Authentication: AuthFilter::allow_index_creation both check that the index is authorized and the IndexCreate action

This commit is contained in:
Louis Dureuil 2023-02-22 12:13:53 +01:00
parent 690bb2e5cc
commit 14c4a222da
No known key found for this signature in database
4 changed files with 11 additions and 10 deletions

View File

@ -173,8 +173,8 @@ impl Default for AuthFilter {
impl AuthFilter { impl AuthFilter {
#[inline] #[inline]
pub fn allow_index_creation(&self) -> bool { pub fn allow_index_creation(&self, index: &str) -> bool {
self.allow_index_creation self.allow_index_creation && self.is_index_authorized(index)
} }
pub fn with_allowed_indexes(allowed_indexes: HashSet<IndexUidPattern>) -> Self { pub fn with_allowed_indexes(allowed_indexes: HashSet<IndexUidPattern>) -> Self {

View File

@ -192,7 +192,7 @@ pub async fn replace_documents(
analytics.add_documents(&params, index_scheduler.index(&index_uid).is_err(), &req); analytics.add_documents(&params, index_scheduler.index(&index_uid).is_err(), &req);
let allow_index_creation = index_scheduler.filters().allow_index_creation(); let allow_index_creation = index_scheduler.filters().allow_index_creation(&index_uid);
let task = document_addition( let task = document_addition(
extract_mime_type(&req)?, extract_mime_type(&req)?,
index_scheduler, index_scheduler,
@ -223,7 +223,7 @@ pub async fn update_documents(
analytics.update_documents(&params, index_scheduler.index(&index_uid).is_err(), &req); analytics.update_documents(&params, index_scheduler.index(&index_uid).is_err(), &req);
let allow_index_creation = index_scheduler.filters().allow_index_creation(); let allow_index_creation = index_scheduler.filters().allow_index_creation(&index_uid);
let task = document_addition( let task = document_addition(
extract_mime_type(&req)?, extract_mime_type(&req)?,
index_scheduler, index_scheduler,

View File

@ -120,8 +120,7 @@ pub async fn create_index(
) -> Result<HttpResponse, ResponseError> { ) -> Result<HttpResponse, ResponseError> {
let IndexCreateRequest { primary_key, uid } = body.into_inner(); let IndexCreateRequest { primary_key, uid } = body.into_inner();
// FIXME: allow_index_creation? let allow_index_creation = index_scheduler.filters().allow_index_creation(&uid);
let allow_index_creation = index_scheduler.filters().is_index_authorized(&uid);
if allow_index_creation { if allow_index_creation {
analytics.publish( analytics.publish(
"Index Created".to_string(), "Index Created".to_string(),

View File

@ -45,7 +45,8 @@ macro_rules! make_setting_route {
let new_settings = Settings { $attr: Setting::Reset.into(), ..Default::default() }; let new_settings = Settings { $attr: Setting::Reset.into(), ..Default::default() };
let allow_index_creation = index_scheduler.filters().allow_index_creation(); let allow_index_creation =
index_scheduler.filters().allow_index_creation(&index_uid);
let task = KindWithContent::SettingsUpdate { let task = KindWithContent::SettingsUpdate {
index_uid: index_uid.to_string(), index_uid: index_uid.to_string(),
@ -86,7 +87,8 @@ macro_rules! make_setting_route {
..Default::default() ..Default::default()
}; };
let allow_index_creation = index_scheduler.filters().allow_index_creation(); let allow_index_creation =
index_scheduler.filters().allow_index_creation(&index_uid);
let task = KindWithContent::SettingsUpdate { let task = KindWithContent::SettingsUpdate {
index_uid: index_uid.to_string(), index_uid: index_uid.to_string(),
@ -560,7 +562,7 @@ pub async fn update_all(
Some(&req), Some(&req),
); );
let allow_index_creation = index_scheduler.filters().allow_index_creation(); let allow_index_creation = index_scheduler.filters().allow_index_creation(&index_uid);
let index_uid = IndexUid::try_from(index_uid.into_inner())?.into_inner(); let index_uid = IndexUid::try_from(index_uid.into_inner())?.into_inner();
let task = KindWithContent::SettingsUpdate { let task = KindWithContent::SettingsUpdate {
index_uid, index_uid,
@ -596,7 +598,7 @@ pub async fn delete_all(
let new_settings = Settings::cleared().into_unchecked(); let new_settings = Settings::cleared().into_unchecked();
let allow_index_creation = index_scheduler.filters().allow_index_creation(); let allow_index_creation = index_scheduler.filters().allow_index_creation(&index_uid);
let index_uid = IndexUid::try_from(index_uid.into_inner())?.into_inner(); let index_uid = IndexUid::try_from(index_uid.into_inner())?.into_inner();
let task = KindWithContent::SettingsUpdate { let task = KindWithContent::SettingsUpdate {
index_uid, index_uid,