THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
/**
* Check if the caller is authorized to perform the given ACL operation on at least one
* resource satisfying the filter.
*
* @param requestContext Request context including request type, security protocol, and listener name
* @param op The ACL operation to check
* @param f The resource filter
* @return Return true if the caller is authorized to perform the given ACL operation
* on at least one resource satisfying the filter. Return false otherwise.
*/
default AuthorizationResult authorizeAny(AuthorizableRequestContext requestContext,
AclOperation op,
ResourcePatternFilter f) {
ResourcePatternFilter resourceFilter = new ResourcePatternFilter(type, null, PatternType.ANY);
AclBindingFilter aclFilter = new AclBindingFilter(
resourceFilter, new AccessControlEntryFilter(
requestContext.principal().toString(),
requestContext.clientAddress().getHostAddress(),
op,
AclPermissionType.ANY));
for (AclBinding binding : acls(aclFilter)) {
if (binding.entry().permissionType() != AclPermissionType.ALLOW)
continue;
List<Action> action = Collections.singletonList(new Action(
op, binding.pattern(), 1, false, false));
if (authorize(requestContext, action).get(0) == AuthorizationResult.ALLOWED) {
return AuthorizationResult.ALLOWED;
}
}
return AuthorizationResult.DENIED;
} |
Proposed Changes
Besides the public interface changes above, we will deprecate `IDEMPOTENT_WRITE` in release version 2.8 because it's kind of trivial by practice.
...