[#9583] improvement(authz): loadTable should indicate if it's for writing

[jerqi]

What changes were proposed in this pull request?

loadTable should indicate if it's for writing

Why are the changes needed?

Fix: #9583

Does this PR introduce any user-facing change?

No.

How was this patch tested?

Add new test cases.

[hdygxsj]

After using LoadTableAuthorizationExecutor, do we still need to use the metadata authorization expression here?

[jerqi]

If privileges is null, we will still use the expression. So I think we should keep this expresssion.

[hdygxsj]

Since LoadTableAuthorizationExecutor replaces the authorization expression, we should add explanatory comments to clarify this behavior and prevent users from being confused by apparent inconsistencies between the declared privileges and the actual expressions.

Alternatively, we could make the behavior more transparent by encoding the logic directly into the expression itself—for example:

PRIVILEGE == 'MODIFY_TABLE' && MODIFY_TABLE_AUTHORIZATION_EXPRESSION 
|| PRIVILEGE == null && LOAD_TABLE_AUTHORIZATION_EXPRESSION

[jerqi]

I modified the AuthorizationExpression. Could u take a look again?

[hdygxsj]

I'm a bit unsure—could you please take a look? @FANNG1

[jerqi]

What‘s your concern? What do u need to confirm?

[hdygxsj]

I'm wondering if modifying the annotation structure for this particular scenario might not be a good idea—mainly because it's unclear whether other interfaces will have similar scenarios in the future, which could lead to things getting messy later on.

Changing the input parameter here to AuthorizationExpression might be slightly better.

[jerqi]

This is a proper common ability. We can choose the expression according to the parameters. If we need more parameters, we can add more parameters.

[hdygxsj]

LGTM

[jerqi]

Merged. Thanks.