Group grantRolesToGroup()

in core/src/main/java/org/apache/gravitino/authorization/PermissionManager.java [157:244]

• 80 lines of code
• 10 McCabe index (conditional complexity)

  Group grantRolesToGroup(String metalake, List<String> roles, String group) {
    try {
      List<RoleEntity> roleEntitiesToGrant = Lists.newArrayList();
      for (String role : roles) {
        TreeLockUtils.doWithTreeLock(
            AuthorizationUtils.ofRole(metalake, role),
            LockType.READ,
            () -> roleEntitiesToGrant.add(roleManager.getRole(metalake, role)));
      }

      Group updatedGroup =
          store.update(
              AuthorizationUtils.ofGroup(metalake, group),
              GroupEntity.class,
              Entity.EntityType.GROUP,
              groupEntity -> {
                List<RoleEntity> roleEntities = Lists.newArrayList();
                if (groupEntity.roleNames() != null) {
                  for (String role : groupEntity.roleNames()) {
                    roleEntities.add(roleManager.getRole(metalake, role));
                  }
                }
                List<String> roleNames = Lists.newArrayList(toRoleNames(roleEntities));
                List<Long> roleIds = Lists.newArrayList(toRoleIds(roleEntities));

                for (RoleEntity roleEntityToGrant : roleEntitiesToGrant) {
                  if (roleIds.contains(roleEntityToGrant.id())) {
                    LOG.warn(
                        "Failed to grant, role {} already exists in the group {} of metalake {}",
                        roleEntityToGrant.name(),
                        group,
                        metalake);
                  } else {
                    roleNames.add(roleEntityToGrant.name());
                    roleIds.add(roleEntityToGrant.id());
                  }
                }

                AuditInfo auditInfo =
                    AuditInfo.builder()
                        .withCreator(groupEntity.auditInfo().creator())
                        .withCreateTime(groupEntity.auditInfo().createTime())
                        .withLastModifier(PrincipalUtils.getCurrentPrincipal().getName())
                        .withLastModifiedTime(Instant.now())
                        .build();

                return GroupEntity.builder()
                    .withId(groupEntity.id())
                    .withNamespace(groupEntity.namespace())
                    .withName(groupEntity.name())
                    .withRoleNames(roleNames)
                    .withRoleIds(roleIds)
                    .withAuditInfo(auditInfo)
                    .build();
              });

      List<SecurableObject> securableObjects = Lists.newArrayList();

      for (Role grantedRole : roleEntitiesToGrant) {
        securableObjects.addAll(grantedRole.securableObjects());
      }

      AuthorizationUtils.callAuthorizationPluginForSecurableObjects(
          metalake,
          securableObjects,
          (authorizationPlugin, catalogName) ->
              authorizationPlugin.onGrantedRolesToGroup(
                  roleEntitiesToGrant.stream()
                      .map(roleEntity -> filterSecurableObjects(roleEntity, metalake, catalogName))
                      .collect(Collectors.toList()),
                  updatedGroup));

      return updatedGroup;
    } catch (NoSuchEntityException nse) {
      LOG.warn("Failed to grant, group {} does not exist in the metalake {}", group, metalake, nse);
      throw new NoSuchGroupException(GROUP_DOES_NOT_EXIST_MSG, group, metalake);
    } catch (NoSuchRoleException nsr) {
      throw new IllegalRoleException(nsr);
    } catch (IOException ioe) {
      LOG.error(
          "Failed to grant role {} to group {} in the metalake {} due to storage issues",
          StringUtils.join(roles, ","),
          group,
          metalake,
          ioe);
      throw new RuntimeException(ioe);
    }
  }