mirror of
https://github.com/meilisearch/meilisearch.git
synced 2025-01-18 17:11:15 +08:00
Merge #2525
2525: Auth: Provide all document related permissions for action document.* r=Kerollmops a=janithpet Added a `Action::DocumentsAll` identifier as [suggested](https://github.com/meilisearch/meilisearch/issues/2080#issuecomment-1022952486), along with the other necessary changes in `action.rs`. Inside `store.rs`, added an extra condition in `HeedAuthStore::put_api_key` to append all document related permissions if `key.actions.contains(&DocumentsAll)`. Updated the tests as [suggested](https://github.com/meilisearch/meilisearch/issues/2080#issuecomment-1022952486). I am quite new to Rust, so please let me know if I had made any mistakes; have I written the code in the most idiomatic/efficient way? I am aware that the way I append the document permissions could create duplicates in the `actions` vector, but I am not sure how fix that in a simple way (other than using other dependencies like [itertools](https://github.com/rust-itertools/itertools), for example). ## What does this PR do? Fixes #2080 ## PR checklist Please check if your PR fulfills the following requirements: - [ ] Does this PR fix an existing issue? - [ x] Have you read the contributing guidelines? - [ x] Have you made sure that the title is accurate and descriptive of the changes? Thank you so much for contributing to Meilisearch! Co-authored-by: janithPet <jpetangoda@gmail.com>
This commit is contained in:
commit
4862993482
@ -8,6 +8,8 @@ pub enum Action {
|
|||||||
All = actions::ALL,
|
All = actions::ALL,
|
||||||
#[serde(rename = "search")]
|
#[serde(rename = "search")]
|
||||||
Search = actions::SEARCH,
|
Search = actions::SEARCH,
|
||||||
|
#[serde(rename = "documents.*")]
|
||||||
|
DocumentsAll = actions::DOCUMENTS_ALL,
|
||||||
#[serde(rename = "documents.add")]
|
#[serde(rename = "documents.add")]
|
||||||
DocumentsAdd = actions::DOCUMENTS_ADD,
|
DocumentsAdd = actions::DOCUMENTS_ADD,
|
||||||
#[serde(rename = "documents.get")]
|
#[serde(rename = "documents.get")]
|
||||||
@ -50,6 +52,7 @@ impl Action {
|
|||||||
match repr {
|
match repr {
|
||||||
ALL => Some(Self::All),
|
ALL => Some(Self::All),
|
||||||
SEARCH => Some(Self::Search),
|
SEARCH => Some(Self::Search),
|
||||||
|
DOCUMENTS_ALL => Some(Self::DocumentsAll),
|
||||||
DOCUMENTS_ADD => Some(Self::DocumentsAdd),
|
DOCUMENTS_ADD => Some(Self::DocumentsAdd),
|
||||||
DOCUMENTS_GET => Some(Self::DocumentsGet),
|
DOCUMENTS_GET => Some(Self::DocumentsGet),
|
||||||
DOCUMENTS_DELETE => Some(Self::DocumentsDelete),
|
DOCUMENTS_DELETE => Some(Self::DocumentsDelete),
|
||||||
@ -76,6 +79,7 @@ impl Action {
|
|||||||
match self {
|
match self {
|
||||||
Self::All => ALL,
|
Self::All => ALL,
|
||||||
Self::Search => SEARCH,
|
Self::Search => SEARCH,
|
||||||
|
Self::DocumentsAll => DOCUMENTS_ALL,
|
||||||
Self::DocumentsAdd => DOCUMENTS_ADD,
|
Self::DocumentsAdd => DOCUMENTS_ADD,
|
||||||
Self::DocumentsGet => DOCUMENTS_GET,
|
Self::DocumentsGet => DOCUMENTS_GET,
|
||||||
Self::DocumentsDelete => DOCUMENTS_DELETE,
|
Self::DocumentsDelete => DOCUMENTS_DELETE,
|
||||||
@ -100,18 +104,19 @@ impl Action {
|
|||||||
pub mod actions {
|
pub mod actions {
|
||||||
pub(crate) const ALL: u8 = 0;
|
pub(crate) const ALL: u8 = 0;
|
||||||
pub const SEARCH: u8 = 1;
|
pub const SEARCH: u8 = 1;
|
||||||
pub const DOCUMENTS_ADD: u8 = 2;
|
pub const DOCUMENTS_ALL: u8 = 2;
|
||||||
pub const DOCUMENTS_GET: u8 = 3;
|
pub const DOCUMENTS_ADD: u8 = 3;
|
||||||
pub const DOCUMENTS_DELETE: u8 = 4;
|
pub const DOCUMENTS_GET: u8 = 4;
|
||||||
pub const INDEXES_CREATE: u8 = 5;
|
pub const DOCUMENTS_DELETE: u8 = 5;
|
||||||
pub const INDEXES_GET: u8 = 6;
|
pub const INDEXES_CREATE: u8 = 6;
|
||||||
pub const INDEXES_UPDATE: u8 = 7;
|
pub const INDEXES_GET: u8 = 7;
|
||||||
pub const INDEXES_DELETE: u8 = 8;
|
pub const INDEXES_UPDATE: u8 = 8;
|
||||||
pub const TASKS_GET: u8 = 9;
|
pub const INDEXES_DELETE: u8 = 9;
|
||||||
pub const SETTINGS_GET: u8 = 10;
|
pub const TASKS_GET: u8 = 10;
|
||||||
pub const SETTINGS_UPDATE: u8 = 11;
|
pub const SETTINGS_GET: u8 = 11;
|
||||||
pub const STATS_GET: u8 = 12;
|
pub const SETTINGS_UPDATE: u8 = 12;
|
||||||
pub const DUMPS_CREATE: u8 = 13;
|
pub const STATS_GET: u8 = 13;
|
||||||
|
pub const DUMPS_CREATE: u8 = 14;
|
||||||
pub const VERSION: u8 = 15;
|
pub const VERSION: u8 = 15;
|
||||||
pub const KEYS_CREATE: u8 = 16;
|
pub const KEYS_CREATE: u8 = 16;
|
||||||
pub const KEYS_GET: u8 = 17;
|
pub const KEYS_GET: u8 = 17;
|
||||||
|
@ -90,6 +90,15 @@ impl HeedAuthStore {
|
|||||||
let actions = if key.actions.contains(&Action::All) {
|
let actions = if key.actions.contains(&Action::All) {
|
||||||
// if key.actions contains All, we iterate over all actions.
|
// if key.actions contains All, we iterate over all actions.
|
||||||
Action::into_enum_iter().collect()
|
Action::into_enum_iter().collect()
|
||||||
|
} else if key.actions.contains(&Action::DocumentsAll) {
|
||||||
|
// if key.actions.contains.DocumentsAll add all actions related to documents.
|
||||||
|
let mut actions = key.actions.clone();
|
||||||
|
actions.append(&mut vec![
|
||||||
|
Action::DocumentsAdd,
|
||||||
|
Action::DocumentsGet,
|
||||||
|
Action::DocumentsDelete,
|
||||||
|
]);
|
||||||
|
actions
|
||||||
} else {
|
} else {
|
||||||
key.actions.clone()
|
key.actions.clone()
|
||||||
};
|
};
|
||||||
|
@ -11,10 +11,10 @@ pub static AUTHORIZATIONS: Lazy<HashMap<(&'static str, &'static str), HashSet<&'
|
|||||||
hashmap! {
|
hashmap! {
|
||||||
("POST", "/indexes/products/search") => hashset!{"search", "*"},
|
("POST", "/indexes/products/search") => hashset!{"search", "*"},
|
||||||
("GET", "/indexes/products/search") => hashset!{"search", "*"},
|
("GET", "/indexes/products/search") => hashset!{"search", "*"},
|
||||||
("POST", "/indexes/products/documents") => hashset!{"documents.add", "*"},
|
("POST", "/indexes/products/documents") => hashset!{"documents.add", "documents.*", "*"},
|
||||||
("GET", "/indexes/products/documents") => hashset!{"documents.get", "*"},
|
("GET", "/indexes/products/documents") => hashset!{"documents.get", "documents.*", "*"},
|
||||||
("GET", "/indexes/products/documents/0") => hashset!{"documents.get", "*"},
|
("GET", "/indexes/products/documents/0") => hashset!{"documents.get", "documents.*", "*"},
|
||||||
("DELETE", "/indexes/products/documents/0") => hashset!{"documents.delete", "*"},
|
("DELETE", "/indexes/products/documents/0") => hashset!{"documents.delete", "documents.*", "*"},
|
||||||
("GET", "/tasks") => hashset!{"tasks.get", "*"},
|
("GET", "/tasks") => hashset!{"tasks.get", "*"},
|
||||||
("GET", "/tasks?indexUid=products") => hashset!{"tasks.get", "*"},
|
("GET", "/tasks?indexUid=products") => hashset!{"tasks.get", "*"},
|
||||||
("GET", "/tasks/0") => hashset!{"tasks.get", "*"},
|
("GET", "/tasks/0") => hashset!{"tasks.get", "*"},
|
||||||
|
Loading…
Reference in New Issue
Block a user