You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2021/04/03 12:36:36 UTC

[GitHub] [pulsar] zymap commented on a change in pull request #7523: [Issue 5720][authz] - add topics authz granularity

zymap commented on a change in pull request #7523:
URL: https://github.com/apache/pulsar/pull/7523#discussion_r606658664



##########
File path: pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java
##########
@@ -542,30 +543,56 @@ private void validatePoliciesReadOnlyAccess() {
                                                                String role,
                                                                TopicOperation operation,
                                                                AuthenticationDataSource authData) {
+        log.debug("Check allowTopicOperationAsync [" + operation.name() + "] on [" + topicName.toString() + "].");
+
         CompletableFuture<Boolean> isAuthorizedFuture;
 
         switch (operation) {
-            case LOOKUP: isAuthorizedFuture = canLookupAsync(topicName, role, authData);
+            case LOOKUP:
+            case GET_STATS:
+            case GET_SUBSCRIPTIONS:

Review comment:
       I checked the get subscriptions API, originally, it uses `validationReadOperationOnTopic` which requires a tenant admin permission or a consume permission. After this change, it will also request produce permission. 




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org