janhoy opened a new pull request, #1294: URL: https://github.com/apache/solr/pull/1294
https://issues.apache.org/jira/browse/SOLR-16621 Always grant access to a permission that has has the wildcard `"*"` role, no matter what roles user has. Note, this is not the same as not requiring authentication for the permission, `"roles": null`. It means that the permission needs an authenticated user, but any role will do. Also, this is just UI stuff so will not modify actual permissions on the API level, but will align role checking logic so it matches that of the backend. To test: 1. Start Solr and enable security ```bash ./gradlew dev cd solr/packaging/build/dev/ bin/solr start -c bin/solr auth enable -credentials solr:solr -blockUnknown true ``` 2. Log in to Admin UI with 'solr' and 'solr': http://localhost:8983/solr/#/~security 3. Edit the permissions 'security-edit' and 'security-read' to have `*` as role 4. The user can still see the Security Dashboard and edit permissions (To confirm the bug, do the same test on main branch and see that user is blocked from security dashboard once the permissions are changed to `role=*`). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org