honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

bug: Invalid role causing NPE 

https://github.com/elasticsearch/elasticsearch-shield/issues/116

This removes null predicates that result from roles without any privileges.

Original commit: elastic/x-pack-elasticsearch@9e90237f1c
This commit is contained in:
c-a-m 2014-10-08 16:48:09 -06:00
parent f69c1c616a
commit 07875c530c
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/main/java/org/elasticsearch/shield/authz/InternalAuthorizationService.java
View File

@ -39,19 +39,21 @@ public class InternalAuthorizationService extends AbstractComponent implements A
}
@Override
@SuppressWarnings("unchecked")
public ImmutableList<String> authorizedIndicesAndAliases(User user, String action) {
String[] roles = user.roles();
if (roles.length == 0) {
return ImmutableList.of();
}
Predicate[] predicates = new Predicate[roles.length];
for (int i = 0; i < roles.length; i++) {
Permission.Global global = rolesStore.permission(roles[i]);
predicates[i] = global.indices().allowedIndicesMatcher(action);
ImmutableList.Builder<Predicate<String>> predicates = ImmutableList.builder();
for (String role: roles) {
Permission.Global global = rolesStore.permission(role);
if (global != null) {
predicates.add(global.indices().allowedIndicesMatcher(action));
}
}
ImmutableList.Builder<String> indicesAndAliases = ImmutableList.builder();
Predicate<String> predicate = Predicates.or(predicates);
Predicate<String> predicate = Predicates.or(predicates.build());
MetaData metaData = clusterService.state().metaData();
for (String index : metaData.concreteAllIndices()) {
if (predicate.apply(index)) {