[GitHub] [solr] tflobbe commented on a diff in pull request #1359: SOLR-16658 List of permissions returned to Admin UI is not complete

["tflobbe (via GitHub)" <gi...@apache.org>]

tflobbe commented on code in PR #1359:
URL: https://github.com/apache/solr/pull/1359#discussion_r1153902800


##########
solr/core/src/java/org/apache/solr/handler/admin/SystemInfoHandler.java:
##########
@@ -339,7 +341,10 @@ public SimpleOrderedMap<Object> getSecurityInfo(SolrQueryRequest req) {
         RuleBasedAuthorizationPluginBase rbap = (RuleBasedAuthorizationPluginBase) auth;
         Set<String> roles = rbap.getUserRoles(req.getUserPrincipal());
         info.add("roles", roles);
-        info.add("permissions", rbap.getPermissionNamesForRoles(roles));
+        info.add(
+            "permissions",
+            rbap.getPermissionNamesForRoles(
+                Stream.concat(roles.stream(), Stream.of("*", null)).collect(Collectors.toSet())));

Review Comment:
   I'm hitting a NPE with Solr 9.2 in this line. I believe the issue is that `roles` can actually be null, if the user has no roles defined. Unfortunately, this is the case for the `$` user, that we use in `PKIAuthenticationPlugin`, this this causes the `/solr/admin/info/system` API not to work when using `nodes` (which the UI uses to populate the Nodes tab). 



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org