Provide all document related permissions for action document.*

meilisearch-auth/src/action.rs

@@ -8,6 +8,8 @@ pub enum Action {
     All = actions::ALL,
     #[serde(rename = "search")]
     Search = actions::SEARCH,
+    #[serde(rename = "documents.*")] 
+    DocumentsAll = actions::DOCUMENTS_ALL,
     #[serde(rename = "documents.add")]
     DocumentsAdd = actions::DOCUMENTS_ADD,
     #[serde(rename = "documents.get")]
@@ -50,6 +52,7 @@ impl Action {
         match repr {
             ALL => Some(Self::All),
             SEARCH => Some(Self::Search),
+            DOCUMENTS_ALL => Some(Self::DocumentsAll),
             DOCUMENTS_ADD => Some(Self::DocumentsAdd),
             DOCUMENTS_GET => Some(Self::DocumentsGet),
             DOCUMENTS_DELETE => Some(Self::DocumentsDelete),
@@ -76,6 +79,7 @@ impl Action {
         match self {
             Self::All => ALL,
             Self::Search => SEARCH,
+            Self::DocumentsAll => DOCUMENTS_ALL,
             Self::DocumentsAdd => DOCUMENTS_ADD,
             Self::DocumentsGet => DOCUMENTS_GET,
             Self::DocumentsDelete => DOCUMENTS_DELETE,
@@ -100,6 +104,7 @@ impl Action {
 pub mod actions {
     pub(crate) const ALL: u8 = 0;
     pub const SEARCH: u8 = 1;
+    pub const DOCUMENTS_ALL: u8 = 20;
     pub const DOCUMENTS_ADD: u8 = 2;
     pub const DOCUMENTS_GET: u8 = 3;
     pub const DOCUMENTS_DELETE: u8 = 4;

meilisearch-auth/src/store.rs

@@ -90,6 +90,11 @@ impl HeedAuthStore {
         let actions = if key.actions.contains(&Action::All) {
             // if key.actions contains All, we iterate over all actions.
             Action::into_enum_iter().collect()
+        } else if key.actions.contains(&Action::DocumentsAll) {
+            // if key.actions.contains.DocumentsAll add all actions related to documents.
+            let mut actions = key.actions.clone();
+            actions.append(&mut vec![Action::DocumentsAdd, Action::DocumentsGet, Action::DocumentsDelete]);
+            actions
         } else {
             key.actions.clone()
         };

meilisearch-http/tests/auth/authorization.rs

@@ -11,10 +11,10 @@ pub static AUTHORIZATIONS: Lazy<HashMap<(&'static str, &'static str), HashSet<&'
         hashmap! {
             ("POST",    "/indexes/products/search") =>                         hashset!{"search", "*"},
             ("GET",     "/indexes/products/search") =>                         hashset!{"search", "*"},
-            ("POST",    "/indexes/products/documents") =>                      hashset!{"documents.add", "*"},
+            ("POST",    "/indexes/products/documents") =>                      hashset!{"documents.add", "documents.*", "*"},
-            ("GET",     "/indexes/products/documents") =>                      hashset!{"documents.get", "*"},
+            ("GET",     "/indexes/products/documents") =>                      hashset!{"documents.get", "documents.*", "*"},
-            ("GET",     "/indexes/products/documents/0") =>                    hashset!{"documents.get", "*"},
+            ("GET",     "/indexes/products/documents/0") =>                    hashset!{"documents.get", "documents.*", "*"},
-            ("DELETE",  "/indexes/products/documents/0") =>                    hashset!{"documents.delete", "*"},
+            ("DELETE",  "/indexes/products/documents/0") =>                    hashset!{"documents.delete", "documents.*", "*"},
             ("GET",     "/tasks") =>                                           hashset!{"tasks.get", "*"},
             ("GET",     "/tasks?indexUid=products") =>                         hashset!{"tasks.get", "*"},
             ("GET",     "/tasks/0") =>                                         hashset!{"tasks.get", "*"},