[RBAC] Refactor AuthAdmin RBAC interfaces to eliminate confusion

[komamitsu]

Description

We added RBAC related interfaces to AuthAdmin. We also noticed the current interface names and structures were confusing in terms of the use cases.

Per discussions, this PR updates AuthAdmin's RBAC interfaces as follows:

• Role and RoleDetail
  • Role is not used separately
  • Merge them by flattening Role's fields as Role interface
  • Rename getRoleHierarchies() to getMemberRoles() (see below for detail)
• RoleHierarchy
  • This is used for SHOW ROLES / SHOW ROLES FOR <role_name> (memberRoles column)
  • Redundant since it contains getRoleName() that returns the same name as Role.getName()
  • Rename it to MemberRole (previous option: MemberRoleInfo) which contains getName() (this is the granted member role name) and hasAdminOption()
    • RoleHierarchy.getRoleName() is removed
• UserRoleDetail
  • It inherits RoleDetail, but the name seems to be related to UserRole and is confusing
  • Rename it to RoleForUser since it contains hasAdminOptionOnUser() in addition to Role (previous name is RoleDetail)
• UserRole
  • This is used only for SHOW ROLE USERS FOR <role_name>
  • It contains only the relationship between the user and the role
  • Rename it to GranteeUser (previous option: UserRoleInfo) which contains getName() (this is the grantee username who received a role) and hasAdminOption()
    • UserRole.getRoleName() is removed

Related issues and/or PRs

#3083
https://github.com/scalar-labs/scalardb-sql/pull/895

Changes made

• Update the following interface and class for the refactoring
  • com.scalar.db.api.AuthAdmin
  • com.scalar.db.common.DecoratedDistributedTransactionAdmin

Checklist

The following is a best-effort checklist. If any items in this checklist are not applicable to this PR or are dependent on other, unmerged PRs, please still mark the checkboxes after you have read and understood each item.

• I have commented my code, particularly in hard-to-understand areas.
• I have updated the documentation to reflect the changes.
• I have considered whether similar issues could occur in other products, components, or modules if this PR is for bug fixes.
• Any remaining open issues linked to this PR are documented and up-to-date (Jira, GitHub, etc.).
• Tests (unit, integration, etc.) have been added for the changes.
• My changes generate no new warnings.
• Any dependent changes in other PRs have been merged and published.

Additional notes (optional)

First, I planed to add new interfaces and methods keeping the old ones as-is so that the dependent projects can be successfully compiled. But Role interface conflicts while it's structure is changed. So, I gave up with the plan and replaced the old interfaces and methods with the new ones.

Release notes

N/A

[gemini-code-assist]

Summary of Changes

Hello @komamitsu, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request refactors the Role-Based Access Control (RBAC) interfaces within the AuthAdmin component to enhance clarity and eliminate confusion. The changes involve renaming and consolidating several interfaces and their associated methods to better align with their intended use cases, making the API more intuitive and easier to understand for developers interacting with RBAC functionalities.

Highlights

• Interface Consolidation: The Role and RoleDetail interfaces have been merged, with Role now directly containing the necessary fields, simplifying the representation of roles.
• Method Renaming for Clarity: The getRoleHierarchies() method has been renamed to getMemberRoles() to better reflect its purpose of retrieving roles granted to a specific role.
• Interface Renaming for Precision: The RoleHierarchy interface has been renamed to MemberRole, and UserRoleDetail to RoleForUser, providing more intuitive names that align with their specific use cases.
• User-Role Interface Refinement: The UserRole interface has been renamed to GranteeUser and streamlined to focus on the grantee's name and admin option, removing redundant role name information.
• AuthAdmin API Updates: The AuthAdmin interface methods (getRoles(), getRolesForUser(), getUsersForRole()) have been updated to return the newly named and refactored interfaces, ensuring consistency across the API.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request provides an excellent refactoring of the RBAC interfaces in AuthAdmin, significantly improving their clarity and maintainability. The new interface names like GranteeUser and RoleForUser are much more intuitive, and flattening the Role/RoleDetail hierarchy simplifies the model. The changes are well-explained and consistently applied across the affected files. However, I noticed that the checklist for tests is unchecked, and no test files were modified in this PR. Since this is a breaking change to public interfaces, adding or updating unit tests is crucial to verify the contracts of the new interfaces and prevent future regressions. Please consider adding tests for the AuthAdmin RBAC interfaces.

[komamitsu]

/gemini review

[gemini-code-assist]

Code Review

This pull request refactors the RBAC-related interfaces in AuthAdmin to improve clarity and reduce confusion, which is a welcome improvement. The renamings like RoleHierarchy to MemberRole and UserRole to GranteeUser make the API more intuitive. The changes are consistently applied to DecoratedDistributedTransactionAdmin as well. I've added a few suggestions to further improve the Javadoc clarity. More importantly, I've raised a concern about the lack of unit test updates for DecoratedDistributedTransactionAdmin, especially since this PR introduces breaking changes to a public API. Adding tests would increase confidence in the correctness of these changes.

[Copilot]

Pull Request Overview

This PR refactors the RBAC (Role-Based Access Control) interfaces in AuthAdmin to improve clarity and eliminate confusion in their naming and structure. The refactoring merges Role and RoleDetail, renames several interfaces to better reflect their purpose, and updates method names for better semantic clarity.

Key Changes:

• Merged Role and RoleDetail into a single Role interface with flattened fields
• Renamed interfaces: RoleHierarchy → MemberRole, UserRoleDetail → RoleForUser, UserRole → GranteeUser
• Renamed method: getUsersForRole() → getGranteeUsersForRole() and getRoleHierarchies() → getMemberRoles()

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
core/src/main/java/com/scalar/db/api/AuthAdmin.java	Updates RBAC interface definitions and method signatures to use new naming conventions
core/src/main/java/com/scalar/db/common/DecoratedDistributedTransactionAdmin.java	Updates delegating methods to use new return types and method names

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Torch3333]

LGTM, thank you!

[feeblefakie]

LGTM! Thank you!

[brfrn169]

LGTM! Thank you!