From eafa4ab6d8686d55eba7c092e6458d3de21d7f00 Mon Sep 17 00:00:00 2001 From: Mitsunori Komatsu Date: Wed, 12 Nov 2025 11:50:16 +0900 Subject: [PATCH 1/5] Refactor AuthAdmin RBAC interfaces to eliminate confusion --- .../java/com/scalar/db/api/AuthAdmin.java | 44 ++++++++----------- .../DecoratedDistributedTransactionAdmin.java | 8 ++-- 2 files changed, 23 insertions(+), 29 deletions(-) diff --git a/core/src/main/java/com/scalar/db/api/AuthAdmin.java b/core/src/main/java/com/scalar/db/api/AuthAdmin.java index 4cd2b2b29e..100f646711 100644 --- a/core/src/main/java/com/scalar/db/api/AuthAdmin.java +++ b/core/src/main/java/com/scalar/db/api/AuthAdmin.java @@ -198,23 +198,23 @@ default void dropRole(String roleName) throws ExecutionException { } /** - * Retrieves a list of {@link RoleDetail}s. + * Retrieves a list of {@link Role}s. * - * @return a list of {@link RoleDetail}s + * @return a list of {@link Role}s * @throws ExecutionException if the operation fails */ - default List getRoles() throws ExecutionException { + default List getRoles() throws ExecutionException { throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); } /** - * Retrieves a list of {@link UserRoleDetail}s for the given user. + * Retrieves a list of {@link RoleForUser}s for the given user. * * @param username the username - * @return a list of {@link UserRoleDetail}s for the given user + * @return a list of {@link RoleForUser}s for the given user * @throws ExecutionException if the operation fails */ - default List getRolesForUser(String username) throws ExecutionException { + default List getRolesForUser(String username) throws ExecutionException { throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); } @@ -258,13 +258,13 @@ default void revokeAdminOptionFromUser(String username, String roleName) } /** - * Retrieves a list of {@link UserRole}s for the given role. + * Retrieves a list of {@link GranteeUser}s for the given role. * * @param roleName the role name - * @return a list of {@link UserRole}s for the given role + * @return a list of {@link GranteeUser}s for the given role * @throws ExecutionException if the operation fails */ - default List getUsersForRole(String roleName) throws ExecutionException { + default List getGranteeUsersForRole(String roleName) throws ExecutionException { throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); } @@ -406,21 +406,18 @@ interface User { /** Represents a role. */ interface Role { + /** Returns the role name. */ String getName(); - } - /** Represents a role with its hierarchy information. */ - interface RoleDetail { - Role getRole(); - - List getRoleHierarchies(); + /** Returns the member roles granted to the role. */ + List getMemberRoles(); } /** * Represents a role detail for a specific user, including whether the user has admin option for * this role. */ - interface UserRoleDetail extends RoleDetail { + interface RoleForUser extends Role { /** * Returns whether the user has admin option for this role. This is distinct from the admin * option in role hierarchies, which applies to role-to-role grants. @@ -429,21 +426,18 @@ interface UserRoleDetail extends RoleDetail { } /** Represents a user-role assignment. */ - interface UserRole { - String getUsername(); - - String getRoleName(); + interface GranteeUser { + /** Returns the username. */ + String getName(); + /** Returns whether admin option is granted for this assignment. */ boolean hasAdminOption(); } /** Represents a role hierarchy (role-to-role assignment). */ - interface RoleHierarchy { - /** Returns the role name. */ - String getRoleName(); - + interface MemberRole { /** Returns the member role name granted to the role. */ - String getMemberRoleName(); + String getName(); /** Returns whether admin option is granted for this hierarchy. */ boolean hasAdminOption(); diff --git a/core/src/main/java/com/scalar/db/common/DecoratedDistributedTransactionAdmin.java b/core/src/main/java/com/scalar/db/common/DecoratedDistributedTransactionAdmin.java index c3fb55ae55..995b2ac9bf 100644 --- a/core/src/main/java/com/scalar/db/common/DecoratedDistributedTransactionAdmin.java +++ b/core/src/main/java/com/scalar/db/common/DecoratedDistributedTransactionAdmin.java @@ -394,12 +394,12 @@ public void dropRole(String roleName) throws ExecutionException { } @Override - public List getRoles() throws ExecutionException { + public List getRoles() throws ExecutionException { return distributedTransactionAdmin.getRoles(); } @Override - public List getRolesForUser(String username) throws ExecutionException { + public List getRolesForUser(String username) throws ExecutionException { return distributedTransactionAdmin.getRolesForUser(username); } @@ -421,8 +421,8 @@ public void revokeAdminOptionFromUser(String username, String roleName) } @Override - public List getUsersForRole(String roleName) throws ExecutionException { - return distributedTransactionAdmin.getUsersForRole(roleName); + public List getGranteeUsersForRole(String roleName) throws ExecutionException { + return distributedTransactionAdmin.getGranteeUsersForRole(roleName); } @Override From a7d48c6f0b60c75909f7d881885f79924f068484 Mon Sep 17 00:00:00 2001 From: Mitsunori Komatsu Date: Wed, 12 Nov 2025 12:20:02 +0900 Subject: [PATCH 2/5] Update core/src/main/java/com/scalar/db/api/AuthAdmin.java Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- core/src/main/java/com/scalar/db/api/AuthAdmin.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/src/main/java/com/scalar/db/api/AuthAdmin.java b/core/src/main/java/com/scalar/db/api/AuthAdmin.java index 100f646711..3091dc1c93 100644 --- a/core/src/main/java/com/scalar/db/api/AuthAdmin.java +++ b/core/src/main/java/com/scalar/db/api/AuthAdmin.java @@ -414,7 +414,7 @@ interface Role { } /** - * Represents a role detail for a specific user, including whether the user has admin option for + * Represents a role granted to a specific user, including whether the user has admin option for * this role. */ interface RoleForUser extends Role { From a00eeb3ebfc158fb380c2ded96dca8d93caecce7 Mon Sep 17 00:00:00 2001 From: Mitsunori Komatsu Date: Wed, 12 Nov 2025 12:20:22 +0900 Subject: [PATCH 3/5] Update core/src/main/java/com/scalar/db/api/AuthAdmin.java Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- core/src/main/java/com/scalar/db/api/AuthAdmin.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/src/main/java/com/scalar/db/api/AuthAdmin.java b/core/src/main/java/com/scalar/db/api/AuthAdmin.java index 3091dc1c93..7a627fdbc7 100644 --- a/core/src/main/java/com/scalar/db/api/AuthAdmin.java +++ b/core/src/main/java/com/scalar/db/api/AuthAdmin.java @@ -404,7 +404,7 @@ interface User { boolean isSuperuser(); } - /** Represents a role. */ + /** Represents a role, including its granted member roles. */ interface Role { /** Returns the role name. */ String getName(); From e2dd8fd4617b7307304fcfc14f28d01655ecf52f Mon Sep 17 00:00:00 2001 From: Mitsunori Komatsu Date: Wed, 12 Nov 2025 13:33:22 +0900 Subject: [PATCH 4/5] Fix javadoc warning --- .../java/com/scalar/db/api/AuthAdmin.java | 38 ++++++++++++++++--- 1 file changed, 32 insertions(+), 6 deletions(-) diff --git a/core/src/main/java/com/scalar/db/api/AuthAdmin.java b/core/src/main/java/com/scalar/db/api/AuthAdmin.java index 7a627fdbc7..047e891010 100644 --- a/core/src/main/java/com/scalar/db/api/AuthAdmin.java +++ b/core/src/main/java/com/scalar/db/api/AuthAdmin.java @@ -406,10 +406,18 @@ interface User { /** Represents a role, including its granted member roles. */ interface Role { - /** Returns the role name. */ + /** + * Returns the role name. + * + * @return the role name + */ String getName(); - /** Returns the member roles granted to the role. */ + /** + * Returns the member roles granted to the role. + * + * @return the member roles granted to the role + */ List getMemberRoles(); } @@ -421,25 +429,43 @@ interface RoleForUser extends Role { /** * Returns whether the user has admin option for this role. This is distinct from the admin * option in role hierarchies, which applies to role-to-role grants. + * + * @return whether the user has admin option for this role */ boolean hasAdminOptionOnUser(); } /** Represents a user-role assignment. */ interface GranteeUser { - /** Returns the username. */ + /** + * Returns the username. + * + * @return the username + */ String getName(); - /** Returns whether admin option is granted for this assignment. */ + /** + * Returns whether admin option is granted for this assignment. + * + * @return whether admin option is granted for this assignment + */ boolean hasAdminOption(); } /** Represents a role hierarchy (role-to-role assignment). */ interface MemberRole { - /** Returns the member role name granted to the role. */ + /** + * Returns the member role name granted to the role. + * + * @return the member role name granted to the role + */ String getName(); - /** Returns whether admin option is granted for this hierarchy. */ + /** + * Returns whether admin option is granted for this hierarchy. + * + * @return whether admin option is granted for this hierarchy + */ boolean hasAdminOption(); } From b253ffb0eeed5f8ac68d110977cd1a108eda7d5f Mon Sep 17 00:00:00 2001 From: Mitsunori Komatsu Date: Thu, 13 Nov 2025 17:44:00 +0900 Subject: [PATCH 5/5] Updated names --- .../java/com/scalar/db/api/AuthAdmin.java | 40 ++++++++++++------- .../DecoratedDistributedTransactionAdmin.java | 2 +- 2 files changed, 26 insertions(+), 16 deletions(-) diff --git a/core/src/main/java/com/scalar/db/api/AuthAdmin.java b/core/src/main/java/com/scalar/db/api/AuthAdmin.java index 047e891010..d1954d561f 100644 --- a/core/src/main/java/com/scalar/db/api/AuthAdmin.java +++ b/core/src/main/java/com/scalar/db/api/AuthAdmin.java @@ -258,13 +258,13 @@ default void revokeAdminOptionFromUser(String username, String roleName) } /** - * Retrieves a list of {@link GranteeUser}s for the given role. + * Retrieves a list of {@link GranteeUserRef}s for the given role. * * @param roleName the role name - * @return a list of {@link GranteeUser}s for the given role + * @return a list of {@link GranteeUserRef}s for the given role * @throws ExecutionException if the operation fails */ - default List getGranteeUsersForRole(String roleName) throws ExecutionException { + default List getGranteeUsersForRole(String roleName) throws ExecutionException { throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); } @@ -399,12 +399,22 @@ default void revokePrivilegeFromRole( /** Represents a user. */ interface User { + /** + * Returns the username. + * + * @return the username + */ String getName(); + /** + * Returns whether the user is a superuser. + * + * @return whether the user is a superuser + */ boolean isSuperuser(); } - /** Represents a role, including its granted member roles. */ + /** Represents a role, including its granted roles. */ interface Role { /** * Returns the role name. @@ -414,11 +424,11 @@ interface Role { String getName(); /** - * Returns the member roles granted to the role. + * Returns the roles granted to the role. * - * @return the member roles granted to the role + * @return the roles granted to the role */ - List getMemberRoles(); + List getGrantedRoles(); } /** @@ -435,8 +445,8 @@ interface RoleForUser extends Role { boolean hasAdminOptionOnUser(); } - /** Represents a user-role assignment. */ - interface GranteeUser { + /** A reference to a grantee user of a role. */ + interface GranteeUserRef { /** * Returns the username. * @@ -452,19 +462,19 @@ interface GranteeUser { boolean hasAdminOption(); } - /** Represents a role hierarchy (role-to-role assignment). */ - interface MemberRole { + /** A reference to a granted role. */ + interface GrantedRoleRef { /** - * Returns the member role name granted to the role. + * Returns the granted role name. * - * @return the member role name granted to the role + * @return the granted role name */ String getName(); /** - * Returns whether admin option is granted for this hierarchy. + * Returns whether admin option is granted for this role grant. * - * @return whether admin option is granted for this hierarchy + * @return whether admin option is granted for this role grant */ boolean hasAdminOption(); } diff --git a/core/src/main/java/com/scalar/db/common/DecoratedDistributedTransactionAdmin.java b/core/src/main/java/com/scalar/db/common/DecoratedDistributedTransactionAdmin.java index 995b2ac9bf..ee7deeb8c9 100644 --- a/core/src/main/java/com/scalar/db/common/DecoratedDistributedTransactionAdmin.java +++ b/core/src/main/java/com/scalar/db/common/DecoratedDistributedTransactionAdmin.java @@ -421,7 +421,7 @@ public void revokeAdminOptionFromUser(String username, String roleName) } @Override - public List getGranteeUsersForRole(String roleName) throws ExecutionException { + public List getGranteeUsersForRole(String roleName) throws ExecutionException { return distributedTransactionAdmin.getGranteeUsersForRole(roleName); }