Skip to content

Commit

Permalink
[ISSUE #7929] Add some request codes to the permission verification f…
Browse files Browse the repository at this point in the history 
…or the admin role (#7930)

* Add some request codes to the permission verification for the admin role

* Fix UT can not pass
  • Loading branch information
@RongtongJin
RongtongJin authored Mar 18, 2024
1 parent 9ab37b9 commit e656f91
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 5 deletions.
8 changes: 8 additions & 0 deletions acl/src/main/java/org/apache/rocketmq/acl/common/Permission.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,14 @@ public class Permission {
ADMIN_CODE.add(RequestCode.UPDATE_AND_CREATE_SUBSCRIPTIONGROUP);
// DELETE_SUBSCRIPTIONGROUP
ADMIN_CODE.add(RequestCode.DELETE_SUBSCRIPTIONGROUP);
// UPDATE_AND_CREATE_STATIC_TOPIC
ADMIN_CODE.add(RequestCode.UPDATE_AND_CREATE_STATIC_TOPIC);
// UPDATE_AND_CREATE_ACL_CONFIG
ADMIN_CODE.add(RequestCode.UPDATE_AND_CREATE_ACL_CONFIG);
// DELETE_ACL_CONFIG
ADMIN_CODE.add(RequestCode.DELETE_ACL_CONFIG);
// GET_BROKER_CLUSTER_ACL_INFO
ADMIN_CODE.add(RequestCode.GET_BROKER_CLUSTER_ACL_INFO);
}

public static boolean checkPermission(byte neededPerm, byte ownedPerm) {
Expand Down
15 changes: 10 additions & 5 deletions acl/src/test/java/org/apache/rocketmq/acl/common/PermissionTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
import java.util.Map;
import java.util.Set;
import org.apache.rocketmq.acl.plain.PlainAccessResource;
import org.apache.rocketmq.remoting.protocol.RequestCode;
import org.junit.Assert;
import org.junit.Test;

Expand Down Expand Up @@ -141,11 +142,15 @@ public void setTopicPermTest() {
@Test
public void checkAdminCodeTest() {
Set<Integer> code = new HashSet<>();
code.add(17);
code.add(25);
code.add(215);
code.add(200);
code.add(207);
code.add(RequestCode.UPDATE_AND_CREATE_TOPIC);
code.add(RequestCode.UPDATE_BROKER_CONFIG);
code.add(RequestCode.DELETE_TOPIC_IN_BROKER);
code.add(RequestCode.UPDATE_AND_CREATE_SUBSCRIPTIONGROUP);
code.add(RequestCode.DELETE_SUBSCRIPTIONGROUP);
code.add(RequestCode.UPDATE_AND_CREATE_STATIC_TOPIC);
code.add(RequestCode.UPDATE_AND_CREATE_ACL_CONFIG);
code.add(RequestCode.DELETE_ACL_CONFIG);
code.add(RequestCode.GET_BROKER_CLUSTER_ACL_INFO);

for (int i = 0; i < 400; i++) {
boolean boo = Permission.needAdminPerm(i);
Expand Down

0 comments on commit e656f91

Please sign in to comment.