snazy commented on code in PR #3228:
URL: https://github.com/apache/polaris/pull/3228#discussion_r2597103660
##########
polaris-core/src/main/java/org/apache/polaris/core/auth/PolarisAuthorizer.java:
##########
@@ -28,6 +28,12 @@
/** Interface for invoking authorization checks. */
public interface PolarisAuthorizer {
+ boolean requiresPrincipalRoles();
+
+ boolean requiresCatalogRoles();
+
+ boolean requiresResolvedEntities();
Review Comment:
I think the whole interface could need some more docs. It took me quite a
long time to understand that e.g. `Set<PolarisBaseEntity> activatedEntities` is
a set of principal and catalog roles. Historically, that parameter was
`Set<Long> activatedGranteeIds`.
Can you clarify what docs you'd like to see? Mean, "requiresXyz" pretty much
tells what the implementation expects/needs in the calls to `authorizeOrThrow`.
I suspected that it's clear now, at least for the custom downstream
implementations, that `activatedEntities` is
Honestly, I think this interface should be entirely replaced to untangle the
hard coupling with Polaris internal roles and Polaris internal RBAC.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
