Authentication: AuthFilter::allow_index_creation both check that the index is authorized and the IndexCreate action

meilisearch-auth/src/lib.rs

@@ -173,8 +173,8 @@ impl Default for AuthFilter {
 
 impl AuthFilter {
     #[inline]
-    pub fn allow_index_creation(&self) -> bool {
-        self.allow_index_creation
+    pub fn allow_index_creation(&self, index: &str) -> bool {
+        self.allow_index_creation && self.is_index_authorized(index)
     }
 
     pub fn with_allowed_indexes(allowed_indexes: HashSet<IndexUidPattern>) -> Self {

meilisearch/src/routes/indexes/documents.rs

@@ -192,7 +192,7 @@ pub async fn replace_documents(
 
     analytics.add_documents(&params, index_scheduler.index(&index_uid).is_err(), &req);
 
-    let allow_index_creation = index_scheduler.filters().allow_index_creation();
+    let allow_index_creation = index_scheduler.filters().allow_index_creation(&index_uid);
     let task = document_addition(
         extract_mime_type(&req)?,
         index_scheduler,
@@ -223,7 +223,7 @@ pub async fn update_documents(
 
     analytics.update_documents(&params, index_scheduler.index(&index_uid).is_err(), &req);
 
-    let allow_index_creation = index_scheduler.filters().allow_index_creation();
+    let allow_index_creation = index_scheduler.filters().allow_index_creation(&index_uid);
     let task = document_addition(
         extract_mime_type(&req)?,
         index_scheduler,

meilisearch/src/routes/indexes/mod.rs

@@ -120,8 +120,7 @@ pub async fn create_index(
 ) -> Result<HttpResponse, ResponseError> {
     let IndexCreateRequest { primary_key, uid } = body.into_inner();
 
-    // FIXME: allow_index_creation?
-    let allow_index_creation = index_scheduler.filters().is_index_authorized(&uid);
+    let allow_index_creation = index_scheduler.filters().allow_index_creation(&uid);
     if allow_index_creation {
         analytics.publish(
             "Index Created".to_string(),

meilisearch/src/routes/indexes/settings.rs

@@ -45,7 +45,8 @@ macro_rules! make_setting_route {
 
                 let new_settings = Settings { $attr: Setting::Reset.into(), ..Default::default() };
 
-                let allow_index_creation = index_scheduler.filters().allow_index_creation();
+                let allow_index_creation =
+                    index_scheduler.filters().allow_index_creation(&index_uid);
 
                 let task = KindWithContent::SettingsUpdate {
                     index_uid: index_uid.to_string(),
@@ -86,7 +87,8 @@ macro_rules! make_setting_route {
                     ..Default::default()
                 };
 
-                let allow_index_creation = index_scheduler.filters().allow_index_creation();
+                let allow_index_creation =
+                    index_scheduler.filters().allow_index_creation(&index_uid);
 
                 let task = KindWithContent::SettingsUpdate {
                     index_uid: index_uid.to_string(),
@@ -560,7 +562,7 @@ pub async fn update_all(
         Some(&req),
     );
 
-    let allow_index_creation = index_scheduler.filters().allow_index_creation();
+    let allow_index_creation = index_scheduler.filters().allow_index_creation(&index_uid);
     let index_uid = IndexUid::try_from(index_uid.into_inner())?.into_inner();
     let task = KindWithContent::SettingsUpdate {
         index_uid,
@@ -596,7 +598,7 @@ pub async fn delete_all(
 
     let new_settings = Settings::cleared().into_unchecked();
 
-    let allow_index_creation = index_scheduler.filters().allow_index_creation();
+    let allow_index_creation = index_scheduler.filters().allow_index_creation(&index_uid);
     let index_uid = IndexUid::try_from(index_uid.into_inner())?.into_inner();
     let task = KindWithContent::SettingsUpdate {
         index_uid,