Technoboy- commented on code in PR #20478:
URL: https://github.com/apache/pulsar/pull/20478#discussion_r1216005682
##########
pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/PersistentTopicsBase.java:
##########
@@ -319,59 +319,25 @@ protected void internalGrantPermissionsOnTopic(final
AsyncResponse asyncResponse
});
}
- private CompletableFuture<Void> revokePermissionsAsync(String topicUri,
String role, boolean force) {
- return
namespaceResources().getPoliciesAsync(namespaceName).thenCompose(
- policiesOptional -> {
- Policies policies = policiesOptional.orElseThrow(() ->
- new RestException(Status.NOT_FOUND, "Namespace
does not exist"));
- if
(!policies.auth_policies.getTopicAuthentication().containsKey(topicUri)
- ||
!policies.auth_policies.getTopicAuthentication().get(topicUri).containsKey(role))
{
- log.warn("[{}] Failed to revoke permission from role
{} on topic: Not set at topic level {}",
- clientAppId(), role, topicUri);
- if (force) {
- return CompletableFuture.completedFuture(null);
- } else {
- return FutureUtil.failedFuture(new
RestException(Status.PRECONDITION_FAILED,
- "Permissions are not set at the topic
level"));
- }
- }
Review Comment:
yes, it' nothing to do with `force` argument.
We need to call `AuthorizationService ` to revoke all the permissions.
Before #20456, we revoke the permissions by modification the namespace policies
directly.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
