You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@rocketmq.apache.org by du...@apache.org on 2022/03/15 12:12:12 UTC

[rocketmq] branch develop updated: [#3942]If both acl and message trace are enabled and the default topic RMQ_SYS_TRACE_TOPIC is used for message trace, you don't need to add the PUB permission of RMQ_SYS_TRACE_TOPIC topic to the acl config. (#3943)

This is an automated email from the ASF dual-hosted git repository.

duhengforever pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/rocketmq.git


The following commit(s) were added to refs/heads/develop by this push:
     new c1aeca2  [#3942]If both acl and message trace are enabled and the default topic RMQ_SYS_TRACE_TOPIC is used for message trace, you don't need to add the PUB permission of RMQ_SYS_TRACE_TOPIC topic to the acl config. (#3943)
c1aeca2 is described below

commit c1aeca291ea686a2b7f01ffec30132f5a370a2ab
Author: sunxi92 <su...@163.com>
AuthorDate: Tue Mar 15 20:11:51 2022 +0800

    [#3942]If both acl and message trace are enabled and the default topic RMQ_SYS_TRACE_TOPIC is used for message trace, you don't need to add the PUB permission of RMQ_SYS_TRACE_TOPIC topic to the acl config. (#3943)
    
    * If both acl and message trace are enabled and the default topic RMQ_SYS_TRACE_TOPIC is used for message trace, you don't need to add the PUB permission of RMQ_SYS_TRACE_TOPIC topic to the acl config.
    
    * Delete Chinese character in comments.
---
 .../apache/rocketmq/acl/plain/PlainPermissionManager.java   | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionManager.java b/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionManager.java
index 896b6f4..7fb9f0e 100644
--- a/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionManager.java
+++ b/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionManager.java
@@ -46,6 +46,7 @@ import org.apache.rocketmq.common.DataVersion;
 import org.apache.rocketmq.common.MixAll;
 import org.apache.rocketmq.common.PlainAccessConfig;
 import org.apache.rocketmq.common.constant.LoggerName;
+import org.apache.rocketmq.common.topic.TopicValidator;
 import org.apache.rocketmq.logging.InternalLogger;
 import org.apache.rocketmq.logging.InternalLoggerFactory;
 import org.apache.rocketmq.srvutil.AclFileWatchService;
@@ -664,8 +665,18 @@ public class PlainPermissionManager {
         if (!signature.equals(plainAccessResource.getSignature())) {
             throw new AclException(String.format("Check signature failed for accessKey=%s", plainAccessResource.getAccessKey()));
         }
-        // Check perm of each resource
 
+        //Skip the topic RMQ_SYS_TRACE_TOPIC permission check,if the topic RMQ_SYS_TRACE_TOPIC is used for message trace
+        Map<String, Byte> resourcePermMap = plainAccessResource.getResourcePermMap();
+        if (resourcePermMap != null) {
+            Byte permission = resourcePermMap.get(TopicValidator.RMQ_SYS_TRACE_TOPIC);
+            if (permission != null && permission == Permission.PUB) {
+                return;
+            }
+        }
+
+
+        // Check perm of each resource
         checkPerm(plainAccessResource, ownedAccess);
     }