sajjad-moradi commented on a change in pull request #6440:
URL: https://github.com/apache/incubator-pinot/pull/6440#discussion_r564035596
##########
File path:
pinot-controller/src/main/java/org/apache/pinot/controller/api/resources/PinotSegmentUploadDownloadRestletResource.java
##########
@@ -492,7 +496,9 @@ public Response startReplaceSegments(
public Response endReplaceSegments(
@ApiParam(value = "Name of the table", required = true)
@PathParam("tableName") String tableName,
@ApiParam(value = "OFFLINE|REALTIME") @QueryParam("type") String
tableTypeStr,
- @ApiParam(value = "Segment lineage entry id returned by
startReplaceSegments API") @QueryParam("segmentLineageEntryId") String
segmentLineageEntryId) {
+ @ApiParam(value = "Segment lineage entry id returned by
startReplaceSegments API") @QueryParam("segmentLineageEntryId") String
segmentLineageEntryId,
+ @Context HttpHeaders httpHeaders) {
+ AccessControlUtils.validateWritePermission(httpHeaders, tableName,
_accessControlFactory, LOGGER);
Review comment:
I understand semantically it's fine if we don't validate here, but to be
consistent with other write endpoint maybe it's better to have access control
here as well.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org
For additional commands, e-mail: commits-h...@pinot.apache.org
