From b2e2dc855896ee17051bca918df961346b4310b1 Mon Sep 17 00:00:00 2001
From: ManyTheFish <many@meilisearch.com>
Date: Wed, 1 Jun 2022 11:47:44 +0200
Subject: [PATCH] Re-authorize master_key to access to all routes

---
 .../src/extractors/authentication/mod.rs      |  2 +-
 meilisearch-http/tests/auth/authorization.rs  | 31 ++-----------------
 2 files changed, 3 insertions(+), 30 deletions(-)

diff --git a/meilisearch-http/src/extractors/authentication/mod.rs b/meilisearch-http/src/extractors/authentication/mod.rs
index a6384492c..99f972984 100644
--- a/meilisearch-http/src/extractors/authentication/mod.rs
+++ b/meilisearch-http/src/extractors/authentication/mod.rs
@@ -177,7 +177,7 @@ pub mod policies {
             // if master key is None only keys routes are inaccessible.
             if auth
                 .get_master_key()
-                .map_or_else(|| !is_keys_action(A), |mk| mk == token && is_keys_action(A))
+                .map_or_else(|| !is_keys_action(A), |mk| mk == token)
             {
                 return Some(AuthFilter::default());
             }
diff --git a/meilisearch-http/tests/auth/authorization.rs b/meilisearch-http/tests/auth/authorization.rs
index 81c626215..fde4c61f3 100644
--- a/meilisearch-http/tests/auth/authorization.rs
+++ b/meilisearch-http/tests/auth/authorization.rs
@@ -188,41 +188,14 @@ async fn error_access_unauthorized_action() {
     }
 }
 
-#[actix_rt::test]
-#[cfg_attr(target_os = "windows", ignore)]
-async fn error_access_master_key() {
-    let mut server = Server::new_auth().await;
-    server.use_api_key("MASTER_KEY");
-
-    // master key must only have access to /keys
-    for ((method, route), _) in AUTHORIZATIONS
-        .iter()
-        .filter(|(_, action)| action.iter().all(|a| !a.starts_with("keys.")))
-    {
-        let (response, code) = server.dummy_request(method, route).await;
-
-        assert_eq!(
-            response,
-            INVALID_RESPONSE.clone(),
-            "on route: {:?} - {:?}",
-            method,
-            route
-        );
-        assert_eq!(403, code, "{:?}", &response);
-    }
-}
-
 #[actix_rt::test]
 #[cfg_attr(target_os = "windows", ignore)]
 async fn access_authorized_master_key() {
     let mut server = Server::new_auth().await;
     server.use_api_key("MASTER_KEY");
 
-    // master key must only have access to /keys
-    for ((method, route), _) in AUTHORIZATIONS
-        .iter()
-        .filter(|(_, action)| action.iter().any(|a| a.starts_with("keys.")))
-    {
+    // master key must have access to all routes.
+    for ((method, route), _) in AUTHORIZATIONS.iter() {
         let (response, code) = server.dummy_request(method, route).await;
 
         assert_ne!(