User grantRolesToUser()

in core/src/main/java/org/apache/gravitino/authorization/PermissionManager.java [68:155]

• 80 lines of code
• 10 McCabe index (conditional complexity)

  User grantRolesToUser(String metalake, List<String> roles, String user) {
    try {
      List<RoleEntity> roleEntitiesToGrant = Lists.newArrayList();
      for (String role : roles) {
        TreeLockUtils.doWithTreeLock(
            AuthorizationUtils.ofRole(metalake, role),
            LockType.READ,
            () -> roleEntitiesToGrant.add(roleManager.getRole(metalake, role)));
      }

      User updatedUser =
          store.update(
              AuthorizationUtils.ofUser(metalake, user),
              UserEntity.class,
              Entity.EntityType.USER,
              userEntity -> {
                List<RoleEntity> roleEntities = Lists.newArrayList();
                if (userEntity.roleNames() != null) {
                  for (String role : userEntity.roleNames()) {
                    roleEntities.add(roleManager.getRole(metalake, role));
                  }
                }
                List<String> roleNames = Lists.newArrayList(toRoleNames(roleEntities));
                List<Long> roleIds = Lists.newArrayList(toRoleIds(roleEntities));

                for (RoleEntity roleEntityToGrant : roleEntitiesToGrant) {
                  if (roleIds.contains(roleEntityToGrant.id())) {
                    LOG.warn(
                        "Failed to grant, role {} already exists in the user {} of metalake {}",
                        roleEntityToGrant.name(),
                        user,
                        metalake);
                  } else {
                    roleNames.add(roleEntityToGrant.name());
                    roleIds.add(roleEntityToGrant.id());
                  }
                }

                AuditInfo auditInfo =
                    AuditInfo.builder()
                        .withCreator(userEntity.auditInfo().creator())
                        .withCreateTime(userEntity.auditInfo().createTime())
                        .withLastModifier(PrincipalUtils.getCurrentPrincipal().getName())
                        .withLastModifiedTime(Instant.now())
                        .build();

                return UserEntity.builder()
                    .withNamespace(userEntity.namespace())
                    .withId(userEntity.id())
                    .withName(userEntity.name())
                    .withRoleNames(roleNames)
                    .withRoleIds(roleIds)
                    .withAuditInfo(auditInfo)
                    .build();
              });

      List<SecurableObject> securableObjects = Lists.newArrayList();

      for (Role grantedRole : roleEntitiesToGrant) {
        securableObjects.addAll(grantedRole.securableObjects());
      }

      AuthorizationUtils.callAuthorizationPluginForSecurableObjects(
          metalake,
          securableObjects,
          (authorizationPlugin, catalogName) ->
              authorizationPlugin.onGrantedRolesToUser(
                  roleEntitiesToGrant.stream()
                      .map(roleEntity -> filterSecurableObjects(roleEntity, metalake, catalogName))
                      .collect(Collectors.toList()),
                  updatedUser));

      return updatedUser;
    } catch (NoSuchEntityException nse) {
      LOG.warn("Failed to grant, user {} does not exist in the metalake {}", user, metalake, nse);
      throw new NoSuchUserException(USER_DOES_NOT_EXIST_MSG, user, metalake);
    } catch (NoSuchRoleException nsr) {
      throw new IllegalRoleException(nsr);
    } catch (IOException ioe) {
      LOG.error(
          "Failed to grant role {} to user {} in the metalake {} due to storage issues",
          StringUtils.join(roles, ","),
          user,
          metalake,
          ioe);
      throw new RuntimeException(ioe);
    }
  }