From 3ba0ca7ce4530d21557bb0a95ab1896037cada0e Mon Sep 17 00:00:00 2001 From: wh002 Date: Mon, 17 Apr 2023 15:57:04 +0800 Subject: [PATCH 1/2] ACL for learn --- src/replica/replica_stub.cpp | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/replica/replica_stub.cpp b/src/replica/replica_stub.cpp index 3b3c35e4c0..2694017627 100644 --- a/src/replica/replica_stub.cpp +++ b/src/replica/replica_stub.cpp @@ -1310,14 +1310,19 @@ void replica_stub::on_group_check(group_check_rpc rpc) void replica_stub::on_learn(dsn::message_ex *msg) { + learn_response response; learn_request request; ::dsn::unmarshall(msg, request); replica_ptr rep = get_replica(request.pid); if (rep != nullptr) { + if (!rep->access_controller_allowed(msg, ranger::access_type::kWrite)) { + response.err = ERR_ACL_DENY; + reply(msg, response); + return; + } rep->on_learn(msg, request); } else { - learn_response response; response.err = ERR_OBJECT_NOT_FOUND; reply(msg, response); } From 39d46744570d813ed6eabda58012e6df8a98ef10 Mon Sep 17 00:00:00 2001 From: wh002 Date: Mon, 17 Apr 2023 17:32:30 +0800 Subject: [PATCH 2/2] IWYU --- src/replica/replica_stub.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/src/replica/replica_stub.cpp b/src/replica/replica_stub.cpp index 2694017627..5fc7bf4395 100644 --- a/src/replica/replica_stub.cpp +++ b/src/replica/replica_stub.cpp @@ -72,6 +72,7 @@ #include "replica_disk_migrator.h" #include "replica_stub.h" #include "runtime/api_layer1.h" +#include "runtime/ranger/access_type.h" #include "runtime/rpc/rpc_message.h" #include "runtime/rpc/serialization.h" #include "runtime/security/access_controller.h"