Addressing comments , using dnfOfEnabled

Signed-off-by: Bharathwaj G <bharath78910@gmail.com>

src/main/java/org/opensearch/security/privileges/PitAccessEvaluator.java → src/main/java/org/opensearch/security/privileges/PitPrivilegesEvaluator.java

@@ -61,7 +61,7 @@
 /**
  * This class evaluates privileges for point in time (Delete and List all) operations
  */
-public class PitAccessEvaluator {
+public class PitPrivilegesEvaluator {
 
     protected final Logger log = LogManager.getLogger(this.getClass());
     private boolean isDebugEnabled = log.isDebugEnabled();
@@ -119,7 +119,8 @@ private PrivilegesEvaluatorResponse handleGetAllPitsAccess(final ActionRequest r
                                                                IndexNameExpressionResolver resolver,
                                                                boolean dnfofEnabled, PrivilegesEvaluatorResponse presponse) throws InterruptedException {
         List<ListPitInfo> pitInfos = getAllPitInfos((GetAllPitNodesRequest) request);
-        // if cluster has no PITs, then allow the operation to pass with empty response
+        // if cluster has no PITs, then allow the operation to pass with empty response if dnfOfEnabled
+        // config property is true, otherwise fail the operation
         if(pitInfos.isEmpty()) {
             if(dnfofEnabled) {
                 presponse.allowed = true;
@@ -175,7 +176,8 @@ private PrivilegesEvaluatorResponse handleDeleteAllPitAccess(DeletePitRequest de
                                                                  boolean dnfofEnabled, PrivilegesEvaluatorResponse presponse) throws InterruptedException {
         List<String> permittedPits = new ArrayList<>();
         List<String> pitIds = getAllPitIds();
-        // allow delete pit operation if there are no pits in the cluster ( response should be empty )
+        // if cluster has no PITs, then allow the operation to pass with empty response if dnfOfEnabled
+        // config property is true, otherwise fail the operation
         if(pitIds.isEmpty()) {
             if(dnfofEnabled) {
                 deletePitRequest.clearAndSetPitIds(pitIds);
@@ -219,7 +221,8 @@ private PrivilegesEvaluatorResponse handleGetAllPitSegmentsAccess(PitSegmentsReq
                                                                       boolean dnfofEnabled, PrivilegesEvaluatorResponse presponse) throws InterruptedException {
         List<String> permittedPits = new ArrayList<>();
         List<String> pitIds = getAllPitIds();
-        // allow pit segments operation if there are no pits in the cluster ( response should be empty )
+        // if cluster has no PITs, then allow the operation to pass with empty response if dnfOfEnabled
+        // config property is true, otherwise fail the operation
         if(pitIds.isEmpty()) {
             if(dnfofEnabled) {
                 pitSegmentsRequest.clearAndSetPitIds(pitIds);

src/main/java/org/opensearch/security/privileges/PrivilegesEvaluator.java

@@ -130,7 +130,7 @@ public class PrivilegesEvaluator {
     private final SecurityIndexAccessEvaluator securityIndexAccessEvaluator;
     private final ProtectedIndexAccessEvaluator protectedIndexAccessEvaluator;
     private final TermsAggregationEvaluator termsAggregationEvaluator;
-    private final PitAccessEvaluator pitAccessEvaluator;
+    private final PitPrivilegesEvaluator pitPrivilegesEvaluator;
     private final boolean dlsFlsEnabled;
     private final boolean dfmEmptyOverwritesAll;
     private DynamicConfigModel dcm;
@@ -159,7 +159,7 @@ public PrivilegesEvaluator(final ClusterService clusterService, final ThreadPool
         securityIndexAccessEvaluator = new SecurityIndexAccessEvaluator(settings, auditLog, irr);
         protectedIndexAccessEvaluator = new ProtectedIndexAccessEvaluator(settings, auditLog);
         termsAggregationEvaluator = new TermsAggregationEvaluator();
-        pitAccessEvaluator = new PitAccessEvaluator();
+        pitPrivilegesEvaluator = new PitPrivilegesEvaluator();
         this.namedXContentRegistry = namedXContentRegistry;
         this.dlsFlsEnabled = dlsFlsEnabled;
         this.dfmEmptyOverwritesAll = settings.getAsBoolean(ConfigConstants.SECURITY_DFM_EMPTY_OVERRIDES_ALL, false);
@@ -285,7 +285,7 @@ public PrivilegesEvaluatorResponse evaluate(final User user, String action0, fin
         }
 
         // check access for point in time requests
-        if(pitAccessEvaluator.evaluate(request, clusterService, user, securityRoles,
+        if(pitPrivilegesEvaluator.evaluate(request, clusterService, user, securityRoles,
                 action0, resolver, dcm.isDnfofEnabled(), presponse).isComplete()) {
             return presponse;
         }