Re: [PR] SOLR-16907: Reserve some 8.x security permission names [solr]

Wed, 01 Nov 2023 09:57:21 -0700 


uschindler commented on code in PR #2040:
URL: https://github.com/apache/solr/pull/2040#discussion_r1379023438


##########
solr/core/src/java/org/apache/solr/security/Permission.java:
##########
@@ -160,7 +164,12 @@ public String toString() {
     return Utils.toJSONString(originalConfig);
   }
 
+  static final Set<String> predefinedPermissionAllowedKeys =
+      Set.of("collection", "role", NAME, "index");
+  static final Set<String> customPermissionAdditionalKeys = Set.of("method", 
"path", "params");
   static final Set<String> knownKeys =
-      Set.of("collection", "role", "params", "path", "method", NAME, "index");
+      Stream.concat(
+              predefinedPermissionAllowedKeys.stream(), 
customPermissionAdditionalKeys.stream())
+          .collect(Collectors.toSet());

Review Comment:
   Should better be `Collectors.toUnmodifiableSet`.



##########
solr/core/src/java/org/apache/solr/security/Permission.java:
##########
@@ -52,18 +53,21 @@ static Permission load(Map<?, ?> m) {
     p.role = readValueAsSet(m, "role");
     if (PermissionNameProvider.Name.get(name) != null) {
       p.wellknownName = PermissionNameProvider.Name.get(name);
-      HashSet<String> disAllowed = new HashSet<>(knownKeys);
-      disAllowed.remove("role"); // these are the only
-      disAllowed.remove(NAME); // allowed keys for well-known permissions
-      disAllowed.remove("collection"); // allowed keys for well-known 
permissions
-      disAllowed.remove("index");
-      for (String s : disAllowed) {
+      for (String s : customPermissionAdditionalKeys) {
         if (m.containsKey(s))
           throw new SolrException(
               SolrException.ErrorCode.BAD_REQUEST,
               s + " is not a valid key for the permission : " + name);
       }
+    } else if 
(customPermissionAdditionalKeys.stream().noneMatch(m.keySet()::contains)) {

Review Comment:
   It might be better to iterate over stream of `m.keySet()` if it is generally 
smaller in size. I don't know the details but to me it looks like `m.size()` is 
generally small!?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

Reply via email to