You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2022/06/07 05:28:47 UTC

[GitHub] [pulsar] codelipenghui commented on a diff in pull request #15956: [modify][admin] Change the permissions of the schema API from Admin to normal produce/consume

codelipenghui commented on code in PR #15956:
URL: https://github.com/apache/pulsar/pull/15956#discussion_r890778406


##########
pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/SchemasResourceBase.java:
##########
@@ -97,7 +98,7 @@ public void getSchema(boolean authoritative, AsyncResponse response) {
     }
 
     public CompletableFuture<SchemaAndMetadata> getSchemaAsync(boolean authoritative) {
-        return validateDestinationAndAdminOperationAsync(authoritative)
+        return validateOwnershipAndOperationAsync(authoritative, TopicOperation.CONSUME)

Review Comment:
   For both PRODUCE and CONSUME, it can get schema, not only the consumer.



##########
pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/SchemasResourceBase.java:
##########
@@ -163,7 +164,7 @@ public void deleteSchema(boolean authoritative, AsyncResponse response, boolean
     }
 
     public CompletableFuture<SchemaVersion> deleteSchemaAsync(boolean authoritative, boolean force) {
-        return validateDestinationAndAdminOperationAsync(authoritative)
+        return validateOwnershipAndOperationAsync(authoritative, TopicOperation.PRODUCE)

Review Comment:
   Can we only change the get method in this PR? If we allow the PRODUCE can upload and delete schema, which will skip the schema auto-upload configuration of the broker.
   
   Before we introduce update schema, and delete schema operation, we can keep them only available for tenant admin.



##########
pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/AdminResource.java:
##########
@@ -749,9 +747,7 @@ private CompletableFuture<Void> provisionPartitionedTopicPath(AsyncResponse asyn
     }
 
     protected CompletableFuture<SchemaCompatibilityStrategy> getSchemaCompatibilityStrategyAsync() {
-        return validateTopicPolicyOperationAsync(topicName,
-                PolicyName.SCHEMA_COMPATIBILITY_STRATEGY,
-                PolicyOperation.READ)

Review Comment:
   Why we should change here? Users can their own `AuthorizationProvider` which can support `SCHEMA_COMPATIBILITY_STRATEGY` operation, we should fix the `PulsarAuthorizationProvider`?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org