[GitHub] [pulsar] nodece commented on a diff in pull request #20068: [fix][broker] Fix tenant admin authorization bug.

Mon, 17 Apr 2023 02:23:43 -0700 


nodece commented on code in PR #20068:
URL: https://github.com/apache/pulsar/pull/20068#discussion_r1168410160


##########
pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationService.java:
##########
@@ -186,7 +186,7 @@ public CompletableFuture<Boolean> canProduceAsync(TopicName 
topicName, String ro
             if (isSuperUser) {
                 return CompletableFuture.completedFuture(true);
             } else {
-                return provider.canProduceAsync(topicName, role, 
authenticationData);
+                return provider.allowTopicOperationAsync(topicName, role, 
TopicOperation.PRODUCE, authenticationData);

Review Comment:
   Please remove the superuser check, because the 
`provider.allowTopicOperationAsync` includes that.



##########
pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationService.java:
##########
@@ -211,7 +211,7 @@ public CompletableFuture<Boolean> canConsumeAsync(TopicName 
topicName, String ro
             if (isSuperUser) {
                 return CompletableFuture.completedFuture(true);
             } else {
-                return provider.canConsumeAsync(topicName, role, 
authenticationData, subscription);
+                return provider.allowTopicOperationAsync(topicName, role, 
TopicOperation.CONSUME, authenticationData);

Review Comment:
   1. Please remove the superuser check, because the 
`provider.allowTopicOperationAsync` includes that.
   2. Please pass the `subscription` by the `new 
AuthenticationDataSubscription(authenticationData, subscription)`
   
   
   



##########
pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationService.java:
##########
@@ -293,7 +293,7 @@ public CompletableFuture<Boolean> canLookupAsync(TopicName 
topicName, String rol
             if (isSuperUser) {
                 return CompletableFuture.completedFuture(true);
             } else {
-                return provider.canLookupAsync(topicName, role, 
authenticationData);
+                return provider.allowTopicOperationAsync(topicName, role, 
TopicOperation.LOOKUP, authenticationData);

Review Comment:
   Please remove the superuser check, because the 
`provider.allowTopicOperationAsync` includes that.
   



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to