ctubbsii commented on issue #108: URL: https://github.com/apache/accumulo-access/issues/108#issuecomment-4043077974
I think having a caller supplied predicate to answer the question "does the user have this authorization?" is very useful. The only logic it replaces is "does this provided set of the user's authorizations contain this authorization?", and while it's possible to write a badly behaved predicate, it is also possible to provide a badly behaved Set implementation. Further, I think having the predicate can help in cases where the user's authorizations are unbounded (such as pattern-based matching) or for performance when the user's authorizations are a large bounded set. I don't think the risks of using a bad predicate are any worse than the risks of providing a bad set. The proper functioning of this library necessarily depends on it being used correctly, and I don't think that's made any worse by the existence of this API, and I think the API is very useful. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
