(gravitino) branch main updated: [#9238] fix(authz): fix list tags for columns error (#9257)

Thu, 27 Nov 2025 01:43:37 -0800 

This is an automated email from the ASF dual-hosted git repository.

roryqi pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/gravitino.git


The following commit(s) were added to refs/heads/main by this push:
     new 8303a04844 [#9238] fix(authz): fix list tags for columns error (#9257)
8303a04844 is described below

commit 8303a04844bdf08d6ea600b7d63d52f23a8a0145
Author: yangyang zhong <[email protected]>
AuthorDate: Thu Nov 27 17:43:25 2025 +0800

    [#9238] fix(authz): fix list tags for columns error (#9257)
    
    ### What changes were proposed in this pull request?
    
    fix list tags for columns error
    
    ### Why are the changes needed?
    
    Fix: #9238
    
    ### Does this PR introduce _any_ user-facing change?
    
    None
    
    ### How was this patch tested?
    
    
org.apache.gravitino.client.integration.test.authorization.TagOperationsAuthorizationIT#testListColumnTag
---
 .../TagOperationsAuthorizationIT.java              | 18 ++++++
 .../apache/gravitino/utils/NameIdentifierUtil.java | 28 ++++++++++
 .../server/authorization/MetadataAuthzHelper.java  | 64 ++--------------------
 3 files changed, 50 insertions(+), 60 deletions(-)

diff --git 
a/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/TagOperationsAuthorizationIT.java
 
b/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/TagOperationsAuthorizationIT.java
index 247adb5a00..74034a130f 100644
--- 
a/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/TagOperationsAuthorizationIT.java
+++ 
b/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/TagOperationsAuthorizationIT.java
@@ -49,6 +49,7 @@ import org.apache.gravitino.rel.types.Types;
 import org.apache.gravitino.tag.SupportsTags;
 import org.apache.gravitino.tag.TagChange;
 import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.MethodOrderer;
 import org.junit.jupiter.api.Order;
@@ -96,6 +97,7 @@ public class TagOperationsAuthorizationIT extends 
BaseRestApiAuthorizationIT {
     // grant tester privilege
     List<SecurableObject> securableObjects = new ArrayList<>();
     GravitinoMetalake gravitinoMetalake = client.loadMetalake(METALAKE);
+
     SecurableObject catalogObject =
         SecurableObjects.ofCatalog(CATALOG, 
ImmutableList.of(Privileges.UseCatalog.allow()));
     securableObjects.add(catalogObject);
@@ -283,6 +285,22 @@ public class TagOperationsAuthorizationIT extends 
BaseRestApiAuthorizationIT {
 
   @Test
   @Order(8)
+  public void testListColumnTag() {
+    GravitinoMetalake gravitinoMetalake = client.loadMetalake(METALAKE);
+    SupportsTags columnSupportTag =
+        gravitinoMetalake
+            .loadCatalog(CATALOG)
+            .asTableCatalog()
+            .loadTable(NameIdentifier.of(SCHEMA, "table1"))
+            .columns()[0]
+            .supportsTags();
+    String[] tags = columnSupportTag.listTags();
+    Arrays.sort(tags);
+    Assertions.assertArrayEquals(new String[] {"tag1", "tag2", "tag3"}, tags);
+  }
+
+  @Test
+  @Order(9)
   public void testDropTag() {
     GravitinoMetalake gravitinoMetalakeLoadByNormalUser = 
normalUserClient.loadMetalake(METALAKE);
     assertThrows(
diff --git 
a/core/src/main/java/org/apache/gravitino/utils/NameIdentifierUtil.java 
b/core/src/main/java/org/apache/gravitino/utils/NameIdentifierUtil.java
index 8979dd254a..9ebd62d6fe 100644
--- a/core/src/main/java/org/apache/gravitino/utils/NameIdentifierUtil.java
+++ b/core/src/main/java/org/apache/gravitino/utils/NameIdentifierUtil.java
@@ -370,6 +370,34 @@ public class NameIdentifierUtil {
     return NameIdentifier.of(allElems.get(0), allElems.get(1), 
allElems.get(2));
   }
 
+  /**
+   * Try to get the table {@link NameIdentifier} from the given {@link 
NameIdentifier}.
+   *
+   * @param ident The {@link NameIdentifier} to check.
+   * @return The table {@link NameIdentifier}
+   * @throws IllegalNameIdentifierException If the given {@link 
NameIdentifier} does not include
+   *     table name
+   */
+  public static NameIdentifier getTableIdentifier(NameIdentifier ident)
+      throws IllegalNameIdentifierException {
+    NameIdentifier.check(
+        ident.name() != null && !ident.name().isEmpty(),
+        "The name variable in the NameIdentifier must have value.");
+    Namespace.check(
+        ident.namespace() != null && !ident.namespace().isEmpty() && 
ident.namespace().length() > 2,
+        "Table namespace must be non-null and at least 2 level, the input 
namespace is %s",
+        ident.namespace());
+
+    List<String> allElems =
+        Stream.concat(Arrays.stream(ident.namespace().levels()), 
Stream.of(ident.name()))
+            .collect(Collectors.toList());
+    if (allElems.size() < 4) {
+      throw new IllegalNameIdentifierException(
+          "Cannot create a table NameIdentifier less than four elements.");
+    }
+    return NameIdentifier.of(allElems.get(0), allElems.get(1), 
allElems.get(2), allElems.get(3));
+  }
+
   /**
    * Check the given {@link NameIdentifier} is a metalake identifier. Throw an 
{@link
    * IllegalNameIdentifierException} if it's not.
diff --git 
a/server-common/src/main/java/org/apache/gravitino/server/authorization/MetadataAuthzHelper.java
 
b/server-common/src/main/java/org/apache/gravitino/server/authorization/MetadataAuthzHelper.java
index f315613698..ebeb2c7200 100644
--- 
a/server-common/src/main/java/org/apache/gravitino/server/authorization/MetadataAuthzHelper.java
+++ 
b/server-common/src/main/java/org/apache/gravitino/server/authorization/MetadataAuthzHelper.java
@@ -257,66 +257,10 @@ public class MetadataAuthzHelper {
       String metalake, Entity.EntityType entityType, NameIdentifier 
nameIdentifier) {
     Map<Entity.EntityType, NameIdentifier> nameIdentifierMap = new HashMap<>();
     nameIdentifierMap.put(Entity.EntityType.METALAKE, 
NameIdentifierUtil.ofMetalake(metalake));
-    switch (entityType) {
-      case CATALOG:
-        nameIdentifierMap.put(Entity.EntityType.CATALOG, nameIdentifier);
-        break;
-      case SCHEMA:
-        nameIdentifierMap.put(Entity.EntityType.SCHEMA, nameIdentifier);
-        nameIdentifierMap.put(
-            Entity.EntityType.CATALOG, 
NameIdentifierUtil.getCatalogIdentifier(nameIdentifier));
-        break;
-      case TABLE:
-        nameIdentifierMap.put(Entity.EntityType.TABLE, nameIdentifier);
-        nameIdentifierMap.put(
-            Entity.EntityType.SCHEMA, 
NameIdentifierUtil.getSchemaIdentifier(nameIdentifier));
-        nameIdentifierMap.put(
-            Entity.EntityType.CATALOG, 
NameIdentifierUtil.getCatalogIdentifier(nameIdentifier));
-        break;
-      case MODEL:
-        nameIdentifierMap.put(Entity.EntityType.MODEL, nameIdentifier);
-        nameIdentifierMap.put(
-            Entity.EntityType.SCHEMA, 
NameIdentifierUtil.getSchemaIdentifier(nameIdentifier));
-        nameIdentifierMap.put(
-            Entity.EntityType.CATALOG, 
NameIdentifierUtil.getCatalogIdentifier(nameIdentifier));
-        break;
-      case MODEL_VERSION:
-        nameIdentifierMap.put(Entity.EntityType.MODEL_VERSION, nameIdentifier);
-        nameIdentifierMap.put(
-            Entity.EntityType.MODEL, 
NameIdentifierUtil.getModelIdentifier(nameIdentifier));
-        nameIdentifierMap.put(
-            Entity.EntityType.SCHEMA, 
NameIdentifierUtil.getSchemaIdentifier(nameIdentifier));
-        nameIdentifierMap.put(
-            Entity.EntityType.CATALOG, 
NameIdentifierUtil.getCatalogIdentifier(nameIdentifier));
-        break;
-      case TOPIC:
-        nameIdentifierMap.put(Entity.EntityType.TOPIC, nameIdentifier);
-        nameIdentifierMap.put(
-            Entity.EntityType.SCHEMA, 
NameIdentifierUtil.getSchemaIdentifier(nameIdentifier));
-        nameIdentifierMap.put(
-            Entity.EntityType.CATALOG, 
NameIdentifierUtil.getCatalogIdentifier(nameIdentifier));
-        break;
-      case FILESET:
-        nameIdentifierMap.put(Entity.EntityType.FILESET, nameIdentifier);
-        nameIdentifierMap.put(
-            Entity.EntityType.SCHEMA, 
NameIdentifierUtil.getSchemaIdentifier(nameIdentifier));
-        nameIdentifierMap.put(
-            Entity.EntityType.CATALOG, 
NameIdentifierUtil.getCatalogIdentifier(nameIdentifier));
-        break;
-      case METALAKE:
-        nameIdentifierMap.put(entityType, nameIdentifier);
-        break;
-      case ROLE:
-        nameIdentifierMap.put(entityType, nameIdentifier);
-        break;
-      case USER:
-        nameIdentifierMap.put(entityType, nameIdentifier);
-        break;
-      case TAG:
-        nameIdentifierMap.put(entityType, nameIdentifier);
-        break;
-      default:
-        throw new IllegalArgumentException("Unsupported entity type: " + 
entityType);
+    while (entityType != Entity.EntityType.METALAKE) {
+      nameIdentifierMap.put(entityType, nameIdentifier);
+      entityType = NameIdentifierUtil.parentEntityType(entityType);
+      nameIdentifier = NameIdentifierUtil.parentNameIdentifier(nameIdentifier, 
entityType);
     }
     return nameIdentifierMap;
   }

Reply via email to