snowykami/meilisearch
1
0
Fork 0
mirror of https://github.com/meilisearch/meilisearch.git synced 2025-07-27 00:31:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix(auth): Forbid index creation on alternates routes

Browse Source 
Forbid index creation on alternates routes when the action `index.create` is not given

fix #2024
This commit is contained in:
Maxime Legendre
2021-12-15 14:52:33 +01:00
committed by Maxime Legendre
parent 845d3114ea
commit a845cd8880
11 changed files with 213 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
meilisearch-auth/src/lib.rs
View File

@ -69,6 +69,11 @@ impl AuthController {
if !key.indexes.iter().any(|i| i.as_str() == "*") {
filters.indexes = Some(key.indexes);
}
filters.allow_index_creation = key
.actions
.iter()
.any(|&action| action == Action::IndexesAdd || action == Action::All);
}
Ok(filters)
@ -118,9 +123,18 @@ impl AuthController {
}
}
#[derive(Default)]
pub struct AuthFilter {
pub indexes: Option<Vec<String>>,
pub allow_index_creation: bool,
}
impl Default for AuthFilter {
fn default() -> Self {
Self {
indexes: None,
allow_index_creation: true,
}
}
}
pub fn generate_key(master_key: &[u8], uid: &str) -> String {