This is an automated email from the ASF dual-hosted git repository. noble pushed a commit to branch jira/SOLR-15768 in repository https://gitbox.apache.org/repos/asf/solr.git
commit 9788ad22fd9c9f348c88d03dcf31b25848601d43 Author: Noble Paul <[email protected]> AuthorDate: Thu Nov 4 21:42:20 2021 +1100 untested patch --- solr/core/src/java/org/apache/solr/api/AnnotatedApi.java | 12 +++++++++--- .../java/org/apache/solr/handler/admin/ZookeeperReadAPI.java | 9 ++++++++- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/solr/core/src/java/org/apache/solr/api/AnnotatedApi.java b/solr/core/src/java/org/apache/solr/api/AnnotatedApi.java index 2aa65fe..6e7de18 100644 --- a/solr/core/src/java/org/apache/solr/api/AnnotatedApi.java +++ b/solr/core/src/java/org/apache/solr/api/AnnotatedApi.java @@ -74,6 +74,7 @@ public class AnnotatedApi extends Api implements PermissionNameProvider , Closea private final Map<String, Cmd> commands ; private final Cmd singletonCommand; private final Api fallback; + private final PermissionNameProvider permissionNameProvider; @Override public void close() throws IOException { @@ -111,6 +112,7 @@ public class AnnotatedApi extends Api implements PermissionNameProvider , Closea } catch (IllegalAccessException e) { throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, "Method may be non-public/inaccessible", e); } + PermissionNameProvider pnp = obj instanceof PermissionNameProvider ? (PermissionNameProvider) obj : null; if (klas.isAnnotationPresent(EndPoint.class)) { EndPoint endPoint = klas.getAnnotation(EndPoint.class); List<Method> methods = new ArrayList<>(); @@ -129,7 +131,7 @@ public class AnnotatedApi extends Api implements PermissionNameProvider , Closea throw new RuntimeException("No method with @Command in class: " + klas.getName()); } SpecProvider specProvider = readSpec(endPoint, methods); - return Collections.singletonList(new AnnotatedApi(specProvider, endPoint, commands, null)); + return Collections.singletonList(new AnnotatedApi(specProvider, endPoint, commands, null, pnp)); } else { List<Api> apis = new ArrayList<>(); for (Method m : klas.getMethods()) { @@ -137,7 +139,7 @@ public class AnnotatedApi extends Api implements PermissionNameProvider , Closea if (endPoint == null) continue; Cmd cmd = new Cmd("", obj, m); SpecProvider specProvider = readSpec(endPoint, Collections.singletonList(m)); - apis.add(new AnnotatedApi(specProvider, endPoint, Collections.singletonMap("", cmd), null)); + apis.add(new AnnotatedApi(specProvider, endPoint, Collections.singletonMap("", cmd), null, pnp)); } if (!allowEmpty && apis.isEmpty()) { throw new RuntimeException("Invalid Class : " + klas.getName() + " No @EndPoints"); @@ -147,12 +149,16 @@ public class AnnotatedApi extends Api implements PermissionNameProvider , Closea } } - protected AnnotatedApi(SpecProvider specProvider, EndPoint endPoint, Map<String, Cmd> commands, Api fallback) { + protected AnnotatedApi(SpecProvider specProvider, EndPoint endPoint, Map<String, Cmd> commands, Api fallback, + PermissionNameProvider permissionNameProvider) { super(specProvider); this.endPoint = endPoint; this.fallback = fallback; this.commands = commands; this.singletonCommand = commands.get(""); + this.permissionNameProvider = permissionNameProvider == null ? + request -> endPoint.permission() : + permissionNameProvider; } @Override diff --git a/solr/core/src/java/org/apache/solr/handler/admin/ZookeeperReadAPI.java b/solr/core/src/java/org/apache/solr/handler/admin/ZookeeperReadAPI.java index 0220ca5..f0dab4a 100644 --- a/solr/core/src/java/org/apache/solr/handler/admin/ZookeeperReadAPI.java +++ b/solr/core/src/java/org/apache/solr/handler/admin/ZookeeperReadAPI.java @@ -39,6 +39,8 @@ import org.apache.solr.core.CoreContainer; import org.apache.solr.handler.RequestHandlerUtils; import org.apache.solr.request.SolrQueryRequest; import org.apache.solr.response.SolrQueryResponse; +import org.apache.solr.security.AuthorizationContext; +import org.apache.solr.security.PermissionNameProvider; import org.apache.zookeeper.KeeperException; import org.apache.zookeeper.data.Stat; @@ -56,7 +58,7 @@ import static org.apache.solr.security.PermissionNameProvider.Name.ZK_READ_PERM; * @lucene.experimental */ -public class ZookeeperReadAPI { +public class ZookeeperReadAPI implements PermissionNameProvider { private final CoreContainer coreContainer; public ZookeeperReadAPI(CoreContainer coreContainer) { @@ -144,4 +146,9 @@ public class ZookeeperReadAPI { ew.put("dataLength", stat.getDataLength()); } + @Override + public Name getPermissionName(AuthorizationContext ctx) { + String path = ctx.getResource(); + return path.contains("/security.json") ? Name.SECURITY_READ_PERM : ZK_READ_PERM; + } }
