Add a double action policy

2025-07-27 00:31:02 +00:00 · 2025-07-17 08:10:35 +02:00
parent fc8b6e0f9f
commit f349ba53a0
3 changed files with 22 additions and 2 deletions
--- a/crates/meilisearch-auth/src/lib.rs
+++ b/crates/meilisearch-auth/src/lib.rs
@ -3,6 +3,7 @@ pub mod error;
 mod store;

 use std::collections::{HashMap, HashSet};
+use std::ops::BitAnd;

 use error::{AuthControllerError, Result};
 use maplit::hashset;
--- a/crates/meilisearch/src/extractors/authentication/mod.rs
+++ b/crates/meilisearch/src/extractors/authentication/mod.rs
@ -138,7 +138,7 @@ pub trait Policy {
        auth: Data<AuthController>,
        token: &str,
        index: Option<&str>,
-    ) -> Result<AuthFilter, policies::AuthError>;
+    ) -> Result<AuthFilter, policies::AuthError> where Self: Sized;
 }

 pub mod policies {
@ -340,6 +340,24 @@ pub mod policies {
        }
    }

+    pub struct DoubleActionPolicy<const A: u8, const B: u8> {
+        policy_a: ActionPolicy<A>,
+        policy_b: ActionPolicy<B>,
+    }
+
+    impl<const A: u8, const B: u8> Policy for DoubleActionPolicy<A, B> {
+        fn authenticate(
+            auth: Data<AuthController>,
+            token: &str,
+            index: Option<&str>,
+        ) -> Result<AuthFilter, AuthError> {
+            let filter_a = ActionPolicy::<A>::authenticate(auth.clone(), token, index)?;
+            let _filter_b = ActionPolicy::<B>::authenticate(auth, token, index)?;
+
+            Ok(filter_a)
+        }
+    }
+
    #[derive(Debug, Serialize, Deserialize)]
    #[serde(rename_all = "camelCase")]
    struct Claims {
--- a/crates/meilisearch/src/routes/indexes/render.rs
+++ b/crates/meilisearch/src/routes/indexes/render.rs
@ -23,6 +23,7 @@ use utoipa::{IntoParams, OpenApi, ToSchema};
 use super::ActionPolicy;
 use crate::analytics::Analytics;
 use crate::error::MeilisearchHttpError;
+use crate::extractors::authentication::policies::DoubleActionPolicy;
 use crate::extractors::authentication::GuardedData;
 use crate::extractors::sequential_extractor::SeqHandler;
 use crate::routes::indexes::similar_analytics::{SimilarAggregator, SimilarGET, SimilarPOST};
@ -79,7 +80,7 @@ pub fn configure(cfg: &mut web::ServiceConfig) {
    )
 )]
 pub async fn render_post(
-    index_scheduler: GuardedData<ActionPolicy<{ actions::SETTINGS_GET }>, Data<IndexScheduler>>,
+    index_scheduler: GuardedData<DoubleActionPolicy<{ actions::SETTINGS_GET }, { actions::DOCUMENTS_GET }>, Data<IndexScheduler>>,
    index_uid: web::Path<String>,
    params: AwebJson<RenderQuery, DeserrJsonError>,
    req: HttpRequest,