JingsongLi commented on code in PR #8179:
URL: https://github.com/apache/paimon/pull/8179#discussion_r3519568865


##########
paimon-core/src/main/java/org/apache/paimon/rest/RESTCatalog.java:
##########
@@ -910,6 +914,143 @@ public PagedList<Function> listFunctionDetailsPaged(
         }
     }
 
+    @Override
+    public List<String> listResources(String databaseName) throws 
DatabaseNotExistException {
+        try {
+            return api.listResources(databaseName);
+        } catch (NoSuchResourceException e) {
+            throw new DatabaseNotExistException(databaseName);
+        } catch (ForbiddenException e) {
+            throw new DatabaseNoPermissionException(databaseName, e);
+        }
+    }
+
+    @Override
+    public Resource getResource(Identifier identifier) throws 
ResourceNotExistException {
+        try {
+            GetResourceResponse response = api.getResource(identifier);
+            return toResource(identifier, response);
+        } catch (NoSuchResourceException e) {
+            throw new ResourceNotExistException(identifier, e);
+        } catch (ForbiddenException e) {
+            throw new TableNoPermissionException(identifier, e);
+        }
+    }
+
+    @Override
+    public void createResource(Identifier identifier, Resource resource, 
boolean ignoreIfExists)
+            throws ResourceAlreadyExistException, DatabaseNotExistException {
+        RESTFunctionValidator.checkFunctionName(identifier.getObjectName());
+        try {
+            api.createResource(
+                    identifier,
+                    resource.comment().orElse(null),
+                    resource.uri(),
+                    resource.resourceType());
+        } catch (NoSuchResourceException e) {

Review Comment:
   This should also translate `ForbiddenException` to 
`DatabaseNoPermissionException`, and the same gap exists in `dropResource` 
(plus the Python mirror). The resource endpoints are database-scoped: when the 
REST server denies the database it returns 403 before reaching the resource 
handler. `listResources`/paged resource APIs already wrap that as 
`DatabaseNoPermissionException`, but create/drop currently leak the raw REST 
`ForbiddenException` to `Catalog` callers, so denied resource operations behave 
differently from the rest of the catalog API. Please catch `ForbiddenException` 
here and in `dropResource` and wrap it with the database name.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to