-
Notifications
You must be signed in to change notification settings - Fork 24.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Has privileges API for profiles (#85898)
This introduces a new Security API `_security/profile/_has_privileges` that can be used to verify which Users have the requested privileges, given their associated User Profiles. Multiple profile uids can be specified in a single has privileges request. This is analogous to the existing Has privileges API. It also uses the same format for specifying the privileges to be checked, and should be used in the same situations (ie to run an authorization preflight check or to verify privileges over application resources). However, unlike the existing has privilege API, this can be used to check the privileges of multiple users (not only of the currently authenticated one), but the users must have an existing profile, and the response is binary only (either it has or it does not have the requested privileges). Calling this API requires the `manage_user_profile` cluster privilege.
- Loading branch information
1 parent
1bc90ea
commit 3d4234e
Showing
36 changed files
with
1,969 additions
and
588 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
pr: 85898 | ||
summary: Has privileges API for profiles | ||
area: Authorization | ||
type: feature | ||
issues: [] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
20 changes: 20 additions & 0 deletions
20
...in/java/org/elasticsearch/xpack/core/security/action/user/ProfileHasPrivilegesAction.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
package org.elasticsearch.xpack.core.security.action.user; | ||
|
||
import org.elasticsearch.action.ActionType; | ||
|
||
public class ProfileHasPrivilegesAction extends ActionType<ProfileHasPrivilegesResponse> { | ||
|
||
public static final ProfileHasPrivilegesAction INSTANCE = new ProfileHasPrivilegesAction(); | ||
public static final String NAME = "cluster:admin/xpack/security/profile/has_privileges"; | ||
|
||
private ProfileHasPrivilegesAction() { | ||
super(NAME, ProfileHasPrivilegesResponse::new); | ||
} | ||
} |
Oops, something went wrong.