This is an automated email from the ASF dual-hosted git repository. yuqi1129 pushed a commit to branch optimize_load_table in repository https://gitbox.apache.org/repos/asf/gravitino.git
commit 608886a3d1bbb56e9b92d7aff4af1f7682a1b2b6 Author: yuqi <[email protected]> AuthorDate: Tue Apr 28 14:25:29 2026 +0800 fix --- server-common/src/main/resources/jcasbin_model.conf | 3 +-- .../server/web/filter/authorization/CommonAuthorizerExecutor.java | 2 +- .../gravitino/server/web/filter/TestGravitinoInterceptionService.java | 3 +++ 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/server-common/src/main/resources/jcasbin_model.conf b/server-common/src/main/resources/jcasbin_model.conf index ba17c87b09..8944a4cf7a 100644 --- a/server-common/src/main/resources/jcasbin_model.conf +++ b/server-common/src/main/resources/jcasbin_model.conf @@ -51,5 +51,4 @@ e = some(where (p.eft == allow)) && !some(where (p.eft == deny)) ; "m" represents the matching rules of the model [matchers] -m = g(r.sub, p.sub) && r.metadataId == p.metadataId && r.metadataType == p.metadataType && ( (p.act == "OWNER" && r.act == "OWNER") || r.act == p.act ) - +m = r.metadataId == p.metadataId && r.metadataType == p.metadataType && ( (p.act == "OWNER" && r.act == "OWNER") || r.act == p.act ) && g(r.sub, p.sub) diff --git a/server/src/main/java/org/apache/gravitino/server/web/filter/authorization/CommonAuthorizerExecutor.java b/server/src/main/java/org/apache/gravitino/server/web/filter/authorization/CommonAuthorizerExecutor.java index b03bdeaa58..b6c508110c 100644 --- a/server/src/main/java/org/apache/gravitino/server/web/filter/authorization/CommonAuthorizerExecutor.java +++ b/server/src/main/java/org/apache/gravitino/server/web/filter/authorization/CommonAuthorizerExecutor.java @@ -49,6 +49,6 @@ public class CommonAuthorizerExecutor implements AuthorizationExecutor { AuthorizationRequestContext authorizationRequestContext = new AuthorizationRequestContext(); authorizationRequestContext.setOriginalAuthorizationExpression(expression); return authorizationExpressionEvaluator.evaluate( - metadataContext, pathParams, new AuthorizationRequestContext(), entityType); + metadataContext, pathParams, authorizationRequestContext, entityType); } } diff --git a/server/src/test/java/org/apache/gravitino/server/web/filter/TestGravitinoInterceptionService.java b/server/src/test/java/org/apache/gravitino/server/web/filter/TestGravitinoInterceptionService.java index a96160da84..6a836e5218 100644 --- a/server/src/test/java/org/apache/gravitino/server/web/filter/TestGravitinoInterceptionService.java +++ b/server/src/test/java/org/apache/gravitino/server/web/filter/TestGravitinoInterceptionService.java @@ -282,6 +282,9 @@ public class TestGravitinoInterceptionService { MetadataObject metadataObject, Privilege.Name privilege, AuthorizationRequestContext requestContext) { + assertEquals( + "METALAKE::USE_CATALOG || METALAKE::OWNER", + requestContext.getOriginalAuthorizationExpression()); return "tester".equals(principal.getName()) && "testMetalake".equals(metalake) && metadataObject.type() == MetadataObject.Type.METALAKE
