Closed noel closed 4 months ago
Thanks for creating this issue, @noel! I've done some initial digging and here's what I've found so far:
public
access into a project. This is mostly arbitrary and can be easily updated.ref
a private model from an upstream project, dbt-core will blindly accept the ref and no compilation error will be raised. Interestingly, it looks like dbt core falls back on standard package restrict-access logic for checking if a model ought to be accessible by a consuming project.I believe that there may be some ways to work around this through some clever python patching -- either by wrapping the access code with some custom methods to verify dbt-loom access, or by patching how dependencies are loaded so we can inject dependencies in, too. In any case, the investigation continues.
Is your feature request related to a problem? Please describe. Right now, upstream producer private and protected nodes are not included in the consumer project. When a user tries to access one of these nodes, they are given an error that the node does not exist. It would be a better UX to show an error like