justinmclean opened a new issue, #10166:
URL: https://github.com/apache/gravitino/issues/10166
### What would you like to be improved?
PermissionOperations.revokeRolesFromUser can throw an unintended
NullPointerException in its catch block. When the RoleRevokeRequest request is
null (for example, due to an empty/invalid request body), the handler calls
request.getRoleNames() while building the error response. This masks the
original failure path and returns an unhelpful internal error.
### How should we improve?
Make catch-block argument construction null-safe before calling
ExceptionHandlers:
- Build role-name string with a null guard, e.g. empty string when request
== null (or when role names are null).
- Reuse that safe value in handleUserPermissionOperationException(...).
- If needed, apply the same pattern to similar endpoints (grant/revoke for
user/group) to avoid equivalent NPEs.
Here's a unit test to help:
```
@Test
public void testRevokeRolesFromUserWithNullRequest() throws Exception {
PermissionOperations operations = new PermissionOperations();
HttpServletRequest request = mock(HttpServletRequest.class);
when(request.getAttribute(any())).thenReturn(null);
FieldUtils.writeField(operations, "httpRequest", request, true);
Response response = operations.revokeRolesFromUser("metalake1", "user1",
null);
Assertions.assertEquals(
Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(),
response.getStatus());
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
