(gravitino) branch main updated: [#9140] fix(autzh): fix fileset authorization expression (#9149)

Mon, 17 Nov 2025 09:27:43 -0800 

This is an automated email from the ASF dual-hosted git repository.

jshao pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/gravitino.git


The following commit(s) were added to refs/heads/main by this push:
     new bcebcda464 [#9140] fix(autzh):  fix fileset authorization expression 
(#9149)
bcebcda464 is described below

commit bcebcda4645bdcf67390626213ffb4cb804c7f63
Author: yangyang zhong <[email protected]>
AuthorDate: Tue Nov 18 01:27:35 2025 +0800

    [#9140] fix(autzh):  fix fileset authorization expression (#9149)
    
    ### What changes were proposed in this pull request?
    
    fix fileset authorization expression
    
    ### Why are the changes needed?
    
    (Please clarify why the changes are needed. For instance,
      1. If you propose a new API, clarify the use case for a new API.
      2. If you fix a bug, describe the bug.)
    
    Fix: #9140
    
    ### Does this PR introduce _any_ user-facing change?
    
    None
    
    ### How was this patch tested?
    
    
    
org.apache.gravitino.server.web.rest.authorization.TestFilesetAuthorizationExpression#testCreateFileset
---
 .../authorization/expression/AuthorizationExpressionConverter.java    | 4 ++--
 .../web/rest/authorization/TestFilesetAuthorizationExpression.java    | 1 +
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git 
a/server-common/src/main/java/org/apache/gravitino/server/authorization/expression/AuthorizationExpressionConverter.java
 
b/server-common/src/main/java/org/apache/gravitino/server/authorization/expression/AuthorizationExpressionConverter.java
index 191e2c1b02..2f8aa045de 100644
--- 
a/server-common/src/main/java/org/apache/gravitino/server/authorization/expression/AuthorizationExpressionConverter.java
+++ 
b/server-common/src/main/java/org/apache/gravitino/server/authorization/expression/AuthorizationExpressionConverter.java
@@ -224,8 +224,8 @@ public class AuthorizationExpressionConverter {
     expression =
         expression.replaceAll(
             "ANY_CREATE_FILESET",
-            "((ANY(CREATE_FILESET, METALAKE, CATALOG, SCHEMA, TABLE)) "
-                + "&& !(ANY(DENY_CREATE_FILESET, METALAKE, CATALOG, SCHEMA, 
TABLE)))");
+            "((ANY(CREATE_FILESET, METALAKE, CATALOG, SCHEMA)) "
+                + "&& !(ANY(DENY_CREATE_FILESET, METALAKE, CATALOG, 
SCHEMA)))");
     expression =
         expression.replaceAll(
             "SCHEMA_OWNER_WITH_USE_CATALOG",
diff --git 
a/server/src/test/java/org/apache/gravitino/server/web/rest/authorization/TestFilesetAuthorizationExpression.java
 
b/server/src/test/java/org/apache/gravitino/server/web/rest/authorization/TestFilesetAuthorizationExpression.java
index 50e466b8c1..6c7383527d 100644
--- 
a/server/src/test/java/org/apache/gravitino/server/web/rest/authorization/TestFilesetAuthorizationExpression.java
+++ 
b/server/src/test/java/org/apache/gravitino/server/web/rest/authorization/TestFilesetAuthorizationExpression.java
@@ -52,6 +52,7 @@ public class TestFilesetAuthorizationExpression {
     
assertFalse(mockEvaluator.getResult(ImmutableSet.of("METALAKE::USE_METALAKE")));
     
assertFalse(mockEvaluator.getResult(ImmutableSet.of("CATALOG::CREATE_CATALOG")));
     
assertFalse(mockEvaluator.getResult(ImmutableSet.of("SCHEMA::CREATE_FILESET")));
+    
assertFalse(mockEvaluator.getResult(ImmutableSet.of("TABLE::CREATE_FILESET")));
     assertFalse(
         mockEvaluator.getResult(ImmutableSet.of("SCHEMA::CREATE_FILESET", 
"CATALOG::USE_CATALOG")));
     assertTrue(

Reply via email to