Fix Document GET with DLS terms query

Signed-off-by: Craig Perkins <[email protected]>

src/main/java/org/opensearch/security/configuration/DlsFlsFilterLeafReader.java

@@ -232,7 +232,7 @@ public DlsGetEvaluator(final Query dlsQuery, final LeafReader in, boolean applyD
                 // https://github.com/apache/lucene-solr/blob/branch_6_3/lucene/misc/src/java/org/apache/lucene/index/PKIndexSplitter.java
                 final IndexSearcher searcher = new IndexSearcher(DlsFlsFilterLeafReader.this);
                 searcher.setQueryCache(null);
-                final Weight preserveWeight = searcher.createWeight(dlsQuery, ScoreMode.COMPLETE_NO_SCORES, 1f);
+                final Weight preserveWeight = searcher.rewrite(dlsQuery).createWeight(searcher, ScoreMode.COMPLETE_NO_SCORES, 1f);
 
                 final int maxDoc = in.maxDoc();
                 final FixedBitSet bits = new FixedBitSet(maxDoc);

src/test/java/org/opensearch/security/dlic/dlsfls/DlsTest.java

@@ -35,6 +35,13 @@ protected void populateData(Client tc) {
             new IndexRequest("deals").id("1").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"amount\": 1500}", XContentType.JSON)
         ).actionGet();
 
+        tc.index(
+            new IndexRequest("terms").id("0").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"foo\": \"bar\"}", XContentType.JSON)
+        ).actionGet();
+        tc.index(
+            new IndexRequest("terms").id("1").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"foo\": \"baz\"}", XContentType.JSON)
+        ).actionGet();
+
         try {
             Thread.sleep(3000);
         } catch (InterruptedException e) {
@@ -44,6 +51,7 @@ protected void populateData(Client tc) {
         System.out.println("q");
         System.out.println(Strings.toString(XContentType.JSON, tc.search(new SearchRequest().indices(".opendistro_security")).actionGet()));
         tc.search(new SearchRequest().indices("deals")).actionGet();
+        tc.search(new SearchRequest().indices("terms")).actionGet();
     }
 
     @Test
@@ -251,6 +259,32 @@ public void testDls() throws Exception {
 
     }
 
+    @Test
+    public void testDlsWithTermsQuery() throws Exception {
+
+        setup();
+
+        HttpResponse res;
+
+        Assert.assertEquals(
+            HttpStatus.SC_OK,
+            (res = rh.executeGetRequest("/terms/_search?pretty", encodeBasicHeader("dept_manager", "password"))).getStatusCode()
+        );
+        Assert.assertTrue(res.getBody().contains("\"value\" : 1,\n      \"relation"));
+        Assert.assertTrue(res.getBody().contains("\"failed\" : 0"));
+
+        Assert.assertEquals(
+            HttpStatus.SC_OK,
+            (res = rh.executeGetRequest("/terms/_doc/0", encodeBasicHeader("dept_manager", "password"))).getStatusCode()
+        );
+        Assert.assertTrue(res.getBody().contains("\"foo\": \"bar\""));
+
+        Assert.assertEquals(
+            HttpStatus.SC_NOT_FOUND,
+            rh.executeGetRequest("/terms/_doc/1", encodeBasicHeader("dept_manager", "password")).getStatusCode()
+        );
+    }
+
     @Test
     public void testNonDls() throws Exception {
 

src/test/resources/dlsfls/roles.yml

@@ -2482,3 +2482,12 @@ logs_index_with_dls:
       masked_fields: null
       allowed_actions:
         - "OPENDISTRO_SECURITY_READ"
+
+terms_index_with_dls:
+  index_permissions:
+    - index_patterns:
+        - "terms"
+      dls: "{ \"terms\": { \"foo\" : [\"bar\"] } }"
+      masked_fields: null
+      allowed_actions:
+        - "OPENDISTRO_SECURITY_READ"

src/test/resources/dlsfls/roles_mapping.yml

@@ -247,3 +247,7 @@ opendistro_security_mapped:
 logs_index_with_dls:
   users:
     - dept_manager
+
+terms_index_with_dls:
+  users:
+    - dept_manager