janhoy opened a new pull request, #1359: URL: https://github.com/apache/solr/pull/1359
https://issues.apache.org/jira/browse/SOLR-16658 It's a trappy design to allow "null" keys in maps like this. And to define a "null" role in a permission in Admin UI security editor you need to actively de-select all roles, which took me a while to figure. Not trying to fix this here, but at least trying to resolve correct set of permissions for a given user, taking into account that permissions may have `*` or `null` roles. I discovered this bug when working with a quite open-ended security.json for JWT, where some endpoints don't require authentication and all others do require auth, but we don't care what role the user has, e.g. ```json "permissions":[ { "name": "info", "role": null, "collection": null, "path": "/admin/info/system" }, { "name": "health", "role": null }, { "name": "all", "role": "*" } ] ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org
