From 18e7e9f1a25e7b93c0b9e5c26963f6ec0836b624 Mon Sep 17 00:00:00 2001 From: Andrey Pleskach Date: Wed, 4 Oct 2023 20:29:17 +0200 Subject: [PATCH] Addesed last 2 comments --- .../security/dlic/rest/api/SecurityConfigApiAction.java | 6 ++---- .../security/securityconf/SecurityRolesPermissionsTest.java | 2 +- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/src/main/java/org/opensearch/security/dlic/rest/api/SecurityConfigApiAction.java b/src/main/java/org/opensearch/security/dlic/rest/api/SecurityConfigApiAction.java index 34c08b726f..f71135ce50 100644 --- a/src/main/java/org/opensearch/security/dlic/rest/api/SecurityConfigApiAction.java +++ b/src/main/java/org/opensearch/security/dlic/rest/api/SecurityConfigApiAction.java @@ -86,10 +86,8 @@ boolean accessHandler(final RestRequest request) { switch (request.method()) { case PATCH: case PUT: - if (!allowPutOrPatch && !restApiAdminEnabled) { - return false; - } else if (allowPutOrPatch && !restApiAdminEnabled) { - return true; + if (!restApiAdminEnabled) { + return allowPutOrPatch; } else { return securityApiDependencies.restApiAdminPrivilegesEvaluator() .isCurrentUserAdminFor(endpoint, SECURITY_CONFIG_UPDATE); diff --git a/src/test/java/org/opensearch/security/securityconf/SecurityRolesPermissionsTest.java b/src/test/java/org/opensearch/security/securityconf/SecurityRolesPermissionsTest.java index b722fd64d7..9d104381a6 100644 --- a/src/test/java/org/opensearch/security/securityconf/SecurityRolesPermissionsTest.java +++ b/src/test/java/org/opensearch/security/securityconf/SecurityRolesPermissionsTest.java @@ -183,7 +183,7 @@ public void hasExplicitClusterPermissionPermissionForRestAdminWitFullAccess() { @Test public void hasExplicitClusterPermissionPermissionForRestAdmin() { - // verify all endpoint except SSL + // verify all endpoint except SSL and verify CONFIG endpoints final Collection noSslEndpoints = ENDPOINTS_WITH_PERMISSIONS.keySet() .stream() .filter(e -> e != Endpoint.SSL && e != Endpoint.CONFIG)