Skip to content

Commit

Permalink
add dnfof pattern
Browse files Browse the repository at this point in the history
  • Loading branch information
@hsiang9431-amzn
hsiang9431-amzn committed Aug 6, 2021
1 parent 0df0a67 commit 01ea9ff
Showing 1 changed file with 9 additions and 2 deletions.
11 changes: 9 additions & 2 deletions src/main/java/org/opensearch/security/privileges/PrivilegesEvaluator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@
import org.opensearch.action.admin.indices.mapping.get.GetFieldMappingsRequest;
import org.opensearch.action.admin.indices.mapping.put.AutoPutMappingAction;
import org.opensearch.action.admin.indices.mapping.put.PutMappingAction;
import org.opensearch.action.admin.indices.resolve.ResolveIndexAction;
import org.opensearch.action.bulk.BulkAction;
import org.opensearch.action.bulk.BulkItemRequest;
import org.opensearch.action.bulk.BulkRequest;
Expand Down Expand Up @@ -105,7 +106,6 @@
public class PrivilegesEvaluator {

private static final WildcardMatcher ACTION_MATCHER = WildcardMatcher.from("indices:data/read/*search*");
private static final Pattern dnfofPatterns = Pattern.compile("");
protected final Logger log = LogManager.getLogger(this.getClass());
private final ClusterService clusterService;

Expand All @@ -131,6 +131,13 @@ public class PrivilegesEvaluator {
private final boolean dlsFlsEnabled;
private DynamicConfigModel dcm;

private static final Pattern dnfofPatterns = Pattern.compile(
"indices:data/read/*" + "|" +
"indices:admin/mappings/fields/get*" + "|" +
"indices:admin/shards/search_shards" + "|" +
ResolveIndexAction.NAME
);

public PrivilegesEvaluator(final ClusterService clusterService, final ThreadPool threadPool,
final ConfigurationRepository configurationRepository, final IndexNameExpressionResolver resolver,
AuditLog auditLog, final Settings settings, final PrivilegesInterceptor privilegesInterceptor, final ClusterInfoHolder clusterInfoHolder,
Expand Down Expand Up @@ -406,7 +413,7 @@ public PrivilegesEvaluatorResponse evaluate(final User user, String action0, fin
presponse.missingPrivileges.clear();
presponse.allowed = true;

IndicesOptions idxOpt = IndicesOptions.fromOptions(true, true, false, false;
IndicesOptions idxOpt = IndicesOptions.fromOptions(true, true, false, false);
if(request instanceof SearchRequest) {
((SearchRequest) request).indicesOptions(idxOpt);
} else if(request instanceof ClusterSearchShardsRequest) {
Expand Down

0 comments on commit 01ea9ff

Please sign in to comment.