[
https://issues.apache.org/jira/browse/SOLR-13900?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17439119#comment-17439119
]
Jan Høydahl commented on SOLR-13900:
------------------------------------
I managed to reproduce this with the new Security edit UI screen.
# I added a permission to the end. This writes a security.json without index
params
# Then edited that permission, to move it to position 2 (now security.json is
written with indexes)
# Then I deleted permission 2 again - this leaves a hole, so it is now 1, 3,
4, 5, 6, 7
# Then I tried to delete the last permission in the list (7). Nothing happens,
no errors
# Then I tried to delete the second to last (6). That caused (7) to be
deleted. Now the security.json was re-written with new indices
So I believe you found the problem. I think perhaps that every edit action,
including delete-by-index should re-order the index numbers for all permissions
before a write. Alternatively, never re-order the indexes, but that sounds a
bit strange.
> Permissions deleting works wrong
> --------------------------------
>
> Key: SOLR-13900
> URL: https://issues.apache.org/jira/browse/SOLR-13900
> Project: Solr
> Issue Type: Bug
> Components: Authorization, security
> Reporter: Yuliia Sydoruk
> Priority: Major
>
> Permissions indexes in security.json file do not correspond to indexes while
> deleting.
> The line
> {{(141) setIndex(p);}}
> in
> [https://github.com/apache/lucene-solr/blob/master/solr/core/src/java/org/apache/solr/security/AutorizationEditOperation.java]
> makes indexes renumber before deleting and it leads to wrong behavior.
> *USE CASE 1:*
> There are 2 new permissions added to security.json (with indexes 13 and 14):
> {code:java}
> ....
> {
> "role":"admin",
> "name":"schema-edit",
> "index":12},
> {
> "collection":"<collectionName>",
> "path":"/schema/*",
> "role":"test-role",
> "index":13},
> {
> "path":"/admin/collections",
> "params":{"collection":["testCollection"]},
> "role":"test-role",
> "index":14}
> ....
> {code}
> Step 1: remove the permission with index=13; result: permission is deleted
> correctly, security.json is next:
> {code:java}
> ....
> {
> "role":"admin",
> "name":"schema-edit",
> "index":12,
> {
> "path":"/admin/collections",
> "params":{"collection":["testCollection"]},
> "role":"test-role",
> "index":14}
> ....
> {code}
> Step 2: try to remove the permission with index=14; result: "No such index:
> 14" error is returned.
> *USE CASE 2:*
> There are 3 new permissions added to security.json (with indexes 13, 14 and
> 15):
> {code:json}
> ....
> {
> "role":"admin",
> "name":"schema-edit",
> "index":12},
> {
> "collection":"<collectionName>",
> "path":"/schema/*",
> "role":"test-role",
> "index":13},
> {
> "path":"/admin/collections",
> "params":{"collection":["testCollection"]},
> "role":"test-role",
> "index":14},
> {
> "path":"/admin/collections",
> "params":\{"collection":["anotherTestCollection"]},
> "role":"test-role",
> "index":15}
> ....
> {code}
> Step 1: remove the permission with index=13; result: permission is deleted
> correctly, security.json becomes next:
> {code:json}
> ....
> {
> "role":"admin",
> "name":"schema-edit",
> "index":12},
> {
> "path":"/admin/collections",
> "params":{"collection":["testCollection"]},
> "role":"test-role", "index":14},
> {
> "path":"/admin/collections",
> "params":{"collection":["anotherTestCollection"]},
> "role":"test-role",
> "index":15}
> ....
> {code}
>
> Step 2: try to remove the permission with index=14; result: permission with
> index 15 is deleted, which is *wrong*
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
