jerqi commented on code in PR #6844: URL: https://github.com/apache/gravitino/pull/6844#discussion_r2032283035
########## core/src/main/java/org/apache/gravitino/hook/ModelHookDispatcher.java: ########## @@ -0,0 +1,176 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.gravitino.hook; + +import java.util.Map; +import org.apache.gravitino.Entity; +import org.apache.gravitino.GravitinoEnv; +import org.apache.gravitino.NameIdentifier; +import org.apache.gravitino.Namespace; +import org.apache.gravitino.authorization.AuthorizationUtils; +import org.apache.gravitino.authorization.Owner; +import org.apache.gravitino.authorization.OwnerManager; +import org.apache.gravitino.catalog.ModelDispatcher; +import org.apache.gravitino.exceptions.ModelAlreadyExistsException; +import org.apache.gravitino.exceptions.ModelVersionAliasesAlreadyExistException; +import org.apache.gravitino.exceptions.NoSuchModelException; +import org.apache.gravitino.exceptions.NoSuchModelVersionException; +import org.apache.gravitino.exceptions.NoSuchSchemaException; +import org.apache.gravitino.model.Model; +import org.apache.gravitino.model.ModelChange; +import org.apache.gravitino.model.ModelVersion; +import org.apache.gravitino.utils.NameIdentifierUtil; +import org.apache.gravitino.utils.PrincipalUtils; + +/** + * {@code ModelHookDispatcher} is a decorator for {@link ModelDispatcher} that not only delegates + * model operations to the underlying model dispatcher but also executes some hook operations before + * or after the underlying operations. + */ +public class ModelHookDispatcher implements ModelDispatcher { + + private final ModelDispatcher dispatcher; + + public ModelHookDispatcher(ModelDispatcher dispatcher) { + this.dispatcher = dispatcher; + } + + @Override + public NameIdentifier[] listModels(Namespace namespace) throws NoSuchSchemaException { + return dispatcher.listModels(namespace); + } + + @Override + public Model getModel(NameIdentifier ident) throws NoSuchModelException { + return dispatcher.getModel(ident); + } + + @Override + public Model registerModel(NameIdentifier ident, String comment, Map<String, String> properties) + throws NoSuchSchemaException, ModelAlreadyExistsException { + // Check whether the current user exists or not + AuthorizationUtils.checkCurrentUser( + ident.namespace().level(0), PrincipalUtils.getCurrentUserName()); + + Model model = dispatcher.registerModel(ident, comment, properties); + + // Set the creator as owner of the model. + OwnerManager ownerManager = GravitinoEnv.getInstance().ownerManager(); + if (ownerManager != null) { + ownerManager.setOwner( + ident.namespace().level(0), + NameIdentifierUtil.toMetadataObject(ident, Entity.EntityType.MODEL), + PrincipalUtils.getCurrentUserName(), + Owner.Type.USER); + } + return model; + } + + @Override + public boolean deleteModel(NameIdentifier ident) { + return dispatcher.deleteModel(ident); + } + + @Override + public int[] listModelVersions(NameIdentifier ident) throws NoSuchModelException { + return dispatcher.listModelVersions(ident); + } + + @Override + public ModelVersion getModelVersion(NameIdentifier ident, int version) + throws NoSuchModelVersionException { + return dispatcher.getModelVersion(ident, version); + } + + @Override + public ModelVersion getModelVersion(NameIdentifier ident, String alias) + throws NoSuchModelVersionException { + return dispatcher.getModelVersion(ident, alias); + } + + @Override + public void linkModelVersion( + NameIdentifier ident, + String uri, + String[] aliases, + String comment, + Map<String, String> properties) + throws NoSuchModelException, ModelVersionAliasesAlreadyExistException { + dispatcher.linkModelVersion(ident, uri, aliases, comment, properties); + } + + @Override + public boolean deleteModelVersion(NameIdentifier ident, int version) { + return dispatcher.deleteModelVersion(ident, version); + } + + @Override + public boolean deleteModelVersion(NameIdentifier ident, String alias) { + return dispatcher.deleteModelVersion(ident, alias); + } + + @Override + public boolean modelExists(NameIdentifier ident) { + return dispatcher.modelExists(ident); + } + + @Override + public Model registerModel( + NameIdentifier ident, + String uri, + String[] aliases, + String comment, + Map<String, String> properties) + throws NoSuchSchemaException, ModelAlreadyExistsException, + ModelVersionAliasesAlreadyExistException { + // Check whether the current user exists or not + AuthorizationUtils.checkCurrentUser( + ident.namespace().level(0), PrincipalUtils.getCurrentUserName()); + + Model model = dispatcher.registerModel(ident, uri, aliases, comment, properties); + + // Set the creator as owner of the model. + OwnerManager ownerManager = GravitinoEnv.getInstance().ownerManager(); + if (ownerManager != null) { + ownerManager.setOwner( + ident.name(), + NameIdentifierUtil.toMetadataObject(ident, Entity.EntityType.MODEL), + PrincipalUtils.getCurrentUserName(), + Owner.Type.USER); + } + return model; + } + + @Override + public boolean modelVersionExists(NameIdentifier ident, int version) { + return dispatcher.modelVersionExists(ident, version); + } + + @Override + public boolean modelVersionExists(NameIdentifier ident, String alias) { + return dispatcher.modelVersionExists(ident, alias); + } + + @Override + public Model alterModel(NameIdentifier ident, ModelChange... changes) + throws NoSuchModelException, IllegalArgumentException { + return dispatcher.alterModel(ident, changes); + } +} Review Comment: Good question. Actually I hesitate to add similar logic. Because I am not sure whether the model needs the authz plugin. Can authentication of model be finished by Gravitino master. Because the locations under model may be a website. Maybe it doesn't have a common permission model system. If we have S3 locations and website locations at the same time and we have authz plugin, we can push down the privileges of S3 but we can't push down the privileges of website. it maybe weird that we push down partial privileges. Is it better to let users guarantee the access of locations and don't add authz plugin. So I think we don't need to add it now. It would be a better time when we need to implement some authz plugins of the model. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@gravitino.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
