diff --git a/apps/emqx_auth_jwt/src/emqx_auth_jwt.erl b/apps/emqx_auth_jwt/src/emqx_auth_jwt.erl index c315cd59e..623fa25c5 100644 --- a/apps/emqx_auth_jwt/src/emqx_auth_jwt.erl +++ b/apps/emqx_auth_jwt/src/emqx_auth_jwt.erl @@ -114,13 +114,13 @@ verify_acl(ClientInfo, Acl, PubSub, Topic) -> subscribe -> <<"sub">>; publish -> <<"pub">> end, - Rules0 = lists:foldl( - fun(K, Acc) -> - [case maps:get(K, Acl, undefined) of - R when is_list(R) -> R; - _ -> [] - end | Acc] - end, [], [<<"all">>, Key]), + Rules0 = lists:map( + fun(K) -> + case maps:get(K, Acl, undefined) of + R when is_list(R) -> R; + _ -> [] + end + end, [<<"all">>, Key]), Rules = lists:append(Rules0), verify_acl(ClientInfo, Rules, Topic). diff --git a/changes/v4.3.22-en.md b/changes/v4.3.22-en.md index 6e2df3367..dde805195 100644 --- a/changes/v4.3.22-en.md +++ b/changes/v4.3.22-en.md @@ -3,7 +3,7 @@ - Add a warning log if the ACL check failed for subscription [#9124](https://github.com/emqx/emqx/pull/9124). This is to make the ACL deny logging for subscription behave the same as for publish. -- JWT authorization supports the `all` rules [#9044](https://github.com/emqx/emqx/pull/9044). +- JWT ACL claim supports `all` action to imply the rules applie to both `pub` and `sub` [#9044](https://github.com/emqx/emqx/pull/9044). ### Bug fixes diff --git a/changes/v4.3.22-zh.md b/changes/v4.3.22-zh.md index 32a161a1f..1ee55be61 100644 --- a/changes/v4.3.22-zh.md +++ b/changes/v4.3.22-zh.md @@ -3,7 +3,7 @@ - 订阅时,如果 ACL 检查不通过,打印一个警告日志 [#9124](https://github.com/emqx/emqx/pull/9124)。 该行为的改变主要是为了跟发布失败时的行为保持一致。 -- 基于 JWT 的发布订阅授权支持 `all` 规则 [#9044](https://github.com/emqx/emqx/pull/9044)。 +- 基于 JWT 的 ACL 支持 `all` 动作,指定同时适用于 `pub` 和 `sub` 两个动作的规则列表 [#9044](https://github.com/emqx/emqx/pull/9044)。 ### 修复