Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
Description
Permissions indexes in security.json file do not correspond to indexes while deleting.
The line
(141) setIndex(p);
in https://github.com/apache/lucene-solr/blob/master/solr/core/src/java/org/apache/solr/security/AutorizationEditOperation.java makes indexes renumber before deleting and it leads to wrong behavior.
USE CASE 1:
There are 2 new permissions added to security.json (with indexes 13 and 14):
.... { "role":"admin", "name":"schema-edit", "index":12}, { "collection":"<collectionName>", "path":"/schema/*", "role":"test-role", "index":13}, { "path":"/admin/collections", "params":{"collection":["testCollection"]}, "role":"test-role", "index":14} ....
Step 1: remove the permission with index=13; result: permission is deleted correctly, security.json is next:
.... { "role":"admin", "name":"schema-edit", "index":12, { "path":"/admin/collections", "params":{"collection":["testCollection"]}, "role":"test-role", "index":14} ....
Step 2: try to remove the permission with index=14; result: "No such index: 14" error is returned.
USE CASE 2:
There are 3 new permissions added to security.json (with indexes 13, 14 and 15):
.... { "role":"admin", "name":"schema-edit", "index":12}, { "collection":"<collectionName>", "path":"/schema/*", "role":"test-role", "index":13}, { "path":"/admin/collections", "params":{"collection":["testCollection"]}, "role":"test-role", "index":14}, { "path":"/admin/collections", "params":\{"collection":["anotherTestCollection"]}, "role":"test-role", "index":15} ....
Step 1: remove the permission with index=13; result: permission is deleted correctly, security.json becomes next:
.... { "role":"admin", "name":"schema-edit", "index":12}, { "path":"/admin/collections", "params":{"collection":["testCollection"]}, "role":"test-role", "index":14}, { "path":"/admin/collections", "params":{"collection":["anotherTestCollection"]}, "role":"test-role", "index":15} ....
Step 2: try to remove the permission with index=14; result: permission with index 15 is deleted, which is wrong