You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@solr.apache.org by no...@apache.org on 2021/11/04 10:42:39 UTC

[solr] 01/01: untested patch

This is an automated email from the ASF dual-hosted git repository.

noble pushed a commit to branch jira/SOLR-15768
in repository https://gitbox.apache.org/repos/asf/solr.git

commit 9788ad22fd9c9f348c88d03dcf31b25848601d43
Author: Noble Paul <no...@gmail.com>
AuthorDate: Thu Nov 4 21:42:20 2021 +1100

    untested patch
---
 solr/core/src/java/org/apache/solr/api/AnnotatedApi.java     | 12 +++++++++---
 .../java/org/apache/solr/handler/admin/ZookeeperReadAPI.java |  9 ++++++++-
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/solr/core/src/java/org/apache/solr/api/AnnotatedApi.java b/solr/core/src/java/org/apache/solr/api/AnnotatedApi.java
index 2aa65fe..6e7de18 100644
--- a/solr/core/src/java/org/apache/solr/api/AnnotatedApi.java
+++ b/solr/core/src/java/org/apache/solr/api/AnnotatedApi.java
@@ -74,6 +74,7 @@ public class AnnotatedApi extends Api implements PermissionNameProvider , Closea
   private final Map<String, Cmd> commands ;
   private final Cmd singletonCommand;
   private final Api fallback;
+  private final PermissionNameProvider permissionNameProvider;
 
   @Override
   public void close() throws IOException {
@@ -111,6 +112,7 @@ public class AnnotatedApi extends Api implements PermissionNameProvider , Closea
     } catch (IllegalAccessException e) {
       throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, "Method may be non-public/inaccessible", e);
     }
+    PermissionNameProvider pnp = obj instanceof PermissionNameProvider ? (PermissionNameProvider) obj : null;
     if (klas.isAnnotationPresent(EndPoint.class)) {
       EndPoint endPoint = klas.getAnnotation(EndPoint.class);
       List<Method> methods = new ArrayList<>();
@@ -129,7 +131,7 @@ public class AnnotatedApi extends Api implements PermissionNameProvider , Closea
         throw new RuntimeException("No method with @Command in class: " + klas.getName());
       }
       SpecProvider specProvider = readSpec(endPoint, methods);
-      return Collections.singletonList(new AnnotatedApi(specProvider, endPoint, commands, null));
+      return Collections.singletonList(new AnnotatedApi(specProvider, endPoint, commands, null, pnp));
     } else {
       List<Api> apis = new ArrayList<>();
       for (Method m : klas.getMethods()) {
@@ -137,7 +139,7 @@ public class AnnotatedApi extends Api implements PermissionNameProvider , Closea
         if (endPoint == null) continue;
         Cmd cmd = new Cmd("", obj, m);
         SpecProvider specProvider = readSpec(endPoint, Collections.singletonList(m));
-        apis.add(new AnnotatedApi(specProvider, endPoint, Collections.singletonMap("", cmd), null));
+        apis.add(new AnnotatedApi(specProvider, endPoint, Collections.singletonMap("", cmd), null, pnp));
       }
       if (!allowEmpty && apis.isEmpty()) {
         throw new RuntimeException("Invalid Class : " + klas.getName() + " No @EndPoints");
@@ -147,12 +149,16 @@ public class AnnotatedApi extends Api implements PermissionNameProvider , Closea
     }
   }
 
-  protected AnnotatedApi(SpecProvider specProvider, EndPoint endPoint, Map<String, Cmd> commands, Api fallback) {
+  protected AnnotatedApi(SpecProvider specProvider, EndPoint endPoint, Map<String, Cmd> commands, Api fallback,
+                         PermissionNameProvider permissionNameProvider) {
     super(specProvider);
     this.endPoint = endPoint;
     this.fallback = fallback;
     this.commands = commands;
     this.singletonCommand = commands.get("");
+    this.permissionNameProvider = permissionNameProvider == null ?
+            request -> endPoint.permission() :
+            permissionNameProvider;
   }
 
   @Override
diff --git a/solr/core/src/java/org/apache/solr/handler/admin/ZookeeperReadAPI.java b/solr/core/src/java/org/apache/solr/handler/admin/ZookeeperReadAPI.java
index 0220ca5..f0dab4a 100644
--- a/solr/core/src/java/org/apache/solr/handler/admin/ZookeeperReadAPI.java
+++ b/solr/core/src/java/org/apache/solr/handler/admin/ZookeeperReadAPI.java
@@ -39,6 +39,8 @@ import org.apache.solr.core.CoreContainer;
 import org.apache.solr.handler.RequestHandlerUtils;
 import org.apache.solr.request.SolrQueryRequest;
 import org.apache.solr.response.SolrQueryResponse;
+import org.apache.solr.security.AuthorizationContext;
+import org.apache.solr.security.PermissionNameProvider;
 import org.apache.zookeeper.KeeperException;
 import org.apache.zookeeper.data.Stat;
 
@@ -56,7 +58,7 @@ import static org.apache.solr.security.PermissionNameProvider.Name.ZK_READ_PERM;
  * @lucene.experimental
  */
 
-public class ZookeeperReadAPI {
+public class ZookeeperReadAPI implements PermissionNameProvider {
   private final CoreContainer coreContainer;
 
   public ZookeeperReadAPI(CoreContainer coreContainer) {
@@ -144,4 +146,9 @@ public class ZookeeperReadAPI {
     ew.put("dataLength", stat.getDataLength());
   }
 
+  @Override
+  public Name getPermissionName(AuthorizationContext ctx) {
+    String path = ctx.getResource();
+    return path.contains("/security.json") ? Name.SECURITY_READ_PERM : ZK_READ_PERM;
+  }
 }