in opensearch-notebooks/src/main/kotlin/org/opensearch/notebooks/security/UserAccessManager.kt [133:152]
fun doesUserHasAccess(user: User?, tenant: String, access: List<String>): Boolean {
if (user == null) { // Security is disabled
return true
}
if (getUserTenant(user) != tenant) {
return false
}
if (canAdminViewAllItems(user)) {
return true
}
return when (PluginSettings.filterBy) {
FilterBy.NoFilter -> true
FilterBy.User -> access.contains("$USER_TAG${user.name}")
FilterBy.Roles -> user.roles.stream()
.filter { !PluginSettings.ignoredRoles.contains(it) }
.map { "$ROLE_TAG$it" }
.anyMatch { it in access }
FilterBy.BackendRoles -> user.backendRoles.map { "$BACKEND_ROLE_TAG$it" }.any { it in access }
}
}