SED-4536 granular-access-control-for-resource-types

[david-stephan]

No description provided.

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a new method for authorization checks, checkRightInContextIfDefined, to the core authorization interface. This change enables a more flexible access control model where undefined rights are automatically granted, laying the foundation for granular access control for resource types.

Highlights

• New Authorization Method: Introduced the checkRightInContextIfDefined method in the AuthorizationManager interface, along with Javadoc, to allow for conditional right checking where undefined rights are automatically granted.
• Default Authorization Implementation: Implemented the new checkRightInContextIfDefined method in NoAuthorizationManager, ensuring that all rights are granted by default when no specific authorization is configured.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a new method checkRightInContextIfDefined to the AuthorizationManager interface and provides a default implementation in NoAuthorizationManager. The goal is to allow for more granular access control where rights can be checked only if they are defined in the system. The changes are straightforward. I've made a couple of suggestions to improve the Javadoc for clarity and correctness.

[gemini-code-assist]

There's a typo in the Javadoc. 'give' should be 'given'.

Suggested change

	* Check if the give right is granted for the provided context (Session)
	* Check if the given right is granted for the provided context (Session)

[gemini-code-assist]

The Javadoc could be more precise and use a {@link} reference for better navigation and clarity. This also makes it clearer which method is being delegated to.

Suggested change

	* Check if the right is defined in the system. If it isn't the right is automatically granted, otherwise it falls back to the checkRightInContext
	* Checks if the right is defined in the system. If not, the right is automatically granted. Otherwise, it delegates to {@link #checkRightInContext(S, String)}.