searchengines-web/MeiliSearch
searchengines-web/MeiliSearch
1
0
Fork 0
mirror of https://github.com/meilisearch/MeiliSearch synced 2025-07-15 13:58:36 +02:00
Code Issues Releases Wiki Activity

Add an AllRead key

Browse source
This commit is contained in:
Mubelotix 2025-06-19 11:29:16 +02:00
parent 00eb258a53
commit b421c8e7de
No known key found for this signature in database
GPG key ID: 89F391DBCC8CE7F0
2 changed files with 49 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
crates/meilisearch-auth/src/store.rs
View file

@ -89,6 +89,7 @@ impl HeedAuthStore {
for action in &key.actions { for action in &key.actions {
match action { match action {
Action::All => actions.extend(enum_iterator::all::<Action>()), Action::All => actions.extend(enum_iterator::all::<Action>()),
Action::AllRead => actions.extend(enum_iterator::all::<Action>().filter(|a| a.is_read())),
Action::DocumentsAll => { Action::DocumentsAll => {
actions.extend( actions.extend(
[Action::DocumentsGet, Action::DocumentsDelete, Action::DocumentsAdd] [Action::DocumentsGet, Action::DocumentsDelete, Action::DocumentsAdd]

48
crates/meilisearch-types/src/keys.rs
View file

@ -218,6 +218,9 @@ pub enum Action {
#[serde(rename = "*")] #[serde(rename = "*")]
#[deserr(rename = "*")] #[deserr(rename = "*")]
All = 0, All = 0,
#[serde(rename = "*.read")]
#[deserr(rename = "*.read")]
AllRead,
#[serde(rename = "search")] #[serde(rename = "search")]
#[deserr(rename = "search")] #[deserr(rename = "search")]
Search, Search,
@ -396,6 +399,51 @@ impl Action {
} }
} }
/// Whether the action should be included in [Action::AllRead].
pub fn is_read(&self) -> bool {
use Action::*;
// It's using an exhaustive match to force the addition of new actions.
match self {
// Any action that expands to others must return false, as it wouldn't be able to expand recursively.
All | AllRead | DocumentsAll | IndexesAll | ChatsAll | TasksAll | SettingsAll
| StatsAll | MetricsAll | DumpsAll | SnapshotsAll | ChatsSettingsAll => false,
Search => true,
DocumentsAdd => false,
DocumentsGet => true,
DocumentsDelete => false,
IndexesAdd => false,
IndexesGet => true,
IndexesUpdate => false,
IndexesDelete => false,
IndexesSwap => false,
TasksCancel => false,
TasksDelete => false,
TasksGet => true,
SettingsGet => true,
SettingsUpdate => false,
StatsGet => true,
MetricsGet => true,
DumpsCreate => false,
SnapshotsCreate => false,
Version => true,
KeysAdd => false,
KeysGet => false, // Prevent privilege escalation by not allowing reading other keys.
KeysUpdate => false,
KeysDelete => false,
ExperimentalFeaturesGet => true,
ExperimentalFeaturesUpdate => false,
NetworkGet => true,
NetworkUpdate => false,
ChatCompletions => false, // Disabled because it might trigger generation of new chats.
ChatsGet => true,
ChatsDelete => false,
ChatsSettingsGet => true,
ChatsSettingsUpdate => false,
}
}
pub const fn repr(&self) -> u8 { pub const fn repr(&self) -> u8 {
*self as u8 *self as u8
} }