[#3346] feat(core,server): Supports to list roles operations #4894
Conversation
jerqi
force-pushed
the
ISSUE-3346
branch
3 times, most recently
from
1981826 to
558ebba
Compare
jerqi
force-pushed
the
ISSUE-3346
branch
2 times, most recently
from
944f676 to
3f2ee03
Compare
jerqi
changed the title
jerqi
force-pushed
the
ISSUE-3346
branch
2 times, most recently
from
a6f60dd to
8fa67f4
Compare
jerqi
force-pushed
the
ISSUE-3346
branch
3 times, most recently
from
792e078 to
d1fcbb5
Compare
| * | ||
| * @return The scecurable objects count of the role. | ||
| */ | ||
| default int securableObjectsCount() { |
There was a problem hiding this comment.
I think it would be better rename to count(), what do you think?
There was a problem hiding this comment.
If we add more fields, it may be confusing for users. For example, if we add child role in the role in the future. If I use count, I don't know it's the child role count or objects count.
| this.roleDTO = roleDTO; | ||
| this.securableObjectsSupplier = | ||
| new Supplier<List<SecurableObject>>() { | ||
| private boolean waitToRequest = true; |
| if (waitToRequest) { | ||
| securableObjects = gravitinoMetalake.getRole(roleDTO.name()).securableObjects(); | ||
| waitToRequest = false; | ||
| } |
There was a problem hiding this comment.
Should we add a lock here to avoid concurrency issue here?
There was a problem hiding this comment.
OK. I can add the lock later.
| @JsonProperty("securableObjects") | ||
| private SecurableObjectDTO[] securableObjects; | ||
|
|
||
| @JsonProperty("securableObjectsCount") | ||
| private int securableObjectsCount; |
There was a problem hiding this comment.
Maybe we can also change to count here? Also, what is the serialization result of this field, "0" or "null'?
There was a problem hiding this comment.
Name has similar reason above. This field is 0 if we don't have any objects in the role.
| @Override | ||
| public List<SecurableObject> get() { | ||
| if (waitToRequest) { | ||
| securableObjects = gravitinoMetalake.getRole(roleDTO.name()).securableObjects(); |
There was a problem hiding this comment.
I think you can have a new API to get securable objects, rather than using get role API, you can follow what Tag did.
There was a problem hiding this comment.
I ever thought. But from my view, our role API can already get the objects. It's a little weird to add a new API to fetch partial data.
There was a problem hiding this comment.
It's weird to get a role in a role from client side.
There was a problem hiding this comment.
Problems that can be solved with an enumeration operation type. Get the 4 difficult concepts of SupportsDesiredFieldsHandlers.java, SupportsDesiredFields, skippingFields, and desiredFields.
I don't think it's a good design.
In particular, desiredFields and execute() in SupportsDesiredFields don't have a strong logical relationship
interface SupportsDesiredFields<R> {
/**
* The fields which could be desired.
*
* @return The fields which are desired.
*/
Set<Field> desiredFields();
/**
* The return value of the handler.
*
* @return The return value of the handler.
*/
R execute();
}
core/src/main/java/org/apache/gravitino/authorization/UserGroupManager.java
Outdated
Show resolved
Hide resolved
core/src/main/java/org/apache/gravitino/storage/relational/service/RoleMetaService.java
Outdated
Show resolved
Hide resolved
| @@ -93,6 +95,10 @@ public Map<String, String> properties() { | |||
| */ | |||
| @Override | |||
| public List<SecurableObject> securableObjects() { | |||
| if (securableObjects == null) { | |||
There was a problem hiding this comment.
In which case will it return null here?
There was a problem hiding this comment.
This won't be null. I modified.
| @@ -186,9 +192,6 @@ public S withAudit(AuditDTO audit) { | |||
| public RoleDTO build() { | |||
| Preconditions.checkArgument(StringUtils.isNotBlank(name), "name cannot be null or empty"); | |||
| Preconditions.checkArgument(audit != null, "audit cannot be null"); | |||
| Preconditions.checkArgument( | |||
| securableObjects != null && securableObjects.length != 0, | |||
| "securable objects can't null or empty"); | |||
There was a problem hiding this comment.
Is it still removable, or should be checked?
There was a problem hiding this comment.
Add check this field isn't null. If the securable objects are deleted, the collection may be empty. So I remove the check whether it is empty.
| @@ -64,8 +64,5 @@ public void validate() throws IllegalArgumentException { | |||
| Preconditions.checkArgument( | |||
| StringUtils.isNotBlank(role.name()), "role 'name' must not be null and empty"); | |||
| Preconditions.checkArgument(role.auditInfo() != null, "role 'auditInfo' must not be null"); | |||
| Preconditions.checkArgument( | |||
| role.securableObjects() != null && !role.securableObjects().isEmpty(), | |||
| "role 'securableObjects' can't null or empty"); | |||
There was a problem hiding this comment.
Is it still removable, or should be checked?
There was a problem hiding this comment.
Ditto. Modified, too.
| AuthorizationUtils.checkMetalakeExists(metalake); | ||
| Namespace namespace = AuthorizationUtils.ofRoleNamespace(metalake); | ||
| return store.list(namespace, RoleEntity.class, Entity.EntityType.ROLE, false).stream() | ||
| .map(entity -> (Role) entity) |
There was a problem hiding this comment.
I don't think we need this line.
| String[] listRoleNames(String metalake) { | ||
| return Arrays.stream(listRolesInternal(metalake)).map(Role::name).toArray(String[]::new); | ||
| } | ||
|
|
||
| private Role[] listRolesInternal(String metalake) { |
There was a problem hiding this comment.
We can combine this two methods together, it is not necessary to separate for now.
| try { | ||
| AuthorizationUtils.checkMetalakeExists(metalake); | ||
| Namespace namespace = AuthorizationUtils.ofRoleNamespace(metalake); | ||
| return store.list(namespace, RoleEntity.class, Entity.EntityType.ROLE, false).stream() |
There was a problem hiding this comment.
Seems like for role listing, we don't support allFields, only user interface supports this.
There was a problem hiding this comment.
What I mean that for role, you don't even support this allFields field, so it is meaningless to set false here.
There was a problem hiding this comment.
Removed this parameter.
### What changes were proposed in this pull request? Supports to list roles operations ### Why are the changes needed? Fix: #3346 ### Does this PR introduce _any_ user-facing change? Yes, will add the document later. ### How was this patch tested? Add UTs.
What changes were proposed in this pull request?
Supports to list roles operations
Why are the changes needed?
Fix: #3346
Does this PR introduce any user-facing change?
Yes, will add the document later.
How was this patch tested?
Add UTs.