wenbingshen commented on code in PR #21683:
URL: https://github.com/apache/pulsar/pull/21683#discussion_r1436285610
##########
pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java:
##########
@@ -115,7 +115,11 @@ public CompletableFuture<Boolean>
canConsumeAsync(TopicName topicName, String ro
// list is empty)
Set<String> roles = policies.get().auth_policies
.getSubscriptionAuthentication().get(subscription);
- if (roles != null && !roles.isEmpty() &&
!roles.contains(role)) {
+ Map<String, Set<AuthAction>> namespaceRolesAuth =
+
policies.get().auth_policies.getNamespaceAuthentication();
+ if (!(namespaceRolesAuth != null &&
namespaceRolesAuth.containsKey(role)
+ &&
namespaceRolesAuth.get(role).contains(AuthAction.consume))
Review Comment:
> Should be `!namespaceRolesAuth.get(role).contains(AuthAction.consume)` ?
we should check the response for function: `namespaceRolesAuth.get(role)`,
maybe the response is null.
the check maybe the follow:
```java
if (!(namespaceRolesAuth.containsKey(role)
&&
namespaceRolesAuth.get(role).contains(AuthAction.consume))
&& roles != null && !roles.isEmpty() &&
!roles.contains(role)) {
log.warn("[{}] is not authorized to
subscribe on {}-{}", role, topicName, subscription);
return
CompletableFuture.completedFuture(false);
}
```
> And I also find there is no `return` at line 139. We should add `return
CompletableFuture.completedFuture(true)`
at line 139, we are not need to add return, because after check
subscriptions authorized, we need continue to check the authorization for the
topic resource at the line 145 for `checkAuthorization`.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
