public void grantNewlyCreatedCatalog()

in core/src/main/java/org/apache/gravitino/authorization/FutureGrantManager.java [58:147]

• 79 lines of code
• 13 McCabe index (conditional complexity)

  public void grantNewlyCreatedCatalog(String metalake, BaseCatalog catalog) {
    try {
      MetadataObject metalakeObject =
          MetadataObjects.of(null, metalake, MetadataObject.Type.METALAKE);
      Optional<Owner> ownerOptional = ownerManager.getOwner(metalake, metalakeObject);
      ownerOptional.ifPresent(
          owner -> {
            AuthorizationPlugin authorizationPlugin = catalog.getAuthorizationPlugin();
            if (authorizationPlugin != null) {
              authorizationPlugin.onOwnerSet(metalakeObject, null, owner);
            }
          });

      Map<UserEntity, Set<RoleEntity>> userGrantRoles = Maps.newHashMap();
      Map<GroupEntity, Set<RoleEntity>> groupGrantRoles = Maps.newHashMap();
      List<RoleEntity> roles =
          entityStore.relationOperations()
              .listEntitiesByRelation(
                  SupportsRelationOperations.Type.METADATA_OBJECT_ROLE_REL,
                  NameIdentifier.of(metalake),
                  Entity.EntityType.METALAKE)
              .stream()
              .map(entity -> (RoleEntity) entity)
              .collect(Collectors.toList());

      for (RoleEntity role : roles) {

        boolean supportsFutureGrant = false;
        for (SecurableObject object : role.securableObjects()) {
          if (AuthorizationUtils.needApplyAuthorizationPluginAllCatalogs(object)) {
            supportsFutureGrant = true;
            break;
          }
        }

        if (!supportsFutureGrant) {
          continue;
        }

        List<UserEntity> users =
            entityStore.relationOperations()
                .listEntitiesByRelation(
                    SupportsRelationOperations.Type.ROLE_USER_REL,
                    role.nameIdentifier(),
                    Entity.EntityType.ROLE)
                .stream()
                .map(entity -> (UserEntity) entity)
                .collect(Collectors.toList());

        for (UserEntity user : users) {
          Set<RoleEntity> roleSet = userGrantRoles.computeIfAbsent(user, k -> Sets.newHashSet());
          roleSet.add(role);
        }

        List<GroupEntity> groups =
            entityStore.relationOperations()
                .listEntitiesByRelation(
                    SupportsRelationOperations.Type.ROLE_GROUP_REL,
                    role.nameIdentifier(),
                    Entity.EntityType.ROLE)
                .stream()
                .map(entity -> (GroupEntity) entity)
                .collect(Collectors.toList());

        for (GroupEntity group : groups) {
          Set<RoleEntity> roleSet = groupGrantRoles.computeIfAbsent(group, k -> Sets.newHashSet());
          roleSet.add(role);
        }
      }

      for (Map.Entry<UserEntity, Set<RoleEntity>> entry : userGrantRoles.entrySet()) {
        AuthorizationPlugin authorizationPlugin = catalog.getAuthorizationPlugin();
        if (authorizationPlugin != null) {
          authorizationPlugin.onGrantedRolesToUser(
              Lists.newArrayList(entry.getValue()), entry.getKey());
        }
      }

      for (Map.Entry<GroupEntity, Set<RoleEntity>> entry : groupGrantRoles.entrySet()) {
        AuthorizationPlugin authorizationPlugin = catalog.getAuthorizationPlugin();

        if (authorizationPlugin != null) {
          authorizationPlugin.onGrantedRolesToGroup(
              Lists.newArrayList(entry.getValue()), entry.getKey());
        }
      }
    } catch (IOException e) {
      throw new RuntimeException(e);
    }
  }