Validate accessibility of members referenced in calculated member formulas

[jjustaments]

Mondrian patch:

diff --git a/mondrian/src/main/java/mondrian/olap/fun/SetFunDef.java b/mondrian/src/main/java/mondrian/olap/fun/SetFunDef.java
index 6e72c0d49..ae396988a 100644
--- a/mondrian/src/main/java/mondrian/olap/fun/SetFunDef.java
+++ b/mondrian/src/main/java/mondrian/olap/fun/SetFunDef.java
@@ -164,7 +164,9 @@ public class SetFunDef extends FunDefBase {
                     public void evaluateVoid(Evaluator evaluator) {
                         // Don't add null or partially null tuple to result.
                         Member member = memberCalc.evaluateMember(evaluator);
-                        if (member == null || member.isNull()) {
+                        // PATCH: Add member access check.
+                        Role role = evaluator.getSchemaReader().getRole();
+                        if (member == null || member.isNull() || !role.canAccess(member)) {
                             return;
                         }
                         members[0] = member;

[Copilot]

Pull request overview

This PR adds validation to ensure that members referenced in calculated member formulas respect role-based access controls. It applies a patch to the Mondrian OLAP Java library that checks role access when evaluating members in sets, preventing unauthorized member aggregation.

Key changes:

• Adds role access validation in SetFunDef to filter out inaccessible members during evaluation
• Introduces comprehensive test coverage for calculated members with role restrictions
• Tests both .Children aggregation and explicit set aggregation scenarios

[rsim]

As discussed will not implement this as it adds additional overhead for all queries.