public List addGrantsToCatalogRole()

in polaris-synchronizer/api/src/main/java/org/apache/polaris/tools/sync/polaris/access/AccessControlService.java [205:253]

• 39 lines of code
• 2 McCabe index (conditional complexity)

  public List<CatalogGrant> addGrantsToCatalogRole(
      String catalogName, String catalogRoleName, boolean withWriteAccess) {
    if (withWriteAccess) {
      // write access only requires CATALOG_MANAGE_METADATA
      CatalogGrant catalogManageMetadata =
          new CatalogGrant()
              .type(GrantResource.TypeEnum.CATALOG)
              .privilege(CATALOG_MANAGE_METADATA);

      polaris.addGrant(catalogName, catalogRoleName, catalogManageMetadata);
      return List.of(catalogManageMetadata);
    } else {
      // read access requires reading properties and listing entities for each entity type
      CatalogGrant catalogReadProperties =
          new CatalogGrant()
              .type(GrantResource.TypeEnum.CATALOG)
              .privilege(CATALOG_READ_PROPERTIES);

      CatalogGrant namespaceReadProperties =
          new CatalogGrant()
              .type(GrantResource.TypeEnum.CATALOG)
              .privilege(NAMESPACE_READ_PROPERTIES);

      CatalogGrant namespaceList =
          new CatalogGrant().type(GrantResource.TypeEnum.CATALOG).privilege(NAMESPACE_LIST);

      CatalogGrant tableReadProperties =
          new CatalogGrant().type(GrantResource.TypeEnum.CATALOG).privilege(TABLE_READ_PROPERTIES);

      CatalogGrant tableList =
          new CatalogGrant().type(GrantResource.TypeEnum.CATALOG).privilege(TABLE_LIST);

      CatalogGrant viewReadProperties =
          new CatalogGrant().type(GrantResource.TypeEnum.CATALOG).privilege(VIEW_READ_PROPERTIES);

      CatalogGrant viewList =
          new CatalogGrant().type(GrantResource.TypeEnum.CATALOG).privilege(VIEW_LIST);

      polaris.addGrant(catalogName, catalogRoleName, catalogReadProperties);
      polaris.addGrant(catalogName, catalogRoleName, namespaceReadProperties);
      polaris.addGrant(catalogName, catalogRoleName, namespaceList);
      polaris.addGrant(catalogName, catalogRoleName, tableReadProperties);
      polaris.addGrant(catalogName, catalogRoleName, tableList);
      polaris.addGrant(catalogName, catalogRoleName, viewReadProperties);
      polaris.addGrant(catalogName, catalogRoleName, viewList);
      return List.of(
          catalogReadProperties, namespaceReadProperties, tableReadProperties, viewReadProperties);
    }
  }