in opensearch-notebooks/src/main/kotlin/org/opensearch/notebooks/security/UserAccessManager.kt [38:67]
fun validateUser(user: User?) {
if (isUserPrivateTenant(user) && user?.name == null) {
throw OpenSearchStatusException("User name not provided for private tenant access",
RestStatus.FORBIDDEN)
}
when (PluginSettings.filterBy) {
FilterBy.NoFilter -> { // No validation
}
FilterBy.User -> { // User name must be present
user?.name
?: throw OpenSearchStatusException("Filter-by enabled with security disabled",
RestStatus.FORBIDDEN)
}
FilterBy.Roles -> { // backend roles must be present
if (user == null || user.roles.isNullOrEmpty()) {
throw OpenSearchStatusException("User doesn't have roles configured. Contact administrator.",
RestStatus.FORBIDDEN)
} else if (user.roles.stream().filter { !PluginSettings.ignoredRoles.contains(it) }.count() == 0L) {
throw OpenSearchStatusException("No distinguishing roles configured. Contact administrator.",
RestStatus.FORBIDDEN)
}
}
FilterBy.BackendRoles -> { // backend roles must be present
if (user?.backendRoles.isNullOrEmpty()) {
throw OpenSearchStatusException("User doesn't have backend roles configured. Contact administrator.",
RestStatus.FORBIDDEN)
}
}
}
}