jerryshao commented on code in PR #7077:
URL: https://github.com/apache/gravitino/pull/7077#discussion_r2065957425
##########
server-common/src/main/java/org/apache/gravitino/server/authorization/expression/AuthorizationExpressionEvaluator.java:
##########
@@ -17,29 +17,62 @@
package org.apache.gravitino.server.authorization.expression;
+import java.security.Principal;
import java.util.Map;
+import ognl.Ognl;
+import ognl.OgnlContext;
+import ognl.OgnlException;
import org.apache.gravitino.MetadataObject;
+import org.apache.gravitino.MetadataObjects;
+import org.apache.gravitino.NameIdentifier;
import org.apache.gravitino.server.authorization.GravitinoAuthorizer;
+import org.apache.gravitino.server.authorization.GravitinoAuthorizerProvider;
+import org.apache.gravitino.utils.PrincipalUtils;
-/** Evaluate the runtime result of the AuthorizationExpression.. */
+/** Evaluate the runtime result of the AuthorizationExpression. */
public class AuthorizationExpressionEvaluator {
+ private final String ognlAuthorizationExpression;
+
/**
- * Use {@link AuthorizationConverter} to convert the authorization
expression into an OGNL
- * expression, and then call {@link GravitinoAuthorizer} to perform
permission verification.
+ * Use {@link AuthorizationExpressionConverter} to convert the authorization
expression into an
+ * OGNL expression, and then call {@link GravitinoAuthorizer} to perform
permission verification.
*
* @param expression authorization expression
*/
- public AuthorizationExpressionEvaluator(String expression) {}
+ public AuthorizationExpressionEvaluator(String expression) {
+ this.ognlAuthorizationExpression =
+ AuthorizationExpressionConverter.convertToOgnlExpression(expression);
+ }
/**
* Use OGNL expressions to invoke GravitinoAuthorizer for authorizing
multiple types of metadata
* IDs.
*
- * @param metadataIds key-metadata type, value-metadata id
+ * @param metadataNames key-metadata type, value-metadata NameIdentifier
* @return authorization result
*/
- public boolean evaluate(Map<MetadataObject.Type, Long> metadataIds) {
- throw new UnsupportedOperationException();
+ public boolean evaluate(Map<MetadataObject.Type, NameIdentifier>
metadataNames) {
+ Principal currentPrincipal = PrincipalUtils.getCurrentPrincipal();
+ GravitinoAuthorizer gravitinoAuthorizer =
+ GravitinoAuthorizerProvider.getInstance().getGravitinoAuthorizer();
+ OgnlContext ognlContext = Ognl.createDefaultContext(null);
+ ognlContext.put("principal", currentPrincipal);
+ ognlContext.put("authorizer", gravitinoAuthorizer);
+ metadataNames.forEach(
+ (metadataType, metadataName) -> {
+ MetadataObjects.MetadataObjectImpl metadataObject =
+ new MetadataObjects.MetadataObjectImpl(
+ metadataName.namespace().toString(), metadataName.name(),
metadataType);
Review Comment:
Please use `MetadataObjects.of`.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
