Re: [PR] [#7914] improvement(authz): Optimize the metadata array filtering code [gravitino]

Tue, 05 Aug 2025 17:51:48 -0700 


Copilot commented on code in PR #7941:
URL: https://github.com/apache/gravitino/pull/7941#discussion_r2255616012


##########
server/src/main/java/org/apache/gravitino/server/web/rest/UserOperations.java:
##########
@@ -60,6 +57,9 @@ public class UserOperations {
 
   private static final Logger LOG = 
LoggerFactory.getLogger(UserOperations.class);
 
+  private static final String LOAD_USER_PRIVILEGE =
+      "METALAKE::OWNER || MATALAKE::MANAGE_USERS || USER::SELF";

Review Comment:
   There's a typo in the privilege expression: 'MATALAKE' should be 'METALAKE' 
to be consistent with the first occurrence in the expression.
   ```suggestion
         "METALAKE::OWNER || METALAKE::MANAGE_USERS || USER::SELF";
   ```



##########
server-common/src/main/java/org/apache/gravitino/server/authorization/MetadataFilterHelper.java:
##########
@@ -100,6 +101,39 @@ public static NameIdentifier[] filterByExpression(
         .toArray(NameIdentifier[]::new);
   }
 
+  /**
+   * Call {@link AuthorizationExpressionEvaluator} to filter the metadata list
+   *
+   * @param metalake metalake
+   * @param expression expression
+   * @param entityType entity type
+   * @param entities entities
+   * @param toNameIdentifier convert to NameIdentifier
+   * @return Filtered Metadata Entity
+   * @param <E> Entity class
+   */
+  public static <E> E[] filterByExpression(
+      String metalake,
+      String expression,
+      Entity.EntityType entityType,
+      E[] entities,
+      Function<E, NameIdentifier> toNameIdentifier) {
+    if (!enableAuthorization()) {
+      return entities;
+    }
+    AuthorizationExpressionEvaluator authorizationExpressionEvaluator =
+        new AuthorizationExpressionEvaluator(expression);
+    return Arrays.stream(entities)
+        .filter(
+            entity -> {
+              NameIdentifier nameIdentifier = toNameIdentifier.apply(entity);
+              Map<Entity.EntityType, NameIdentifier> nameIdentifierMap =
+                  spiltMetadataNames(metalake, entityType, nameIdentifier);
+              return 
authorizationExpressionEvaluator.evaluate(nameIdentifierMap);
+            })
+        .toArray(size -> Arrays.copyOf(entities, size));

Review Comment:
   The array creation logic is incorrect. `Arrays.copyOf(entities, size)` 
creates an array with the original elements but of the specified size, which 
may truncate or pad with nulls. Use `(E[]) 
Array.newInstance(entities.getClass().getComponentType(), size)` or a similar 
approach to create a properly typed empty array.
   ```suggestion
           .toArray(size -> (E[]) 
Array.newInstance(entities.getClass().getComponentType(), size));
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to