From d15558b7662e22035906b2066d546fc43c3d0940 Mon Sep 17 00:00:00 2001
From: Sriharsha Chintalapani <harsha@getcollate.io>
Date: Sat, 19 Oct 2024 14:56:43 -0700
Subject: [PATCH] Add Tag/Classification Roles

---
 .../service/jdbi3/ClassificationRepository.java |  2 ++
 .../service/jdbi3/EntityRepository.java         |  1 +
 .../service/jdbi3/TagRepository.java            |  2 +-
 .../service/resources/tags/TagLabelUtil.java    | 17 +++++++++++++++++
 4 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/ClassificationRepository.java b/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/ClassificationRepository.java
index 025c59e5fafd..601d2a9d0f69 100644
--- a/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/ClassificationRepository.java
+++ b/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/ClassificationRepository.java
@@ -22,6 +22,7 @@
 import java.util.List;
 import java.util.Objects;
 import java.util.UUID;
+
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.tuple.ImmutablePair;
 import org.jdbi.v3.sqlobject.transaction.Transaction;
@@ -99,6 +100,7 @@ public void storeRelationships(Classification entity) {
     assignRoles(entity, entity.getRoles());
   }
 
+
   private int getTermCount(Classification classification) {
     ListFilter filter =
         new ListFilter(Include.NON_DELETED)
diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EntityRepository.java b/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EntityRepository.java
index 40af7b9eeed4..e31adbb6ab65 100644
--- a/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EntityRepository.java
+++ b/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EntityRepository.java
@@ -2322,6 +2322,7 @@ protected void validateTags(T entity) {
     entity.setTags(addDerivedTags(entity.getTags()));
     checkMutuallyExclusive(entity.getTags());
     checkDisabledTags(entity.getTags());
+    checkTagsPermissions(entity.getTags(), entity.getUpdatedBy());
   }
 
   protected void validateTags(List<TagLabel> labels) {
diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/TagRepository.java b/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/TagRepository.java
index 62d40177035d..d85d1aa1534a 100644
--- a/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/TagRepository.java
+++ b/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/TagRepository.java
@@ -71,7 +71,7 @@ public void setInheritedFields(Tag tag, Fields fields) {
     if (parent.getDisabled() != null && parent.getDisabled()) {
       tag.setDisabled(true);
     }
-    tag.setInheritedRoles(classification.getRoles());
+     tag.setInheritedRoles(parent.getRoles());
   }
 
   @Override
diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/resources/tags/TagLabelUtil.java b/openmetadata-service/src/main/java/org/openmetadata/service/resources/tags/TagLabelUtil.java
index 3183229995e6..cf2cb628cbfc 100644
--- a/openmetadata-service/src/main/java/org/openmetadata/service/resources/tags/TagLabelUtil.java
+++ b/openmetadata-service/src/main/java/org/openmetadata/service/resources/tags/TagLabelUtil.java
@@ -31,10 +31,13 @@
 import org.openmetadata.schema.entity.classification.Tag;
 import org.openmetadata.schema.entity.data.Glossary;
 import org.openmetadata.schema.entity.data.GlossaryTerm;
+import org.openmetadata.schema.type.EntityReference;
 import org.openmetadata.schema.type.TagLabel;
 import org.openmetadata.schema.type.TagLabel.TagSource;
 import org.openmetadata.service.Entity;
 import org.openmetadata.service.exception.CatalogExceptionMessage;
+import org.openmetadata.service.security.AuthorizationException;
+import org.openmetadata.service.security.policyevaluator.SubjectContext;
 import org.openmetadata.service.util.EntityUtil;
 import org.openmetadata.service.util.FullyQualifiedName;
 
@@ -155,6 +158,20 @@ public static void checkDisabledTags(List<TagLabel> tagLabels) {
     }
   }
 
+  public static void checkTagsPermissions(List<TagLabel> tagLabels, String user) {
+    if (tagLabels == null || tagLabels.isEmpty()) {
+      return;
+    }
+    List<TagLabel> classificationTags = tagLabels.stream()
+        .filter(tagLabel -> tagLabel.getSource() != TagSource.GLOSSARY)
+        .toList();
+    if (classificationTags.isEmpty()) {
+      return; // No classification tags to check
+    }
+    SubjectContext subjectContext = SubjectContext.getSubjectContext(user);
+
+  }
+
   public static void checkMutuallyExclusiveForParentAndSubField(
       String assetFqn,
       String assetFqnHash,