Re: [PR] auth: Refactor `AuthorizationRequest` Into Explicit Shapes [polaris]

Wed, 27 May 2026 07:13:27 -0700 


sungwy commented on code in PR #4409:
URL: https://github.com/apache/polaris/pull/4409#discussion_r3311350684


##########
polaris-core/src/main/java/org/apache/polaris/core/auth/PolarisAuthorizerImpl.java:
##########
@@ -759,75 +759,92 @@ public void resolveAuthorizationInputs(
   public AuthorizationDecision authorize(
       @NonNull AuthorizationState authzState, @NonNull AuthorizationRequest 
request) {
     PolarisResolutionManifest resolutionManifest = 
authzState.getResolutionManifest();
-    RbacOperationSemantics semantics = 
RbacOperationSemantics.forOperation(request.getOperation());
+    for (AuthorizationIntent intent : request.intents()) {
+      AuthorizationDecision decision =
+          authorizeIntent(authzState, request.principal(), resolutionManifest, 
intent);
+      if (!decision.isAllowed()) {
+        return decision;
+      }
+    }
+    return AuthorizationDecision.allow();
+  }
+
+  private AuthorizationDecision authorizeIntent(
+      AuthorizationState authzState,
+      PolarisPrincipal polarisPrincipal,
+      PolarisResolutionManifest resolutionManifest,
+      AuthorizationIntent intent) {
+    RbacOperationSemantics semantics = 
RbacOperationSemantics.forOperation(intent.getOperation());
     boolean prependRootContainer = semantics.rooting() == 
ResolvedPathRooting.ROOT;
     try {
-      List<PolarisSecurable> targets = request.getTargets();
       List<PolarisResolvedPathWrapper> resolvedTargets;
-      if (targets.isEmpty()) {
+      List<PolarisResolvedPathWrapper> resolvedSecondaries;
+      if (intent instanceof TargetlessAuthorizationIntent) {

Review Comment:
   This is because `polaris-core` compiles with Java 17. The subtype matching 
syntax via switch is supported in Java 21+:
   
   
https://github.com/apache/polaris/blob/43c8d152778ced9b87b6ce78d355a471f63e4dcf/polaris-core/build.gradle.kts#L21
   
   
https://github.com/apache/polaris/blob/43c8d152778ced9b87b6ce78d355a471f63e4dcf/build-logic/src/main/kotlin/polaris-client.gradle.kts#L22-L24



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to