[#3342] Refactor the role and privilege model

apache · May 15, 2024 · 37bc98d · 37bc98d
1 parent ff6f620
commit 37bc98d
Show file tree

Hide file tree

Showing 35 changed files with 1,522 additions and 560 deletions.
diff --git a/api/src/main/java/com/datastrato/gravitino/authorization/Privilege.java b/api/src/main/java/com/datastrato/gravitino/authorization/Privilege.java
@@ -19,6 +19,12 @@ public interface Privilege {
   /** @return A readable string representation for the privilege. */
   String simpleString();
 
+  /**
+   * @return The effect of the privilege. `ALLOW` means that you are allowed to use the privilege,
+   *     `DENY` means that you are denied to use the privilege
+   */
+  Effect effect();
+
   /** The name of this privilege. */
   enum Name {
     /** The privilege to create a catalog. */
@@ -116,4 +122,16 @@ public long getHighBits() {
       return highBits;
     }
   }
+
+  /**
+   * The effect of this privilege. `ALLOW` means that you are allowed to use the privilege, `DENY`
+   * means that you are denied to use the privilege. If you have `ALLOW` and `DENY` for the same
+   * privilege name of the same securable object, the `DENY` will take effect.
+   */
+  enum Effect {
+    /** Allow to use the privilege */
+    ALLOW,
+    /** Deny to use the privilege */
+    DENY
+  }
 }