[GitHub] [pulsar] codelipenghui commented on a change in pull request #9767: Fix topic ownership is not checked

Mon, 01 Mar 2021 07:36:11 -0800 


codelipenghui commented on a change in pull request #9767:
URL: https://github.com/apache/pulsar/pull/9767#discussion_r584809682



##########
File path: 
pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/PersistentTopicsBase.java
##########
@@ -2774,36 +2753,41 @@ protected void internalGetRetention(AsyncResponse 
asyncResponse, boolean applied
             throw new RestException(Status.PRECONDITION_FAILED,
                     "maxSubscriptionsPerTopic must be 0 or more");
         }
-        preValidation();
 
         TopicPolicies topicPolicies = 
getTopicPolicies(topicName).orElseGet(TopicPolicies::new);
         topicPolicies.setMaxSubscriptionsPerTopic(maxSubscriptionsPerTopic);
         return 
pulsar().getTopicPoliciesService().updateTopicPoliciesAsync(topicName, 
topicPolicies);
     }
 
     protected Optional<DispatchRate> internalGetReplicatorDispatchRate() {
-        preValidation();
         return 
getTopicPolicies(topicName).map(TopicPolicies::getReplicatorDispatchRate);
     }
 
     protected CompletableFuture<Void> 
internalSetReplicatorDispatchRate(DispatchRate dispatchRate) {
-        preValidation();
         TopicPolicies topicPolicies = 
getTopicPolicies(topicName).orElseGet(TopicPolicies::new);
         topicPolicies.setReplicatorDispatchRate(dispatchRate);
         return 
pulsar().getTopicPoliciesService().updateTopicPoliciesAsync(topicName, 
topicPolicies);
     }
 
-    private void preValidation() {
-        validateAdminAccessForTenant(namespaceName.getTenant());
-        validatePoliciesReadOnlyAccess();
+    protected void validateOwnership() {
         if (topicName.isGlobal()) {
             validateGlobalNamespaceOwnership(namespaceName);
         }
+        validateTopicOwnership(topicName, false);
+    }
+
+    protected void preValidateRead() {
+        validateOwnership();
         checkTopicLevelPolicyEnable();
     }
 
+    protected void preValidateWrite() {
+        validatePoliciesReadOnlyAccess();

Review comment:
       Seems we don't need to check this one? I noticed the policies read only 
check is to check if the broker allowed to do read-write operations based on 
the existence of a node in configuration metadata-store, but for the topic 
level policy, we are writing the policy data into a system topic.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to