fixed more refactoring comments

Author: fivetran-arunsuri

polaris-core/src/main/java/org/apache/polaris/core/auth/PolarisAuthorizer.java

@@ -44,4 +44,6 @@ void authorizeOrThrow(
       @Nonnull PolarisAuthorizableOperation authzOp,
       @Nullable List<PolarisResolvedPathWrapper> targets,
       @Nullable List<PolarisResolvedPathWrapper> secondaries);
+
+  void authorizeOrThrow(@Nonnull AuthenticatedPolarisPrincipal authenticatedPrincipal);
 }

polaris-core/src/main/java/org/apache/polaris/core/auth/PolarisAuthorizerImpl.java

@@ -18,6 +18,7 @@
  */
 package org.apache.polaris.core.auth;
 
+import static org.apache.polaris.core.entity.PolarisEntityConstants.getRootPrincipalName;
 import static org.apache.polaris.core.entity.PolarisPrivilege.CATALOG_ATTACH_POLICY;
 import static org.apache.polaris.core.entity.PolarisPrivilege.CATALOG_CREATE;
 import static org.apache.polaris.core.entity.PolarisPrivilege.CATALOG_DETACH_POLICY;
@@ -602,6 +603,15 @@ public void authorizeOrThrow(
     }
   }
 
+  @Override
+  public void authorizeOrThrow(@Nonnull AuthenticatedPolarisPrincipal authenticatedPrincipal) {
+    boolean isRoot =
+            getRootPrincipalName().equals(authenticatedPrincipal.getPrincipalEntity().getName());
+    if (!isRoot) {
+      throw new ForbiddenException("Only %s principal can reset credentials", authenticatedPrincipal.getPrincipalEntity().getName());
+    }
+  }
+
   /**
    * Based on the required target/targetParent/secondary/secondaryParent privileges mapped from
    * {@code authzOp}, determines whether the caller's set of activatedGranteeIds is authorized for

runtime/service/src/main/java/org/apache/polaris/service/admin/PolarisAdminService.java

@@ -287,11 +287,7 @@ private void authorizeBasicTopLevelEntityOperationOrThrow(
         resolutionManifest.getResolvedTopLevelEntity(topLevelEntityName, entityType);
 
     if (op.equals(PolarisAuthorizableOperation.RESET_CREDENTIALS)) {
-      boolean isRoot =
-          getRootPrincipalName().equals(authenticatedPrincipal.getPrincipalEntity().getName());
-      if (!isRoot) {
-        throw new ForbiddenException("Only root principal can reset credentials");
-      }
+      authorizer.authorizeOrThrow(authenticatedPrincipal);
       LOGGER
           .atDebug()
           .addKeyValue("principalName", topLevelEntityName)