jerryshao commented on code in PR #9384:
URL: https://github.com/apache/gravitino/pull/9384#discussion_r2602184525
##########
core/src/main/java/org/apache/gravitino/authorization/AuthorizationUtils.java:
##########
@@ -224,12 +224,53 @@ public static boolean
needApplyAuthorizationPluginAllCatalogs(SecurableObject se
public static void checkDuplicatedNamePrivilege(Collection<Privilege>
privileges) {
Set<Privilege.Name> privilegeNameSet = Sets.newHashSet();
for (Privilege privilege : privileges) {
- if (privilegeNameSet.contains(privilege.name())) {
+ Privilege.Name replacePrivilegeName =
replaceLegacyPrivilegeName(privilege.name());
+ if (privilegeNameSet.contains(replacePrivilegeName)) {
throw new IllegalPrivilegeException(
"Doesn't support duplicated privilege name %s with different
condition",
privilege.name());
}
- privilegeNameSet.add(privilege.name());
+ privilegeNameSet.add(replacePrivilegeName);
+ }
+ }
+
+ @SuppressWarnings("deprecation")
+ public static Privilege.Name replaceLegacyPrivilegeName(Privilege.Name
privilegeName) {
+ if (privilegeName == Privilege.Name.CREATE_MODEL) {
+ return Privilege.Name.REGISTER_MODEL;
+ } else if (privilegeName == Privilege.Name.CREATE_MODEL_VERSION) {
+ return Privilege.Name.LINK_MODEL_VERSION;
+ } else {
+ return privilegeName;
+ }
+ }
+
+ public static Privilege replaceLegacyPrivilege(
+ Privilege.Name privilege, Privilege.Condition condition) {
+ Privilege.Name replacedPrivilegeName =
replaceLegacyPrivilegeName(privilege);
+ if (condition == Privilege.Condition.ALLOW) {
+ return Privileges.allow(replacedPrivilegeName);
+ } else {
+ return Privileges.deny(replacedPrivilegeName);
+ }
+ }
+
+ @SuppressWarnings("deprecation")
+ public static Privilege getLegacyPrivilege(
+ Privilege.Name privilegeName, Privilege.Condition condition) {
+ Privilege.Name legacyPrivilegeName;
+ if (privilegeName == Privilege.Name.REGISTER_MODEL) {
+ legacyPrivilegeName = Privilege.Name.CREATE_MODEL;
+ } else if (privilegeName == Privilege.Name.LINK_MODEL_VERSION) {
+ legacyPrivilegeName = Privilege.Name.CREATE_MODEL_VERSION;
+ } else {
+ throw new UnsupportedOperationException(
+ "The privilege " + privilegeName + " is not a legacy privilege");
+ }
+ if (condition == Privilege.Condition.ALLOW) {
+ return Privileges.allow(legacyPrivilegeName);
+ } else {
+ return Privileges.deny(legacyPrivilegeName);
Review Comment:
I would suggest you maintain a deprecated privilege to the new privilege
map, and use that map to do the check and conversion. Otherwise, you have to
maintain lots of if...else code if we add more deprecated privileges.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
