From 4016161035a3dbac97ae79c7ed7ce2f240fff63c Mon Sep 17 00:00:00 2001 From: janithPet Date: Wed, 15 Jun 2022 16:10:20 +0100 Subject: [PATCH] Provide all document related permissions for action document.* --- meilisearch-auth/src/action.rs | 5 +++++ meilisearch-auth/src/store.rs | 5 +++++ meilisearch-http/tests/auth/authorization.rs | 8 ++++---- 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/meilisearch-auth/src/action.rs b/meilisearch-auth/src/action.rs index fab5263ec..674ed4824 100644 --- a/meilisearch-auth/src/action.rs +++ b/meilisearch-auth/src/action.rs @@ -8,6 +8,8 @@ pub enum Action { All = actions::ALL, #[serde(rename = "search")] Search = actions::SEARCH, + #[serde(rename = "documents.*")] + DocumentsAll = actions::DOCUMENTS_ALL, #[serde(rename = "documents.add")] DocumentsAdd = actions::DOCUMENTS_ADD, #[serde(rename = "documents.get")] @@ -50,6 +52,7 @@ impl Action { match repr { ALL => Some(Self::All), SEARCH => Some(Self::Search), + DOCUMENTS_ALL => Some(Self::DocumentsAll), DOCUMENTS_ADD => Some(Self::DocumentsAdd), DOCUMENTS_GET => Some(Self::DocumentsGet), DOCUMENTS_DELETE => Some(Self::DocumentsDelete), @@ -76,6 +79,7 @@ impl Action { match self { Self::All => ALL, Self::Search => SEARCH, + Self::DocumentsAll => DOCUMENTS_ALL, Self::DocumentsAdd => DOCUMENTS_ADD, Self::DocumentsGet => DOCUMENTS_GET, Self::DocumentsDelete => DOCUMENTS_DELETE, @@ -100,6 +104,7 @@ impl Action { pub mod actions { pub(crate) const ALL: u8 = 0; pub const SEARCH: u8 = 1; + pub const DOCUMENTS_ALL: u8 = 20; pub const DOCUMENTS_ADD: u8 = 2; pub const DOCUMENTS_GET: u8 = 3; pub const DOCUMENTS_DELETE: u8 = 4; diff --git a/meilisearch-auth/src/store.rs b/meilisearch-auth/src/store.rs index 0355c4579..65de64e56 100644 --- a/meilisearch-auth/src/store.rs +++ b/meilisearch-auth/src/store.rs @@ -90,6 +90,11 @@ impl HeedAuthStore { let actions = if key.actions.contains(&Action::All) { // if key.actions contains All, we iterate over all actions. Action::into_enum_iter().collect() + } else if key.actions.contains(&Action::DocumentsAll) { + // if key.actions.contains.DocumentsAll add all actions related to documents. + let mut actions = key.actions.clone(); + actions.append(&mut vec![Action::DocumentsAdd, Action::DocumentsGet, Action::DocumentsDelete]); + actions } else { key.actions.clone() }; diff --git a/meilisearch-http/tests/auth/authorization.rs b/meilisearch-http/tests/auth/authorization.rs index e5826a675..e790d1e4a 100644 --- a/meilisearch-http/tests/auth/authorization.rs +++ b/meilisearch-http/tests/auth/authorization.rs @@ -11,10 +11,10 @@ pub static AUTHORIZATIONS: Lazy hashset!{"search", "*"}, ("GET", "/indexes/products/search") => hashset!{"search", "*"}, - ("POST", "/indexes/products/documents") => hashset!{"documents.add", "*"}, - ("GET", "/indexes/products/documents") => hashset!{"documents.get", "*"}, - ("GET", "/indexes/products/documents/0") => hashset!{"documents.get", "*"}, - ("DELETE", "/indexes/products/documents/0") => hashset!{"documents.delete", "*"}, + ("POST", "/indexes/products/documents") => hashset!{"documents.add", "documents.*", "*"}, + ("GET", "/indexes/products/documents") => hashset!{"documents.get", "documents.*", "*"}, + ("GET", "/indexes/products/documents/0") => hashset!{"documents.get", "documents.*", "*"}, + ("DELETE", "/indexes/products/documents/0") => hashset!{"documents.delete", "documents.*", "*"}, ("GET", "/tasks") => hashset!{"tasks.get", "*"}, ("GET", "/tasks?indexUid=products") => hashset!{"tasks.get", "*"}, ("GET", "/tasks/0") => hashset!{"tasks.get", "*"},