jerqi commented on code in PR #9268:
URL: https://github.com/apache/gravitino/pull/9268#discussion_r2563623003
##########
server/src/main/java/org/apache/gravitino/server/web/filter/GravitinoInterceptionService.java:
##########
@@ -125,18 +126,51 @@ private static class
MetadataAuthorizationMethodInterceptor implements MethodInt
*/
@Override
public Object invoke(MethodInvocation methodInvocation) throws Throwable {
+ Method method = methodInvocation.getMethod();
+ Parameter[] parameters = method.getParameters();
+ AuthorizationExpression expressionAnnotation =
+ method.getAnnotation(AuthorizationExpression.class);
+
+ // Check current user exists in metalake before authorization
+ if (expressionAnnotation != null) {
+ Object[] args = methodInvocation.getArguments();
+ Map<Entity.EntityType, NameIdentifier> metadataContext =
+ extractNameIdentifierFromParameters(parameters, args);
+
+ // Check if current user exists in the metalake.
+ NameIdentifier metalakeIdent =
metadataContext.get(Entity.EntityType.METALAKE);
+
+ if (metalakeIdent != null) {
+ String currentUser = PrincipalUtils.getCurrentUserName();
+ try {
+ AuthorizationUtils.checkCurrentUser(metalakeIdent.name(),
currentUser);
+ } catch (org.apache.gravitino.exceptions.ForbiddenException ex) {
Review Comment:
We must use `org.apache.gravitino.exceptions` here? Could we use the simple
name?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
