.py
+++ b/redash/handlers/query_results.py
@@ -1,4 +1,5 @@
 import logging
+import os
 import time
 
 import unicodedata
@@ -41,6 +42,8 @@
 )
 from redash.utils.permission_denied_exception import PermissionDeniedException
 
+IS_PRIVACY_CHECK_ENABLED = os.getenv("REDASH_PRIVACY_CHECK", False)
+
 
 def error_response(message, http_status=400):
     return {"job": {"status": 4, "error": message}}, http_status
@@ -324,16 +327,18 @@ def post(self, query_id):
                 return error_messages["no_permission"]
 
     def check_for_policy_tag_permissions(self, query_hash: str):
-        query_policy_tags: List[str] = get_object_or_404(models.QueryIdPolicyTagMapping.get_by_query_id,
-                                                         query_hash
-                                                         )
-        if query_policy_tags:
-            access: List[str] = UserGroupMemberList.get_by_policy_name(policy_names=list(query_policy_tags),
-                                                                       user_email=self.current_user.email)
-            if len(access) != len(query_policy_tags):
-                missing_access_policy_tags = set(query_policy_tags) - set(access)
-                abort(400,
-                      message=f"User {self.current_user.email} does not have permission to query {missing_access_policy_tags}")
+        if IS_PRIVACY_CHECK_ENABLED:
+            query_policy_tags: List[str] = get_object_or_404(models.QueryIdPolicyTagMapping.get_by_query_id,
+                                                             query_hash
+                                                             )
+            if query_policy_tags:
+                access: List[str] = UserGroupMemberList.get_by_policy_name(policy_names=list(query_policy_tags),
+                                                                           user_email=self.current_user.email)
+                if len(access) != len(query_policy_tags):
+                    missing_access_policy_tags = set(query_policy_tags) - set(access)
+                    abort(400,
+                          message=f"User {self.current_user.email} does not have permission to query {missing_access_policy_tags}."
+                                  f"Execute the query again or check - https://dunzoit.atlassian.net/l/cp/otZqfuL2")
 
     @require_any_of_permission(("view_query", "execute_query"))
     def get(self, query_id=None, query_result_id=None, filetype="json"):
diff --git a/redash/models/__init__.py b/redash/models/__init__.py
index 7fc8238376..f84a9f317c 100644
--- a/redash/models/__init__.py
+++ b/redash/models/__init__.py
@@ -1190,7 +1190,7 @@ def all(cls, org, group_ids, user_id):
                 DataSourceGroup, Query.data_source_id == DataSourceGroup.data_source_id
             )
             .filter(
-                Dashboard.is_archived is False,
+                Dashboard.is_archived == False,
                 (
                     DataSourceGroup.group_id.in_(group_ids)
                     | (Dashboard.user_id == user_id)
@@ -1200,7 +1200,7 @@ def all(cls, org, group_ids, user_id):
         )
 
         query = query.filter(
-            or_(Dashboard.user_id == user_id, Dashboard.is_draft is False)
+            or_(Dashboard.user_id == user_id, Dashboard.is_draft == False)
         )
 
         return query
diff --git a/redash/query_runner/big_query.py b/redash/query_runner/big_query.py
index feaa9847b2..112835f077 100644
--- a/redash/query_runner/big_query.py
+++ b/redash/query_runner/big_query.py
@@ -22,6 +22,7 @@
 from redash.utils.permission_denied_exception import PermissionDeniedException
 
 BIGQUERY_PARSER_URL = os.getenv("REDASH_BIGQUERY_PARSER_URL", False)
+IS_PRIVACY_CHECK_ENABLED = os.getenv("REDASH_PRIVACY_CHECK", False)
 
 logger = logging.getLogger(__name__)
 
@@ -85,7 +86,6 @@ def _get_query_results(jobs, project_id, location, job_id, start_index):
     query_reply = jobs.getQueryResults(
         projectId=project_id, location=location, jobId=job_id, startIndex=start_index
     ).execute()
-    logging.debug("query_reply %s", query_reply)
     if not query_reply["jobComplete"]:
         time.sleep(5)
         return _get_query_results(jobs, project_id, location, job_id, start_index)
@@ -100,7 +100,6 @@ def _get_total_bytes_processed_for_resp(bq_response):
 
 
 def _get_total_slots_for_resp(bq_response):
-    logger.debug(bq_response)
     if "endTime" in bq_response:
         return int(bq_response.get("totalSlotMs")) / (int(bq_response.get("finalExecutionDurationMs")))
     else:
@@ -215,7 +214,6 @@ def _get_job_data(self, query):
         if "jobTimeoutMillis" in self.configuration:
             job_data["configuration"]["jobTimeoutMs"] = self.configuration["jobTimeoutMillis"]
 
-        job_data["configuration"]["query"]["useQueryCache"] = False
         job_data["configuration"]["query"]["priority"] = "BATCH"
         return job_data
 
@@ -238,7 +236,7 @@ def _get_columns_used_in_query(self, query_plan):
                 results[table_name].add(str(column.split(":")[-1]))
         return results
 
-    @cached(cache=TTLCache(maxsize=3000, ttl=600))
+    @cached(cache=TTLCache(maxsize=3000, ttl=3600))
     def _get_policy_tags(self) -> Dict[str, List[Tuple[str, str]]]:
         all_policy_tag_mappings: List[TableColumnPolicyTagMapping] = TableColumnPolicyTagMapping.get_all()
         grouped_map = defaultdict(list)
@@ -268,9 +266,10 @@ def get_headers(self):
             "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.1 Safari/605.1.15"
         }
         auth = self.get_cloud_function_token(BIGQUERY_PARSER_URL)
-        return {**common , **auth}
+        return {**common, **auth}
 
     def _get_query_result(self, jobs, query, user):
+        policy_tag_columns = ""
         if BIGQUERY_PARSER_URL:
             query_metadata_from_parser = requests.post(BIGQUERY_PARSER_URL, headers=self.get_headers(), json=[query])
             if query_metadata_from_parser.status_code == 200 and query_metadata_from_parser.json()["success"]:
@@ -280,8 +279,9 @@ def _get_query_result(self, jobs, query, user):
                     for table in success["tableMetadataList"]:
                         for column in table["columnMetadataList"]:
                             table_column_mapping[table["tableName"]].add(column["column"])
-                self.check_for_pii_access(table_column_mapping, query, user)
+                policy_tag_columns = self.check_for_pii_access(table_column_mapping, query, user)
 
+        logger.debug(policy_tag_columns)
         project_id = self._get_project_id()
         job_data = self._get_job_data(query)
         insert_response = jobs.insert(projectId=project_id, body=job_data).execute()
@@ -299,9 +299,12 @@ def _get_query_result(self, jobs, query, user):
 
         job_stats = jobs.get(
             **{"projectId": project_id, "jobId": self.current_job_id, "location": self._get_location()}).execute()
+
         table_column_map: Dict[str, Set[str]] = self._get_columns_used_in_query(
-            job_stats["statistics"]["query"]["queryPlan"])
-        policy_tag_columns = self.check_for_pii_access(table_column_map, query, user)
+            job_stats["statistics"]["query"].get("queryPlan", {}))
+        if not policy_tag_columns:
+            policy_tag_columns = self.check_for_pii_access(table_column_map, query, user)
+            logger.debug(policy_tag_columns)
 
         rows = []
 
@@ -334,7 +337,6 @@ def _get_query_result(self, jobs, query, user):
         ]
 
         current_job_statistics = job_stats["statistics"]
-        logger.debug(current_job_statistics)
 
         data = {
             "columns": columns,
@@ -349,7 +351,8 @@ def _get_query_result(self, jobs, query, user):
     def check_for_pii_access(self, table_column_map, query, user):
         get_policy_tag_mapping: Dict[str, Tuple[str, str]] = self._get_policy_tags()
         policy_tags_accessed = self.get_policy_tags_in_query(get_policy_tag_mapping, table_column_map)
-        self._update_query_policy_tags(policy_tags_accessed, query)
+        if IS_PRIVACY_CHECK_ENABLED:
+            self._update_query_policy_tags(policy_tags_accessed, query)
         policy_tag_columns: str = self._check_for_policy_tags_in_query(policy_tags_accessed, user)
         return policy_tag_columns
 
@@ -363,12 +366,14 @@ def _check_for_policy_tags_in_query(self, policy_tags_accessed, user):
             missing_access_policy_tags = set(policy_tags_accessed.keys()) - access
             filtered_results: dict = {k: v for k, v in policy_tags_accessed.items() if
                                       k in missing_access_policy_tags}
-            f = [f"Policy tag- {k}, Columns accessed- {v}" for k, v in filtered_results.items()]
-            if len(access) != len(policy_tags_accessed):
+            f = [f"Policy tag- {k}, Sensitive columns accessed- {v}" for k, v in filtered_results.items()]
+            if IS_PRIVACY_CHECK_ENABLED and len(access) != len(policy_tags_accessed):
                 raise PermissionDeniedException(
-                    "User does not have permission to query columns. \n{} ".format('\n'.join(f)))
+                    "User does not have permission to query columns. \n{}. Please read - https://dunzoit.atlassian.net/l/cp/otZqfuL2".format(
+                        '\n'.join(f)))
             else:
-                return '\n'.join([f"Policy tag- {k}, Columns accessed- {v}" for k, v in policy_tags_accessed.items()])
+                return ' |\n'.join(
+                    [f"Policy tag- {k}, Sensitive columns accessed- {v}" for k, v in policy_tags_accessed.items()])
 
     def _update_query_policy_tags(self, policy_tags_accessed, query):
         query_hash = self.gen_query_hash(query)
@@ -417,9 +422,7 @@ def get_schema(self, get_stats=False):
             dataset_id = dataset["datasetReference"]["datasetId"]
             query = query_base.format(schema_project_id=schema_project_id, dataset_id=dataset_id)
             queries.append(query)
-        logger.debug(datasets)
         query = '\nUNION ALL\n'.join(queries)
-        logger.debug(queries)
         results, error = self.run_query(query, None)
         if error is not None:
             self._handle_run_query_error(error)