nodece commented on code in PR #18718:
URL: https://github.com/apache/pulsar/pull/18718#discussion_r1039156669
##########
pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java:
##########
@@ -161,6 +162,9 @@ public CompletableFuture<Boolean> canConsumeAsync(TopicName
topicName, String ro
@Override
public CompletableFuture<Boolean> canLookupAsync(TopicName topicName,
String role,
AuthenticationDataSource authenticationData) {
+ if (SystemTopicNames.isTransactionCoordinatorAssign(topicName)) {
+ return CompletableFuture.completedFuture(true);
+ }
Review Comment:
Don't worry. We check the topic name when creating a topic.
> Additionally, it seems odd to me that we would need to grant a role
permission to lookup a topic without the need to produce or consume from that
topic.
We don't have the lookup permission name. Right now we check whether a user
has the consume of produce permission, if so, we allow the user to continue the
next operation.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
