MarvinCai commented on code in PR #17411:
URL: https://github.com/apache/pulsar/pull/17411#discussion_r966924574
##########
pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java:
##########
@@ -482,12 +482,12 @@ public CompletableFuture<Boolean>
allowNamespaceOperationAsync(NamespaceName nam
case GET_TOPIC:
case GET_TOPICS:
case GET_BUNDLE:
+ case CREATE_TOPIC:
return
allowConsumeOrProduceOpsAsync(namespaceName, role, authData);
Review Comment:
I see AuthorizationProviderBiscuit is check for namespace operator in
`allowNamespaceOperationAsync`, but I don't see how moving up the `case
CREATE_TOPIC:` in PulsarAuthorizationProvider is able solving the issue you
described?
A client that subscribe to a topic that does not exist will still able to
create the topic cause it has consume permission?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
