[ISSUE #6594] skip verification for admin user (#6613)

apache · Apr 19, 2023 · ea8b9d9 · ea8b9d9
1 parent 073da6b
commit ea8b9d9
Showing 1 changed file with 8 additions and 7 deletions.
diff --git a/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionChecker.java b/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionChecker.java
@@ -27,9 +27,15 @@ public class PlainPermissionChecker implements PermissionChecker {
     public void check(AccessResource checkedAccess, AccessResource ownedAccess) {
         PlainAccessResource checkedPlainAccess = (PlainAccessResource) checkedAccess;
         PlainAccessResource ownedPlainAccess = (PlainAccessResource) ownedAccess;
-        if (Permission.needAdminPerm(checkedPlainAccess.getRequestCode()) && !ownedPlainAccess.isAdmin()) {
+
+        if (ownedPlainAccess.isAdmin()) {
+            // admin user don't need verification
+            return;
+        }
+        if (Permission.needAdminPerm(checkedPlainAccess.getRequestCode())) {
             throw new AclException(String.format("Need admin permission for request code=%d, but accessKey=%s is not", checkedPlainAccess.getRequestCode(), ownedPlainAccess.getAccessKey()));
         }
+
         Map<String, Byte> needCheckedPermMap = checkedPlainAccess.getResourcePermMap();
         Map<String, Byte> ownedPermMap = ownedPlainAccess.getResourcePermMap();
 
@@ -38,11 +44,6 @@ public void check(AccessResource checkedAccess, AccessResource ownedAccess) {
             return;
         }
 
-        if (ownedPermMap == null && ownedPlainAccess.isAdmin()) {
-            // If the ownedPermMap is null and it is an admin user, then return
-            return;
-        }
-
         for (Map.Entry<String, Byte> needCheckedEntry : needCheckedPermMap.entrySet()) {
             String resource = needCheckedEntry.getKey();
             Byte neededPerm = needCheckedEntry.getValue();
@@ -58,7 +59,7 @@ public void check(AccessResource checkedAccess, AccessResource ownedAccess) {
                 continue;
             }
             if (!Permission.checkPermission(neededPerm, ownedPermMap.get(resource))) {
-                throw new AclException(String.format("No default permission for %s", PlainAccessResource.printStr(resource, isGroup)));
+                throw new AclException(String.format("No permission for %s", PlainAccessResource.printStr(resource, isGroup)));
             }
         }
     }