You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucene.apache.org by is...@apache.org on 2017/04/13 12:03:10 UTC

lucene-solr:branch_6x: SOLR-6736: Fix authorization permissions

Repository: lucene-solr
Updated Branches:
  refs/heads/branch_6x acf302202 -> 23e3582c9


SOLR-6736: Fix authorization permissions


Project: http://git-wip-us.apache.org/repos/asf/lucene-solr/repo
Commit: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/23e3582c
Tree: http://git-wip-us.apache.org/repos/asf/lucene-solr/tree/23e3582c
Diff: http://git-wip-us.apache.org/repos/asf/lucene-solr/diff/23e3582c

Branch: refs/heads/branch_6x
Commit: 23e3582c95d899aec26a9dfcb895eac0b0e1bd06
Parents: acf3022
Author: Ishan Chattopadhyaya <is...@apache.org>
Authored: Thu Apr 13 17:31:22 2017 +0530
Committer: Ishan Chattopadhyaya <is...@apache.org>
Committed: Thu Apr 13 17:32:53 2017 +0530

----------------------------------------------------------------------
 .../apache/solr/handler/admin/ConfigSetsHandler.java  | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/23e3582c/solr/core/src/java/org/apache/solr/handler/admin/ConfigSetsHandler.java
----------------------------------------------------------------------
diff --git a/solr/core/src/java/org/apache/solr/handler/admin/ConfigSetsHandler.java b/solr/core/src/java/org/apache/solr/handler/admin/ConfigSetsHandler.java
index d3489df..3f857e7 100644
--- a/solr/core/src/java/org/apache/solr/handler/admin/ConfigSetsHandler.java
+++ b/solr/core/src/java/org/apache/solr/handler/admin/ConfigSetsHandler.java
@@ -306,13 +306,15 @@ public class ConfigSetsHandler extends RequestHandlerBase implements PermissionN
 
   @Override
   public Name getPermissionName(AuthorizationContext ctx) {
-    switch (ctx.getHttpMethod()) {
-      case "GET":
-        return Name.CONFIG_READ_PERM;
-      case "POST":
+    String a = ctx.getParams().get(ConfigSetParams.ACTION);
+    if (a != null) {
+      ConfigSetAction action = ConfigSetAction.get(a);
+      if (action == ConfigSetAction.CREATE || action == ConfigSetAction.DELETE || action == ConfigSetAction.UPLOAD) {
         return Name.CONFIG_EDIT_PERM;
-      default:
-        return null;
+      } else if (action == ConfigSetAction.LIST) {
+        return Name.CONFIG_READ_PERM;
+      }
     }
+    return null;
   }
 }