Merge pull request #2575 from atlanhq/nikhilcontrolv2

Fix tag based evaluation for Create

repository/src/main/java/org/apache/atlas/discovery/AtlasAuthorization.java

@@ -322,18 +322,23 @@ private static boolean validateResourcesForCreateEntity(List<RangerPolicy> resou
 
                     //for tag based policy
                     if ("tag".equals(resource)) {
-                        if (entity.getClassifications() != null && !entity.getClassifications().isEmpty()) {
-                            List<String> assetTags = entity.getClassifications().stream().map(x -> x.getTypeName()).collect(Collectors.toList());
+                        if (entity.getClassifications() == null || entity.getClassifications().isEmpty()) {
+                            //since entity does not have tags at all, it should not pass this evaluation
+                            resourcesMatched = false;
+                            break;
+                        }
 
-                            for (String assetTag : assetTags) {
-                                Optional<String> match = values.stream().filter(x -> assetTag.matches(x.replace("*", ".*"))).findFirst();
+                        List<String> assetTags = entity.getClassifications().stream().map(x -> x.getTypeName()).collect(Collectors.toList());
 
-                                if (!match.isPresent()) {
-                                    resourcesMatched = false;
-                                    break;
-                                }
+                        for (String assetTag : assetTags) {
+                            Optional<String> match = values.stream().filter(x -> assetTag.matches(x.replace("*", ".*"))).findFirst();
+
+                            if (!match.isPresent()) {
+                                resourcesMatched = false;
+                                break;
                             }
                         }
+
                     }
                 }