File tree 1 file changed +16
-0
lines changed
src/main/java/org/opensearch/security/privileges
1 file changed +16
-0
lines changed Original file line number Diff line number Diff line change @@ -700,6 +700,22 @@ static class IndexPrivileges {
700700 this .explicitlyRequiredIndexActions = explicitlyRequiredIndexActions ;
701701 }
702702
703+ /**
704+ * Checks whether this instance provides privileges for the combination of the provided action,
705+ * the provided indices and the provided roles.
706+ * <p>
707+ * Returns a PrivilegesEvaluatorResponse with allowed=true if privileges are available.
708+ * <p>
709+ * If privileges are only available for a sub-set of indices, isPartiallyOk() will return true
710+ * and the indices for which privileges are available are returned by getAvailableIndices(). This allows the
711+ * do_not_fail_on_forbidden behaviour.
712+ * <p>
713+ * This method will only verify privileges for the index/action combinations which are un-checked in
714+ * the checkTable instance provided to this method. Checked index/action combinations are considered to be
715+ * "already fulfilled by other means" - usually that comes from the stateful data structure.
716+ * As a side-effect, this method will further mark the available index/action combinations in the provided
717+ * checkTable instance as checked.
718+ */
703719 PrivilegesEvaluatorResponse providesPrivilege (
704720 PrivilegesEvaluationContext context ,
705721 Set <String > actions ,
You can’t perform that action at this time.
0 commit comments