jerryshao commented on code in PR #7425:
URL: https://github.com/apache/gravitino/pull/7425#discussion_r2153694774
##########
server-common/src/main/java/org/apache/gravitino/server/authorization/jcasbin/JcasbinAuthorizer.java:
##########
@@ -165,12 +171,30 @@ private void loadPrivilege(String metalake, String
username, Long userId) {
loadPolicyByRoleId(roleId);
loadedRoles.add(roleId);
}
- // TODO load owner relationship
+ loadOwner(userId);
} catch (Exception e) {
LOG.error(e.getMessage(), e);
}
}
+ private void loadOwner(Long userId) {
+ List<OwnerRelPO> ownerRels =
OwnerMetaService.getInstance().listOwnerByUserId(userId);
+ for (OwnerRelPO ownerRel : ownerRels) {
+ enforcer.addPolicy(
+ String.valueOf(userId),
+ ownerRel.getMetadataObjectType(),
+ String.valueOf(ownerRel.getMetadataObjectId()),
+ AuthConstants.OWNER,
+ "allow");
+ }
+ }
Review Comment:
Bypassing the entity store or other abstract layer to call the relational
meta service is not a good idea, which breaks the decouple principles, if we
make any changes in the storage layer in future, it will directly affect here.
If you have any other codes also bypass the the abstract layer, I would
suggest you seriously rethink how to change the code.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
