From cb2464a7dac6e6dd8e3d2de3da39075686825f1b Mon Sep 17 00:00:00 2001 From: Calvin Kirs Date: Tue, 12 Nov 2024 11:33:43 +0800 Subject: [PATCH] [feat](authorization)Centralizing Common Authorization Operations in a Common Interface ### Optimize Column-Level Permission Checks Using Table-Level Permissions: Since having column-level permissions does not imply table-level permissions, but having table-level permissions does imply permissions on all columns within the table, we can streamline column permission checks. When checking column-level permissions, we can first check if the user has table-level permissions. If table-level permissions are granted, column-level checks become unnecessary. Only if table-level permissions are absent do we proceed with specific column-level permission checks. ### Global Permissions Shortcut: Global-level permissions typically grant full access across all operations. Therefore, to optimize permission checks, we can add an early check for global permissions. If the user has global permissions, they are authorized, and further permission checks at the database, table, or column levels are unnecessary, allowing us to return immediately. --- .../doris/datasource/iceberg/IcebergMetadataOps.java | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/fe/fe-core/src/main/java/org/apache/doris/datasource/iceberg/IcebergMetadataOps.java b/fe/fe-core/src/main/java/org/apache/doris/datasource/iceberg/IcebergMetadataOps.java index c1fbaee7fee7f8..87aaca90b95dff 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/datasource/iceberg/IcebergMetadataOps.java +++ b/fe/fe-core/src/main/java/org/apache/doris/datasource/iceberg/IcebergMetadataOps.java @@ -87,16 +87,12 @@ public boolean databaseExist(String dbName) { public List listDatabaseNames() { try { - preExecutionAuthenticator.execute(() -> { - return nsCatalog.listNamespaces().stream() - .map(Namespace::toString) - .collect(Collectors.toList()); - - }); + return preExecutionAuthenticator.execute(() -> nsCatalog.listNamespaces().stream() + .map(Namespace::toString) + .collect(Collectors.toList())); } catch (Exception e) { throw new RuntimeException("Failed to list database names, error message is: " + e.getMessage()); } - return new ArrayList<>(); }