This commit is contained in:
Benjamin Trent
GitHub
parent
f13f55ede3
commit
b110164bf4
|
|
@ -173,10 +173,9 @@ public class TransportPutDataFrameTransformAction
|
|||
// Early check to verify that the user can create the destination index and can read from the source
|
||||
if (licenseState.isAuthAllowed()) {
|
||||
final String username = securityContext.getUser().principal();
|
||||
RoleDescriptor.IndicesPrivileges sourceIndexPrivileges = RoleDescriptor.IndicesPrivileges.builder()
|
||||
.indices(config.getSource().getIndex())
|
||||
.privileges("read")
|
||||
.build();
|
||||
List<String> srcPrivileges = new ArrayList<>(2);
|
||||
srcPrivileges.add("read");
|
||||
|
||||
List<String> destPrivileges = new ArrayList<>(3);
|
||||
destPrivileges.add("read");
|
||||
destPrivileges.add("index");
|
||||
|
|
@ -184,12 +183,19 @@ public class TransportPutDataFrameTransformAction
|
|||
// We should check that the creating user has the privileges to create the index.
|
||||
if (concreteDest.length == 0) {
|
||||
destPrivileges.add("create_index");
|
||||
// We need to read the source indices mapping to deduce the destination mapping
|
||||
srcPrivileges.add("view_index_metadata");
|
||||
}
|
||||
RoleDescriptor.IndicesPrivileges destIndexPrivileges = RoleDescriptor.IndicesPrivileges.builder()
|
||||
.indices(destIndex)
|
||||
.privileges(destPrivileges)
|
||||
.build();
|
||||
|
||||
RoleDescriptor.IndicesPrivileges sourceIndexPrivileges = RoleDescriptor.IndicesPrivileges.builder()
|
||||
.indices(config.getSource().getIndex())
|
||||
.privileges(srcPrivileges)
|
||||
.build();
|
||||
|
||||
HasPrivilegesRequest privRequest = new HasPrivilegesRequest();
|
||||
privRequest.applicationPrivileges(new RoleDescriptor.ApplicationResourcePrivileges[0]);
|
||||
privRequest.username(username);
|
||||
|
|
|
|||
Loading…
Reference in New Issue