searchengines-web/MeiliSearch
searchengines-web/MeiliSearch
1
0
Fork 0
mirror of https://github.com/meilisearch/MeiliSearch synced 2025-07-15 13:58:36 +02:00
Code Issues Releases Wiki Activity

Allow management key to read other keys

Browse source
This commit is contained in:
Mubelotix 2025-06-19 11:52:58 +02:00
parent 11fedea788
commit f50e586a4f
No known key found for this signature in database
GPG key ID: 89F391DBCC8CE7F0
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
crates/meilisearch-types/src/keys.rs
View file

@ -148,8 +148,8 @@ impl Key {
let now = OffsetDateTime::now_utc(); let now = OffsetDateTime::now_utc();
let uid = Uuid::from_u128(1); let uid = Uuid::from_u128(1);
Self { Self {
name: Some("Read-only Admin key".to_string()), name: Some("Default Read-Only Admin API Key".to_string()),
description: Some("Use it to peek into the instance in a read-only mode. Caution! Do not expose it on a public frontend".to_string()), description: Some("Use it to peek into the instance in a read-only mode. Caution! Do not expose it on a public frontend. It would give access to all other keys".to_string()),
uid, uid,
actions: vec![Action::AllRead], actions: vec![Action::AllRead],
indexes: vec![IndexUidPattern::all()], indexes: vec![IndexUidPattern::all()],
@ -444,7 +444,7 @@ impl Action {
SnapshotsCreate => false, SnapshotsCreate => false,
Version => true, Version => true,
KeysAdd => false, KeysAdd => false,
KeysGet => false, // Prevent privilege escalation by not allowing reading other keys. KeysGet => true,
KeysUpdate => false, KeysUpdate => false,
KeysDelete => false, KeysDelete => false,
ExperimentalFeaturesGet => true, ExperimentalFeaturesGet => true,