From 14c4a222da604d5d6d93c0df83f305c9c85e7b53 Mon Sep 17 00:00:00 2001 From: Louis Dureuil Date: Wed, 22 Feb 2023 12:13:53 +0100 Subject: [PATCH] Authentication: AuthFilter::allow_index_creation both check that the index is authorized and the IndexCreate action --- meilisearch-auth/src/lib.rs | 4 ++-- meilisearch/src/routes/indexes/documents.rs | 4 ++-- meilisearch/src/routes/indexes/mod.rs | 3 +-- meilisearch/src/routes/indexes/settings.rs | 10 ++++++---- 4 files changed, 11 insertions(+), 10 deletions(-) diff --git a/meilisearch-auth/src/lib.rs b/meilisearch-auth/src/lib.rs index e18998db1..8d5457766 100644 --- a/meilisearch-auth/src/lib.rs +++ b/meilisearch-auth/src/lib.rs @@ -173,8 +173,8 @@ impl Default for AuthFilter { impl AuthFilter { #[inline] - pub fn allow_index_creation(&self) -> bool { - self.allow_index_creation + pub fn allow_index_creation(&self, index: &str) -> bool { + self.allow_index_creation && self.is_index_authorized(index) } pub fn with_allowed_indexes(allowed_indexes: HashSet) -> Self { diff --git a/meilisearch/src/routes/indexes/documents.rs b/meilisearch/src/routes/indexes/documents.rs index 635469c4e..3f694b5d1 100644 --- a/meilisearch/src/routes/indexes/documents.rs +++ b/meilisearch/src/routes/indexes/documents.rs @@ -192,7 +192,7 @@ pub async fn replace_documents( analytics.add_documents(¶ms, index_scheduler.index(&index_uid).is_err(), &req); - let allow_index_creation = index_scheduler.filters().allow_index_creation(); + let allow_index_creation = index_scheduler.filters().allow_index_creation(&index_uid); let task = document_addition( extract_mime_type(&req)?, index_scheduler, @@ -223,7 +223,7 @@ pub async fn update_documents( analytics.update_documents(¶ms, index_scheduler.index(&index_uid).is_err(), &req); - let allow_index_creation = index_scheduler.filters().allow_index_creation(); + let allow_index_creation = index_scheduler.filters().allow_index_creation(&index_uid); let task = document_addition( extract_mime_type(&req)?, index_scheduler, diff --git a/meilisearch/src/routes/indexes/mod.rs b/meilisearch/src/routes/indexes/mod.rs index ee0a9dea0..da24a92ad 100644 --- a/meilisearch/src/routes/indexes/mod.rs +++ b/meilisearch/src/routes/indexes/mod.rs @@ -120,8 +120,7 @@ pub async fn create_index( ) -> Result { let IndexCreateRequest { primary_key, uid } = body.into_inner(); - // FIXME: allow_index_creation? - let allow_index_creation = index_scheduler.filters().is_index_authorized(&uid); + let allow_index_creation = index_scheduler.filters().allow_index_creation(&uid); if allow_index_creation { analytics.publish( "Index Created".to_string(), diff --git a/meilisearch/src/routes/indexes/settings.rs b/meilisearch/src/routes/indexes/settings.rs index b1feb4e38..4b6cde685 100644 --- a/meilisearch/src/routes/indexes/settings.rs +++ b/meilisearch/src/routes/indexes/settings.rs @@ -45,7 +45,8 @@ macro_rules! make_setting_route { let new_settings = Settings { $attr: Setting::Reset.into(), ..Default::default() }; - let allow_index_creation = index_scheduler.filters().allow_index_creation(); + let allow_index_creation = + index_scheduler.filters().allow_index_creation(&index_uid); let task = KindWithContent::SettingsUpdate { index_uid: index_uid.to_string(), @@ -86,7 +87,8 @@ macro_rules! make_setting_route { ..Default::default() }; - let allow_index_creation = index_scheduler.filters().allow_index_creation(); + let allow_index_creation = + index_scheduler.filters().allow_index_creation(&index_uid); let task = KindWithContent::SettingsUpdate { index_uid: index_uid.to_string(), @@ -560,7 +562,7 @@ pub async fn update_all( Some(&req), ); - let allow_index_creation = index_scheduler.filters().allow_index_creation(); + let allow_index_creation = index_scheduler.filters().allow_index_creation(&index_uid); let index_uid = IndexUid::try_from(index_uid.into_inner())?.into_inner(); let task = KindWithContent::SettingsUpdate { index_uid, @@ -596,7 +598,7 @@ pub async fn delete_all( let new_settings = Settings::cleared().into_unchecked(); - let allow_index_creation = index_scheduler.filters().allow_index_creation(); + let allow_index_creation = index_scheduler.filters().allow_index_creation(&index_uid); let index_uid = IndexUid::try_from(index_uid.into_inner())?.into_inner(); let task = KindWithContent::SettingsUpdate { index_uid,