laurentgo commented on code in PR #2048:
URL: https://github.com/apache/polaris/pull/2048#discussion_r2222757767
##########
service/common/src/main/java/org/apache/polaris/service/catalog/policy/PolicyCatalog.java:
##########
@@ -525,16 +535,17 @@ private static Policy constructPolicy(PolicyEntity
policyEntity) {
.build();
}
- private static ApplicablePolicy constructApplicablePolicy(
- PolicyEntity policyEntity, boolean inherited) {
+ private ApplicablePolicy constructApplicablePolicy(PolicyEntity
policyEntity, boolean inherited) {
Namespace parentNamespace = policyEntity.getParentNamespace();
return ApplicablePolicy.builder()
.setPolicyType(policyEntity.getPolicyType().getName())
.setInheritable(policyEntity.getPolicyType().isInheritable())
.setName(policyEntity.getName())
.setDescription(policyEntity.getDescription())
- .setContent(policyEntity.getContent())
+ .setContent(
Review Comment:
it seems a good conversation starter, thanks for proposing it. I don't know
if it is best to try and extend APIs (which are very generic whereas FGAC only
apply to a couple of permission) or have an extra separate method that you
combine with a previous check (so 2 calls to the authorizer)
For `AccessControlPolicyContent`, would it be like this?
```
public record AccessControlProcessingInstruction(String type, String
expression);
public record RowFilter(AccessControlProcessingInstruction filter);
public record ColumnTransformation(int id, String name,
AccessControlProcessingInstruction transformation);
public record AccessControlPolicyContent(String rowFilter,
List<ColumnTransformation> columnTransformations);
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
