[#3942]If both acl and message trace are enabled and the default topic RMQ_SYS_TRACE_TOPIC is used for message trace, you don't need to add the PUB permission of RMQ_SYS_TRACE_TOPIC topic to the acl config. (#3943)

sunxi92 · web-flow · commit c1aeca291ea6 · 2022-03-15T20:11:51.000+08:00
* If both acl and message trace are enabled and the default topic RMQ_SYS_TRACE_TOPIC is used for message trace, you don't need to add the PUB permission of RMQ_SYS_TRACE_TOPIC topic to the acl config.

* Delete Chinese character in comments.
diff --git a/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionManager.java b/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionManager.java
@@ -46,6 +46,7 @@
 import org.apache.rocketmq.common.MixAll;
 import org.apache.rocketmq.common.PlainAccessConfig;
 import org.apache.rocketmq.common.constant.LoggerName;
+import org.apache.rocketmq.common.topic.TopicValidator;
 import org.apache.rocketmq.logging.InternalLogger;
 import org.apache.rocketmq.logging.InternalLoggerFactory;
 import org.apache.rocketmq.srvutil.AclFileWatchService;
@@ -664,8 +665,18 @@ public void validate(PlainAccessResource plainAccessResource) {
         if (!signature.equals(plainAccessResource.getSignature())) {
             throw new AclException(String.format("Check signature failed for accessKey=%s", plainAccessResource.getAccessKey()));
         }
-        // Check perm of each resource
 
+        //Skip the topic RMQ_SYS_TRACE_TOPIC permission check,if the topic RMQ_SYS_TRACE_TOPIC is used for message trace
+        Map<String, Byte> resourcePermMap = plainAccessResource.getResourcePermMap();
+        if (resourcePermMap != null) {
+            Byte permission = resourcePermMap.get(TopicValidator.RMQ_SYS_TRACE_TOPIC);
+            if (permission != null && permission == Permission.PUB) {
+                return;
+            }
+        }
+
+
+        // Check perm of each resource
         checkPerm(plainAccessResource, ownedAccess);
     }
 
