janhoy commented on code in PR #2040:
URL: https://github.com/apache/solr/pull/2040#discussion_r1379365149
##########
solr/core/src/java/org/apache/solr/security/Permission.java:
##########
@@ -52,18 +53,21 @@ static Permission load(Map<?, ?> m) {
p.role = readValueAsSet(m, "role");
if (PermissionNameProvider.Name.get(name) != null) {
p.wellknownName = PermissionNameProvider.Name.get(name);
- HashSet<String> disAllowed = new HashSet<>(knownKeys);
- disAllowed.remove("role"); // these are the only
- disAllowed.remove(NAME); // allowed keys for well-known permissions
- disAllowed.remove("collection"); // allowed keys for well-known
permissions
- disAllowed.remove("index");
- for (String s : disAllowed) {
+ for (String s : customPermissionAdditionalKeys) {
if (m.containsKey(s))
throw new SolrException(
SolrException.ErrorCode.BAD_REQUEST,
s + " is not a valid key for the permission : " + name);
}
+ } else if
(customPermissionAdditionalKeys.stream().noneMatch(m.keySet()::contains)) {
Review Comment:
I tried the other way around but IntelliJ complained about "suspicious"
code, and somehow it did not work either. There are only a few values anyway
and this code is run once during parsing of security.json, so leaving as is.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
