Authentication: AuthFilter::allow_index_creation both check that the index is authorized and the IndexCreate action

2024-11-25 22:34:28 +01:00 · 2023-02-22 12:13:53 +01:00 · 2023-02-22 12:13:53 +01:00 · 14c4a222da
commit 14c4a222da
parent 690bb2e5cc
4 changed files with 11 additions and 10 deletions
--- a/meilisearch-auth/src/lib.rs
+++ b/meilisearch-auth/src/lib.rs
@ -173,8 +173,8 @@ impl Default for AuthFilter {
 impl AuthFilter {
    #[inline]
-    pub fn allow_index_creation(&self) -> bool {
+    pub fn allow_index_creation(&self, index: &str) -> bool {
-        self.allow_index_creation
+        self.allow_index_creation && self.is_index_authorized(index)
    }
    pub fn with_allowed_indexes(allowed_indexes: HashSet<IndexUidPattern>) -> Self {
--- a/meilisearch/src/routes/indexes/documents.rs
+++ b/meilisearch/src/routes/indexes/documents.rs
@ -192,7 +192,7 @@ pub async fn replace_documents(
    analytics.add_documents(&params, index_scheduler.index(&index_uid).is_err(), &req);
-    let allow_index_creation = index_scheduler.filters().allow_index_creation();
+    let allow_index_creation = index_scheduler.filters().allow_index_creation(&index_uid);
    let task = document_addition(
        extract_mime_type(&req)?,
        index_scheduler,
@ -223,7 +223,7 @@ pub async fn update_documents(
    analytics.update_documents(&params, index_scheduler.index(&index_uid).is_err(), &req);
-    let allow_index_creation = index_scheduler.filters().allow_index_creation();
+    let allow_index_creation = index_scheduler.filters().allow_index_creation(&index_uid);
    let task = document_addition(
        extract_mime_type(&req)?,
        index_scheduler,
--- a/meilisearch/src/routes/indexes/mod.rs
+++ b/meilisearch/src/routes/indexes/mod.rs
@ -120,8 +120,7 @@ pub async fn create_index(
 ) -> Result<HttpResponse, ResponseError> {
    let IndexCreateRequest { primary_key, uid } = body.into_inner();
-    // FIXME: allow_index_creation?
+    let allow_index_creation = index_scheduler.filters().allow_index_creation(&uid);
    let allow_index_creation = index_scheduler.filters().is_index_authorized(&uid);
    if allow_index_creation {
        analytics.publish(
            "Index Created".to_string(),
--- a/meilisearch/src/routes/indexes/settings.rs
+++ b/meilisearch/src/routes/indexes/settings.rs
@ -45,7 +45,8 @@ macro_rules! make_setting_route {
                let new_settings = Settings { $attr: Setting::Reset.into(), ..Default::default() };
-                let allow_index_creation = index_scheduler.filters().allow_index_creation();
+                let allow_index_creation =
                    index_scheduler.filters().allow_index_creation(&index_uid);
                let task = KindWithContent::SettingsUpdate {
                    index_uid: index_uid.to_string(),
@ -86,7 +87,8 @@ macro_rules! make_setting_route {
                    ..Default::default()
                };
-                let allow_index_creation = index_scheduler.filters().allow_index_creation();
+                let allow_index_creation =
                    index_scheduler.filters().allow_index_creation(&index_uid);
                let task = KindWithContent::SettingsUpdate {
                    index_uid: index_uid.to_string(),
@ -560,7 +562,7 @@ pub async fn update_all(
        Some(&req),
    );
-    let allow_index_creation = index_scheduler.filters().allow_index_creation();
+    let allow_index_creation = index_scheduler.filters().allow_index_creation(&index_uid);
    let index_uid = IndexUid::try_from(index_uid.into_inner())?.into_inner();
    let task = KindWithContent::SettingsUpdate {
        index_uid,
@ -596,7 +598,7 @@ pub async fn delete_all(
    let new_settings = Settings::cleared().into_unchecked();
-    let allow_index_creation = index_scheduler.filters().allow_index_creation();
+    let allow_index_creation = index_scheduler.filters().allow_index_creation(&index_uid);
    let index_uid = IndexUid::try_from(index_uid.into_inner())?.into_inner();
    let task = KindWithContent::SettingsUpdate {
        index_uid,