bharos commented on code in PR #10918:
URL: https://github.com/apache/gravitino/pull/10918#discussion_r3315734919


##########
iceberg/iceberg-rest-server/src/test/java/org/apache/gravitino/iceberg/integration/test/IcebergTableAuthorizationIT.java:
##########
@@ -158,6 +158,15 @@ void testLoadTable() {
         ForbiddenException.class, () -> sql("DESC TABLE %s_not_exist", 
tableName));
   }
 
+  @Test
+  void testSelectTableAsTableOwnerWithUseCatalogAndUseSchema() {
+    String tableName = "test_select_table_owner_with_use";

Review Comment:
   The integration test testSelectTableAsTableOwnerWithUseCatalogAndUseSchema 
tests the happy path (table owner CAN select). But the actual bug was about the 
view probe returning 403 instead of 404. There's no test that verifies:
   
   Table owner calls loadView(tableName) → gets 404 (not 403)
   View owner calls loadTable(viewName) → gets 404 (not 403)
   The unit tests for LoadViewAuthzHandler only test metadata-table-like names, 
not the two-tier auth flow. The authorizeLoadEntity method — the core of the 
fix — has no direct unit test.
   
   
   
   Should we address this ?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to