You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucene.apache.org by is...@apache.org on 2017/04/13 12:03:10 UTC
lucene-solr:branch_6x: SOLR-6736: Fix authorization permissions
Repository: lucene-solr
Updated Branches:
refs/heads/branch_6x acf302202 -> 23e3582c9
SOLR-6736: Fix authorization permissions
Project: http://git-wip-us.apache.org/repos/asf/lucene-solr/repo
Commit: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/23e3582c
Tree: http://git-wip-us.apache.org/repos/asf/lucene-solr/tree/23e3582c
Diff: http://git-wip-us.apache.org/repos/asf/lucene-solr/diff/23e3582c
Branch: refs/heads/branch_6x
Commit: 23e3582c95d899aec26a9dfcb895eac0b0e1bd06
Parents: acf3022
Author: Ishan Chattopadhyaya <is...@apache.org>
Authored: Thu Apr 13 17:31:22 2017 +0530
Committer: Ishan Chattopadhyaya <is...@apache.org>
Committed: Thu Apr 13 17:32:53 2017 +0530
----------------------------------------------------------------------
.../apache/solr/handler/admin/ConfigSetsHandler.java | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/23e3582c/solr/core/src/java/org/apache/solr/handler/admin/ConfigSetsHandler.java
----------------------------------------------------------------------
diff --git a/solr/core/src/java/org/apache/solr/handler/admin/ConfigSetsHandler.java b/solr/core/src/java/org/apache/solr/handler/admin/ConfigSetsHandler.java
index d3489df..3f857e7 100644
--- a/solr/core/src/java/org/apache/solr/handler/admin/ConfigSetsHandler.java
+++ b/solr/core/src/java/org/apache/solr/handler/admin/ConfigSetsHandler.java
@@ -306,13 +306,15 @@ public class ConfigSetsHandler extends RequestHandlerBase implements PermissionN
@Override
public Name getPermissionName(AuthorizationContext ctx) {
- switch (ctx.getHttpMethod()) {
- case "GET":
- return Name.CONFIG_READ_PERM;
- case "POST":
+ String a = ctx.getParams().get(ConfigSetParams.ACTION);
+ if (a != null) {
+ ConfigSetAction action = ConfigSetAction.get(a);
+ if (action == ConfigSetAction.CREATE || action == ConfigSetAction.DELETE || action == ConfigSetAction.UPLOAD) {
return Name.CONFIG_EDIT_PERM;
- default:
- return null;
+ } else if (action == ConfigSetAction.LIST) {
+ return Name.CONFIG_READ_PERM;
+ }
}
+ return null;
}
}