Addesed last 2 comments

opensearch-project · Oct 4, 2023 · 18e7e9f · 18e7e9f
1 parent ef0a327
commit 18e7e9f
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 5 deletions.
diff --git a/src/main/java/org/opensearch/security/dlic/rest/api/SecurityConfigApiAction.java b/src/main/java/org/opensearch/security/dlic/rest/api/SecurityConfigApiAction.java
@@ -86,10 +86,8 @@ boolean accessHandler(final RestRequest request) {
         switch (request.method()) {
             case PATCH:
             case PUT:
-                if (!allowPutOrPatch && !restApiAdminEnabled) {
-                    return false;
-                } else if (allowPutOrPatch && !restApiAdminEnabled) {
-                    return true;
+                if (!restApiAdminEnabled) {
+                    return allowPutOrPatch;
                 } else {
                     return securityApiDependencies.restApiAdminPrivilegesEvaluator()
                         .isCurrentUserAdminFor(endpoint, SECURITY_CONFIG_UPDATE);

diff --git a/src/test/java/org/opensearch/security/securityconf/SecurityRolesPermissionsTest.java b/src/test/java/org/opensearch/security/securityconf/SecurityRolesPermissionsTest.java
@@ -183,7 +183,7 @@ public void hasExplicitClusterPermissionPermissionForRestAdminWitFullAccess() {
 
     @Test
     public void hasExplicitClusterPermissionPermissionForRestAdmin() {
-        // verify all endpoint except SSL
+        // verify all endpoint except SSL and verify CONFIG endpoints
         final Collection<Endpoint> noSslEndpoints = ENDPOINTS_WITH_PERMISSIONS.keySet()
             .stream()
             .filter(e -> e != Endpoint.SSL && e != Endpoint.CONFIG)