(rocketmq) branch develop updated: [ISSUE #7929] Add some request codes to the permission verification for the admin role (#7930)

[dinglei]

This is an automated email from the ASF dual-hosted git repository.

dinglei pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/rocketmq.git


The following commit(s) were added to refs/heads/develop by this push:
     new e656f91da5 [ISSUE #7929] Add some request codes to the permission 
verification for the admin role (#7930)
e656f91da5 is described below

commit e656f91da5c5376fb30c36fc18048a2b62eb08fc
Author: rongtong <jinrongto...@163.com>
AuthorDate: Mon Mar 18 13:56:24 2024 +0800

    [ISSUE #7929] Add some request codes to the permission verification for the 
admin role (#7930)
    
    * Add some request codes to the permission verification for the admin role
    
    * Fix UT can not pass
---
 .../java/org/apache/rocketmq/acl/common/Permission.java   |  8 ++++++++
 .../org/apache/rocketmq/acl/common/PermissionTest.java    | 15 ++++++++++-----
 2 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/acl/src/main/java/org/apache/rocketmq/acl/common/Permission.java 
b/acl/src/main/java/org/apache/rocketmq/acl/common/Permission.java
index 38649b0832..27fac59d58 100644
--- a/acl/src/main/java/org/apache/rocketmq/acl/common/Permission.java
+++ b/acl/src/main/java/org/apache/rocketmq/acl/common/Permission.java
@@ -43,6 +43,14 @@ public class Permission {
         ADMIN_CODE.add(RequestCode.UPDATE_AND_CREATE_SUBSCRIPTIONGROUP);
         // DELETE_SUBSCRIPTIONGROUP
         ADMIN_CODE.add(RequestCode.DELETE_SUBSCRIPTIONGROUP);
+        // UPDATE_AND_CREATE_STATIC_TOPIC
+        ADMIN_CODE.add(RequestCode.UPDATE_AND_CREATE_STATIC_TOPIC);
+        // UPDATE_AND_CREATE_ACL_CONFIG
+        ADMIN_CODE.add(RequestCode.UPDATE_AND_CREATE_ACL_CONFIG);
+        // DELETE_ACL_CONFIG
+        ADMIN_CODE.add(RequestCode.DELETE_ACL_CONFIG);
+        // GET_BROKER_CLUSTER_ACL_INFO
+        ADMIN_CODE.add(RequestCode.GET_BROKER_CLUSTER_ACL_INFO);
     }
 
     public static boolean checkPermission(byte neededPerm, byte ownedPerm) {
diff --git 
a/acl/src/test/java/org/apache/rocketmq/acl/common/PermissionTest.java 
b/acl/src/test/java/org/apache/rocketmq/acl/common/PermissionTest.java
index 8fd8052c8a..39ddbd3eea 100644
--- a/acl/src/test/java/org/apache/rocketmq/acl/common/PermissionTest.java
+++ b/acl/src/test/java/org/apache/rocketmq/acl/common/PermissionTest.java
@@ -23,6 +23,7 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import org.apache.rocketmq.acl.plain.PlainAccessResource;
+import org.apache.rocketmq.remoting.protocol.RequestCode;
 import org.junit.Assert;
 import org.junit.Test;
 
@@ -141,11 +142,15 @@ public class PermissionTest {
     @Test
     public void checkAdminCodeTest() {
         Set<Integer> code = new HashSet<>();
-        code.add(17);
-        code.add(25);
-        code.add(215);
-        code.add(200);
-        code.add(207);
+        code.add(RequestCode.UPDATE_AND_CREATE_TOPIC);
+        code.add(RequestCode.UPDATE_BROKER_CONFIG);
+        code.add(RequestCode.DELETE_TOPIC_IN_BROKER);
+        code.add(RequestCode.UPDATE_AND_CREATE_SUBSCRIPTIONGROUP);
+        code.add(RequestCode.DELETE_SUBSCRIPTIONGROUP);
+        code.add(RequestCode.UPDATE_AND_CREATE_STATIC_TOPIC);
+        code.add(RequestCode.UPDATE_AND_CREATE_ACL_CONFIG);
+        code.add(RequestCode.DELETE_ACL_CONFIG);
+        code.add(RequestCode.GET_BROKER_CLUSTER_ACL_INFO);
 
         for (int i = 0; i < 400; i++) {
             boolean boo = Permission.needAdminPerm(i);