issue-18099: Edit Lineage Operation not working with isOwner() condit…

…ion (#19070)

openmetadata-service/src/main/java/org/openmetadata/service/resources/lineage/LineageResource.java

@@ -60,6 +60,7 @@
 import org.openmetadata.service.resources.Collection;
 import org.openmetadata.service.security.Authorizer;
 import org.openmetadata.service.security.policyevaluator.OperationContext;
+import org.openmetadata.service.security.policyevaluator.ResourceContext;
 import org.openmetadata.service.security.policyevaluator.ResourceContextInterface;
 import org.openmetadata.service.util.AsyncService;
 import org.openmetadata.service.util.CSVExportMessage;
@@ -349,8 +350,20 @@ public Response addLineage(
       @Valid AddLineage addLineage) {
     authorizer.authorize(
         securityContext,
-        new OperationContext(LINEAGE_FIELD, MetadataOperation.EDIT_LINEAGE),
-        new LineageResourceContext());
+        new OperationContext(
+            addLineage.getEdge().getFromEntity().getType(), MetadataOperation.EDIT_LINEAGE),
+        new ResourceContext<>(
+            addLineage.getEdge().getFromEntity().getType(),
+            addLineage.getEdge().getFromEntity().getId(),
+            addLineage.getEdge().getFromEntity().getName()));
+    authorizer.authorize(
+        securityContext,
+        new OperationContext(
+            addLineage.getEdge().getToEntity().getType(), MetadataOperation.EDIT_LINEAGE),
+        new ResourceContext<>(
+            addLineage.getEdge().getToEntity().getType(),
+            addLineage.getEdge().getToEntity().getId(),
+            addLineage.getEdge().getToEntity().getName()));
     dao.addLineage(addLineage);
     return Response.status(Status.OK).build();
   }
@@ -426,8 +439,12 @@ public Response patchLineageEdge(
           JsonPatch patch) {
     authorizer.authorize(
         securityContext,
-        new OperationContext(LINEAGE_FIELD, MetadataOperation.EDIT_LINEAGE),
-        new LineageResourceContext());
+        new OperationContext(fromEntity, MetadataOperation.EDIT_LINEAGE),
+        new ResourceContext<>(fromEntity, fromId, null));
+    authorizer.authorize(
+        securityContext,
+        new OperationContext(toEntity, MetadataOperation.EDIT_LINEAGE),
+        new ResourceContext<>(toEntity, toId, null));
     return dao.patchLineageEdge(fromEntity, fromId, toEntity, toId, patch);
   }
 
@@ -467,8 +484,12 @@ public Response deleteLineage(
           String toId) {
     authorizer.authorize(
         securityContext,
-        new OperationContext(LINEAGE_FIELD, MetadataOperation.EDIT_LINEAGE),
-        new LineageResourceContext());
+        new OperationContext(fromEntity, MetadataOperation.EDIT_LINEAGE),
+        new ResourceContext<>(fromEntity, UUID.fromString(fromId), null));
+    authorizer.authorize(
+        securityContext,
+        new OperationContext(toEntity, MetadataOperation.EDIT_LINEAGE),
+        new ResourceContext<>(toEntity, UUID.fromString(toId), null));
 
     boolean deleted = dao.deleteLineage(fromEntity, fromId, toEntity, toId);
     if (!deleted) {

openmetadata-service/src/main/java/org/openmetadata/service/security/policyevaluator/RuleEvaluator.java

@@ -142,15 +142,17 @@ public boolean matchAnyTag(String... tagFQNs) {
       return false;
     }
     List<TagLabel> tags = resourceContext.getTags();
-    LOG.debug(
-        "matchAnyTag {} resourceTags {}",
-        Arrays.toString(tagFQNs),
-        Arrays.toString(tags.toArray()));
-    for (String tagFQN : tagFQNs) {
-      TagLabel found =
-          tags.stream().filter(t -> t.getTagFQN().equals(tagFQN)).findAny().orElse(null);
-      if (found != null) {
-        return true;
+    if (!nullOrEmpty(tags)) {
+      LOG.debug(
+          "matchAnyTag {} resourceTags {}",
+          Arrays.toString(tagFQNs),
+          Arrays.toString(tags.toArray()));
+      for (String tagFQN : tagFQNs) {
+        TagLabel found =
+            tags.stream().filter(t -> t.getTagFQN().equals(tagFQN)).findAny().orElse(null);
+        if (found != null) {
+          return true;
+        }
       }
     }
     return false;