hdygxsj commented on code in PR #9018:
URL: https://github.com/apache/gravitino/pull/9018#discussion_r2536182415
##########
server/src/main/java/org/apache/gravitino/server/web/rest/MetadataObjectTagOperations.java:
##########
@@ -219,21 +252,48 @@ public Response listTagsForMetadataObject(
@Produces("application/vnd.gravitino.v1+json")
@Timed(name = "associate-object-tags." + MetricNames.HTTP_PROCESS_DURATION,
absolute = true)
@ResponseMetered(name = "associate-object-tags", absolute = true)
+ @AuthorizationExpression(expression = CAN_ACCESS_METADATA)
public Response associateTagsForObject(
- @PathParam("metalake") String metalake,
- @PathParam("type") String type,
- @PathParam("fullName") String fullName,
+ @PathParam("metalake") @AuthorizationMetadata(type =
Entity.EntityType.METALAKE)
+ String metalake,
+ @PathParam("type") @AuthorizationObjectType String type,
+ @PathParam("fullName") @AuthorizationFullName String fullName,
TagsAssociateRequest request) {
LOG.info(
"Received associate tags request for object type: {}, full name: {}
under metalake: {}",
type,
fullName,
metalake);
-
try {
return Utils.doAs(
httpRequest,
() -> {
+ String[] tagsToAdd = request.getTagsToAdd();
+ if (tagsToAdd != null && tagsToAdd.length > 0) {
+ Arrays.stream(tagsToAdd)
+ .forEach(
+ tag -> {
+ boolean result =
+ new AuthorizationExpressionEvaluator(
Review Comment:
Authorization expressions are also used here, but interceptors are not used.
Just like with list operations, it's challenging in interceptors to extract
an array from the request body and perform authorization and filtering on it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
