TODO

n1v0lg · n1v0lg · commit 9fbac06c1268 · 2025-02-04T16:36:31.000+01:00
diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/RBACEngine.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/RBACEngine.java
@@ -876,7 +876,6 @@ static AuthorizedIndices resolveAuthorizedIndicesFromRole(
             // TODO: can this be done smarter? I think there are usually more indices/aliases in the cluster then indices defined a roles?
             if (includeDataStreams) {
                 for (IndexAbstraction indexAbstraction : lookup.values()) {
-                    // TODO this can be cleaned up and optimized to avoid two full predicate checks
                     final boolean dataAccess = predicate.test(indexAbstraction, IndexComponentSelector.DATA.getKey());
                     // TODO should we still add data stream if it only has failure access?
                     final boolean failureAccess = indexAbstraction.getType() == IndexAbstraction.Type.DATA_STREAM
@@ -891,7 +890,6 @@ static AuthorizedIndices resolveAuthorizedIndicesFromRole(
                             }
                             if (failureAccess) {
                                 for (Index index : ((DataStream) indexAbstraction).getFailureIndices()) {
-                                    // failure indices are still accessed as "data"
                                     indicesAndAliases.add(index.getName());
                                 }
                             }

Original file line number	Diff line number	Diff line change
`@@ -876,7 +876,6 @@ static AuthorizedIndices resolveAuthorizedIndicesFromRole(`
`876`	`876`	`// TODO: can this be done smarter? I think there are usually more indices/aliases in the cluster then indices defined a roles?`
`877`	`877`	`if (includeDataStreams) {`
`878`	`878`	`for (IndexAbstraction indexAbstraction : lookup.values()) {`
`879`		`- // TODO this can be cleaned up and optimized to avoid two full predicate checks`
`880`	`879`	`final boolean dataAccess = predicate.test(indexAbstraction, IndexComponentSelector.DATA.getKey());`
`881`	`880`	`// TODO should we still add data stream if it only has failure access?`
`882`	`881`	`final boolean failureAccess = indexAbstraction.getType() == IndexAbstraction.Type.DATA_STREAM`
`@@ -891,7 +890,6 @@ static AuthorizedIndices resolveAuthorizedIndicesFromRole(`
`891`	`890`	`}`
`892`	`891`	`if (failureAccess) {`
`893`	`892`	`for (Index index : ((DataStream) indexAbstraction).getFailureIndices()) {`
`894`		`- // failure indices are still accessed as "data"`
`895`	`893`	`indicesAndAliases.add(index.getName());`
`896`	`894`	`}`
`897`	`895`	`}`