Skip to content

Commit b790c94

Browse files
n1v0lgn1v0lg
committed
Moar
1 parent 47af8c3 commit b790c94

File tree

1 file changed

+8
-4
lines changed
  • x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/permission

1 file changed

+8
-4
lines changed

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/permission/Role.java

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,6 @@
4242
import java.util.Map;
4343
import java.util.Objects;
4444
import java.util.Set;
45-
import java.util.stream.Collectors;
4645

4746
public interface Role {
4847

@@ -463,13 +462,18 @@ static SimpleRole buildFromRoleDescriptor(
463462
);
464463

465464
for (RoleDescriptor.IndicesPrivileges indexPrivilege : roleDescriptor.getIndicesPrivileges()) {
466-
if (Arrays.stream(indexPrivilege.getPrivileges()).map(String::toLowerCase).collect(Collectors.toSet()).contains("all")) {
465+
String[] privileges = indexPrivilege.getPrivileges();
466+
// TODO properly handle this
467+
// flag is true if privileges contain read_failures or all
468+
boolean shouldIncludeFailureAccess = Arrays.stream(privileges)
469+
.anyMatch(p -> p.equalsIgnoreCase("read_failures") || p.equalsIgnoreCase("all"));
470+
if (shouldIncludeFailureAccess) {
467471
builder.add(
468472
fieldPermissionsCache.getFieldPermissions(
469473
new FieldPermissionsDefinition(indexPrivilege.getGrantedFields(), indexPrivilege.getDeniedFields())
470474
),
471475
indexPrivilege.getQuery() == null ? null : Collections.singleton(indexPrivilege.getQuery()),
472-
IndexPrivilege.get(Sets.newHashSet(indexPrivilege.getPrivileges())),
476+
IndexPrivilege.get(Sets.newHashSet(privileges)),
473477
indexPrivilege.allowRestrictedIndices(),
474478
IndexComponentSelector.FAILURES,
475479
indexPrivilege.getIndices()
@@ -480,7 +484,7 @@ static SimpleRole buildFromRoleDescriptor(
480484
new FieldPermissionsDefinition(indexPrivilege.getGrantedFields(), indexPrivilege.getDeniedFields())
481485
),
482486
indexPrivilege.getQuery() == null ? null : Collections.singleton(indexPrivilege.getQuery()),
483-
IndexPrivilege.get(Sets.newHashSet(indexPrivilege.getPrivileges())),
487+
IndexPrivilege.get(Sets.newHashSet(privileges)),
484488
indexPrivilege.allowRestrictedIndices(),
485489
IndexComponentSelector.DATA,
486490
indexPrivilege.getIndices()

0 commit comments

Comments
 (0)