in plugin/src/main/java/org/opensearch/ml/permission/AccessController.java [27:55]
public static boolean checkUserPermissions(User requestedUser, User resourceUser, String modelId) {
if (requestedUser == null || resourceUser == null) {
// requestUser would be null if Security is disabled or request user is super admin
// resourceUser is null means this model doesn't have user assigned with.
return true;
}
if (resourceUser.getBackendRoles() == null || requestedUser.getBackendRoles() == null) {
// return false if backend roles mismatch.
return false;
}
// Check if requested user has backend role required to access the resource
for (String backendRole : requestedUser.getBackendRoles()) {
if (resourceUser.getBackendRoles().contains(backendRole)) {
log
.debug(
"User: "
+ requestedUser.getName()
+ " has backend role: "
+ backendRole
+ " permissions to access model: "
+ modelId
);
return true;
}
}
return false;
}