caigy commented on code in PR #4769:
URL: https://github.com/apache/rocketmq/pull/4769#discussion_r997694705
##########
acl/src/main/java/org/apache/rocketmq/acl/common/Permission.java:
##########
@@ -111,4 +121,73 @@ public static void checkResourcePerms(List<String>
resources) {
public static boolean needAdminPerm(Integer code) {
return ADMIN_CODE.contains(code);
}
+
+ public static void parseResourcePermsAndNamespacePerms(PlainAccessResource
plainAccessResource, PlainAccessConfig plainAccessConfig) {
+ List<ResourceAndPerm> resourcePerms =
plainAccessConfig.getResourcePerms();
+ if (resourcePerms != null && !resourcePerms.isEmpty()) {
+ for (ResourceAndPerm resource : resourcePerms) {
+ ResourceType type = resource.getType();
+ String namespace = resource.getNamespace();
+ String perm = resource.getPerm();
+ String resourceName = namespace == null ?
resource.getResource() : namespace + NAMESPACE_SEPARATOR +
resource.getResource();
Review Comment:
Wrapping namespace by `NamespaceUtil` is more appropriate.
##########
acl/src/main/java/org/apache/rocketmq/acl/common/Permission.java:
##########
@@ -111,4 +121,73 @@ public static void checkResourcePerms(List<String>
resources) {
public static boolean needAdminPerm(Integer code) {
return ADMIN_CODE.contains(code);
}
+
+ public static void parseResourcePermsAndNamespacePerms(PlainAccessResource
plainAccessResource, PlainAccessConfig plainAccessConfig) {
+ List<ResourceAndPerm> resourcePerms =
plainAccessConfig.getResourcePerms();
+ if (resourcePerms != null && !resourcePerms.isEmpty()) {
+ for (ResourceAndPerm resource : resourcePerms) {
+ ResourceType type = resource.getType();
+ String namespace = resource.getNamespace();
+ String perm = resource.getPerm();
+ String resourceName = namespace == null ?
resource.getResource() : namespace + NAMESPACE_SEPARATOR +
resource.getResource();
+ if (type == ResourceType.GROUP) {
+ resourceName =
PlainAccessResource.getRetryTopic(resourceName);
+ }
+ plainAccessResource.addResourceAndPerm(resourceName,
Permission.parsePermFromString(perm));
+ }
+ }
+ List<NamespaceAndPerm> namespacePerms =
plainAccessConfig.getNamespacePerms();
+ if (namespacePerms != null && !namespacePerms.isEmpty()) {
+ Map<String, Map<String, Byte>> namespacePermMap = new HashMap<>();
+ for (NamespaceAndPerm namespace : namespacePerms) {
+ String namespaceName = namespace.getNamespace();
+ String topicPerm = namespace.getTopicPerm();
+ String groupPerm = namespace.getGroupPerm();
+ Map<String, Byte> permMap = Maps.newHashMapWithExpectedSize(2);
+ if (topicPerm != null && !topicPerm.isEmpty()) {
+ permMap.put(AclConstants.CONFIG_TOPIC_PERM,
Permission.parsePermFromString(topicPerm));
+ }
+ if (groupPerm != null && !groupPerm.isEmpty()) {
+ permMap.put(AclConstants.CONFIG_GROUP_PERM,
Permission.parsePermFromString(groupPerm));
+ }
+ namespacePermMap.put(namespaceName, permMap);
+ }
+ plainAccessResource.setNamespacePermMap(namespacePermMap);
+ }
+ }
+
+ public static void parseResourcePermsAndNamespacePerms(PlainAccessResource
plainAccessResource, Map<String, Object> accountMap) {
Review Comment:
Is it almost the same as
`parseResourcePermsAndNamespacePerms(org.apache.rocketmq.acl.plain.PlainAccessResource,
org.apache.rocketmq.common.PlainAccessConfig)`? If so, just build
`PlainAccessConfig` from `Map` and call it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@rocketmq.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
