[GitHub] [solr] dsmiley commented on a change in pull request #372: SOLR-11623 Every request handler in Solr implement PermissionNameProvider

Thu, 28 Oct 2021 05:41:19 -0700 


dsmiley commented on a change in pull request #372:
URL: https://github.com/apache/solr/pull/372#discussion_r738347507



##########
File path: 
solr/core/src/java/org/apache/solr/security/PermissionNameProvider.java
##########
@@ -48,6 +48,7 @@
     SECURITY_EDIT_PERM("security-edit", null),
     SECURITY_READ_PERM("security-read", null),
     METRICS_READ_PERM("metrics-read", null),
+    HEALTH_PERM("health", unmodifiableSet(new HashSet<>(asList("*", null)))),

Review comment:
       Please use Java 11 stuff now, like Set.of("*", null)

##########
File path: 
solr/core/src/java/org/apache/solr/handler/DocumentAnalysisRequestHandler.java
##########
@@ -345,4 +346,9 @@ private ContentStream 
extractSingleContentStream(SolrQueryRequest req) {
     }
     return stream;
   }
+
+  @Override
+  public Name getPermissionName(AuthorizationContext request) {
+    return Name.READ_PERM;

Review comment:
       I looked and I don't see this handler using the index, it only analyzes 
the input and returns it.  Text Analysis as a Service.  ALL perm seems 
appropriate.

##########
File path: 
solr/core/src/java/org/apache/solr/handler/admin/LukeRequestHandler.java
##########
@@ -105,6 +106,11 @@
 
   static final int HIST_ARRAY_SIZE = 33;
 
+  @Override
+  public Name getPermissionName(AuthorizationContext request) {
+    return Name.CONFIG_READ_PERM;

Review comment:
       It exposes data so should be READ_PERM; right?  Perhaps you are thinking 
CONFIG_READ_PERM implies READ_PERM but I don't think so (not where I work; 
customer data is restricted to us engineers even).

##########
File path: solr/core/src/java/org/apache/solr/handler/DumpRequestHandler.java
##########
@@ -126,4 +127,9 @@ public void init(NamedList<?> args) {
       if (nl!=null) subpaths = nl.getAll("subpath");
     }
   }
+
+  @Override
+  public Name getPermissionName(AuthorizationContext request) {
+    return Name.CONFIG_READ_PERM;

Review comment:
       Given remote streaming is off by default and we warn about enabling it, 
lets assume it's not used and just return ALL.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

Reply via email to