e3e61d79acb835d3d9105a68b86ad87b618fbb84,src/main/java/org/elasticsearch/plugin/readonlyrest/acl/blocks/rules/impl/IndicesRule.java,IndicesRule,match,#RequestContext#,51

Before Change



    boolean hasAll = false;

    for (String idx : rc.getIndices()) {

      // For searches, we need to match to existing indices
      if (rc.getActionRequest() instanceof SearchRequest) {

After Change


  }
  
  @Override
  public RuleExitResult match(RequestContext rc) {
    if (rc.getActionRequest() instanceof SearchRequest) {
      // 1. Requesting none or all the indices means requesting allowed indices..
      if (rc.getIndices().size() == 0 || (rc.getIndices().contains("_all"))) {
        rc.setIndices(configuredWildcards.getMatchers());
        return MATCH;
      }

      // ----- Now you requested SOME indices, let's see if and what we can allow in..

      // 2. All indices match by wildcard?
      if (configuredWildcards.filter(rc.getIndices()).size() == rc.getIndices().size()) {
        return MATCH;
      }

      // 2.1 Detect non-wildcard requested indices that do not exist and return 404 (compatibility with vanilla ES)
      Set<String> real = rc.getAvailableIndicesAndAliases();
      for (final String idx : rc.getIndices()) {
        if (!idx.contains("*") && !real.contains(idx)) {
          rc.setIndices(new HashSet<String>(1) {{
            add(idx);
          }});
          return MATCH;
        }
      }

      // 3. indices match by reverse-wildcard?
      // Expand requested indices to a subset of indices available in ES
      Set<String> expansion = new MatcherWithWildcards(rc.getIndices()).filter(rc.getAvailableIndicesAndAliases());

      // 4. Your request expands to no actual index, fine with me, it will return 404 on its own!
      if (expansion.size() == 0) {
        return MATCH;
      }