mirror of
https://github.com/meilisearch/meilisearch.git
synced 2025-07-26 16:21:07 +00:00
Remove KeysGet from AllGet
This commit is contained in:
Mubelotix
@ -151,7 +151,7 @@ impl Key {
|
|||||||
name: Some("Default Read-Only Admin API Key".to_string()),
|
name: Some("Default Read-Only Admin API Key".to_string()),
|
||||||
description: Some("Use it to peek into the instance in a read-only mode. Caution! Do not expose it on a public frontend. It would give access to all other keys".to_string()),
|
description: Some("Use it to peek into the instance in a read-only mode. Caution! Do not expose it on a public frontend. It would give access to all other keys".to_string()),
|
||||||
uid,
|
uid,
|
||||||
actions: vec![Action::AllGet],
|
actions: vec![Action::AllGet, Action::KeysGet],
|
||||||
indexes: vec![IndexUidPattern::all()],
|
indexes: vec![IndexUidPattern::all()],
|
||||||
expires_at: None,
|
expires_at: None,
|
||||||
created_at: now,
|
created_at: now,
|
||||||
@ -444,14 +444,14 @@ impl Action {
|
|||||||
SnapshotsCreate => false,
|
SnapshotsCreate => false,
|
||||||
Version => true,
|
Version => true,
|
||||||
KeysAdd => false,
|
KeysAdd => false,
|
||||||
KeysGet => true,
|
KeysGet => false, // Disabled in order to prevent privilege escalation
|
||||||
KeysUpdate => false,
|
KeysUpdate => false,
|
||||||
KeysDelete => false,
|
KeysDelete => false,
|
||||||
ExperimentalFeaturesGet => true,
|
ExperimentalFeaturesGet => true,
|
||||||
ExperimentalFeaturesUpdate => false,
|
ExperimentalFeaturesUpdate => false,
|
||||||
NetworkGet => true,
|
NetworkGet => true,
|
||||||
NetworkUpdate => false,
|
NetworkUpdate => false,
|
||||||
ChatCompletions => false, // Disabled because it might trigger generation of new chats.
|
ChatCompletions => false, // Disabled because it might trigger generation of new chats
|
||||||
ChatsGet => true,
|
ChatsGet => true,
|
||||||
ChatsDelete => false,
|
ChatsDelete => false,
|
||||||
ChatsSettingsGet => true,
|
ChatsSettingsGet => true,
|
||||||
|
|||||||
Reference in New Issue
Block a user