acelyc111 commented on code in PR #1452:
URL:
https://github.com/apache/incubator-pegasus/pull/1452#discussion_r1171043593
##########
src/replica/replica_stub.h:
##########
@@ -270,6 +274,38 @@ class replica_stub : public serverlet<replica_stub>,
public ref_counter
fs_manager *get_fs_manager() { return &_fs_manager; }
+ template <typename TReqType, typename TRespType>
+ bool check_status_and_authz_with_reply(const TReqType &request,
+ ::dsn::rpc_replier<TRespType>
&reply)
+ {
+ if (!_access_controller->is_enable_ranger_acl()) {
+ return true;
+ }
+ const auto &pid = request.pid;
+ replica_ptr rep = get_replica(pid);
+
+ if (!rep) {
+ TRespType resp;
+ resp.error = ERR_OBJECT_NOT_FOUND;
+ reply(resp);
+ return false;
+ }
+ dsn::message_ex *msg = reply.response_message();
+ if (!rep->access_controller_allowed(msg, ranger::access_type::kWrite))
{
Review Comment:
According to the function name, we can't infer it is used for write or read
RPCs, so it's not enough to judge it's write allowed only.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
