diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/search/SearchClient.java b/openmetadata-service/src/main/java/org/openmetadata/service/search/SearchClient.java index 74f77ab71614..aa224ad4c7d8 100644 --- a/openmetadata-service/src/main/java/org/openmetadata/service/search/SearchClient.java +++ b/openmetadata-service/src/main/java/org/openmetadata/service/search/SearchClient.java @@ -14,14 +14,18 @@ import javax.ws.rs.core.Response; import lombok.Getter; import org.apache.commons.lang3.tuple.Pair; +import org.openmetadata.schema.api.searcg.SearchSettings; import org.openmetadata.schema.dataInsight.DataInsightChartResult; import org.openmetadata.schema.dataInsight.custom.DataInsightCustomChart; import org.openmetadata.schema.dataInsight.custom.DataInsightCustomChartResultList; import org.openmetadata.schema.service.configuration.elasticsearch.ElasticSearchConfiguration; +import org.openmetadata.schema.settings.SettingsType; import org.openmetadata.schema.tests.DataQualityReport; import org.openmetadata.schema.type.EntityReference; import org.openmetadata.service.exception.CustomExceptionMessage; +import org.openmetadata.service.resources.settings.SettingsCache; import org.openmetadata.service.search.models.IndexMapping; +import org.openmetadata.service.search.security.RBACConditionEvaluator; import org.openmetadata.service.security.policyevaluator.SubjectContext; import org.openmetadata.service.util.SSLUtil; import os.org.opensearch.action.bulk.BulkRequest; @@ -272,4 +276,15 @@ default List> fetchDIChartFields() throws IOException { } Object getLowLevelClient(); + + static boolean shouldApplyRbacConditions( + SubjectContext subjectContext, RBACConditionEvaluator rbacConditionEvaluator) { + return Boolean.TRUE.equals( + SettingsCache.getSetting(SettingsType.SEARCH_SETTINGS, SearchSettings.class) + .getEnableAccessControl()) + && subjectContext != null + && !subjectContext.isAdmin() + && !subjectContext.isBot() + && rbacConditionEvaluator != null; + } } diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/search/elasticsearch/ElasticSearchClient.java b/openmetadata-service/src/main/java/org/openmetadata/service/search/elasticsearch/ElasticSearchClient.java index 0a09f212d5a7..31a9360cc665 100644 --- a/openmetadata-service/src/main/java/org/openmetadata/service/search/elasticsearch/ElasticSearchClient.java +++ b/openmetadata-service/src/main/java/org/openmetadata/service/search/elasticsearch/ElasticSearchClient.java @@ -139,14 +139,12 @@ import org.apache.http.impl.client.BasicCredentialsProvider; import org.jetbrains.annotations.NotNull; import org.openmetadata.common.utils.CommonUtil; -import org.openmetadata.schema.api.searcg.SearchSettings; import org.openmetadata.schema.dataInsight.DataInsightChartResult; import org.openmetadata.schema.dataInsight.custom.DataInsightCustomChart; import org.openmetadata.schema.dataInsight.custom.DataInsightCustomChartResultList; import org.openmetadata.schema.dataInsight.custom.FormulaHolder; import org.openmetadata.schema.entity.data.EntityHierarchy__1; import org.openmetadata.schema.service.configuration.elasticsearch.ElasticSearchConfiguration; -import org.openmetadata.schema.settings.SettingsType; import org.openmetadata.schema.tests.DataQualityReport; import org.openmetadata.schema.type.EntityReference; import org.openmetadata.schema.type.Include; @@ -155,7 +153,6 @@ import org.openmetadata.service.Entity; import org.openmetadata.service.dataInsight.DataInsightAggregatorInterface; import org.openmetadata.service.jdbi3.DataInsightChartRepository; -import org.openmetadata.service.resources.settings.SettingsCache; import org.openmetadata.service.search.SearchClient; import org.openmetadata.service.search.SearchIndexUtils; import org.openmetadata.service.search.SearchRequest; @@ -2308,13 +2305,7 @@ public Object getLowLevelClient() { private void buildSearchRBACQuery( SubjectContext subjectContext, SearchSourceBuilder searchSourceBuilder) { - if (Boolean.TRUE.equals( - SettingsCache.getSetting(SettingsType.SEARCH_SETTINGS, SearchSettings.class) - .getEnableAccessControl()) - && subjectContext != null - && !subjectContext.isAdmin() - && !subjectContext.isBot() - && rbacConditionEvaluator != null) { + if (SearchClient.shouldApplyRbacConditions(subjectContext, rbacConditionEvaluator)) { OMQueryBuilder rbacQuery = rbacConditionEvaluator.evaluateConditions(subjectContext); if (rbacQuery != null) { searchSourceBuilder.query( diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/search/opensearch/OpenSearchClient.java b/openmetadata-service/src/main/java/org/openmetadata/service/search/opensearch/OpenSearchClient.java index 4a9a1994967c..f526651052b2 100644 --- a/openmetadata-service/src/main/java/org/openmetadata/service/search/opensearch/OpenSearchClient.java +++ b/openmetadata-service/src/main/java/org/openmetadata/service/search/opensearch/OpenSearchClient.java @@ -61,14 +61,12 @@ import org.apache.http.impl.client.BasicCredentialsProvider; import org.jetbrains.annotations.NotNull; import org.openmetadata.common.utils.CommonUtil; -import org.openmetadata.schema.api.searcg.SearchSettings; import org.openmetadata.schema.dataInsight.DataInsightChartResult; import org.openmetadata.schema.dataInsight.custom.DataInsightCustomChart; import org.openmetadata.schema.dataInsight.custom.DataInsightCustomChartResultList; import org.openmetadata.schema.dataInsight.custom.FormulaHolder; import org.openmetadata.schema.entity.data.EntityHierarchy__1; import org.openmetadata.schema.service.configuration.elasticsearch.ElasticSearchConfiguration; -import org.openmetadata.schema.settings.SettingsType; import org.openmetadata.schema.tests.DataQualityReport; import org.openmetadata.schema.type.EntityReference; import org.openmetadata.schema.type.Include; @@ -77,7 +75,6 @@ import org.openmetadata.service.Entity; import org.openmetadata.service.dataInsight.DataInsightAggregatorInterface; import org.openmetadata.service.jdbi3.DataInsightChartRepository; -import org.openmetadata.service.resources.settings.SettingsCache; import org.openmetadata.service.search.SearchClient; import org.openmetadata.service.search.SearchIndexUtils; import org.openmetadata.service.search.SearchRequest; @@ -2271,13 +2268,7 @@ public Object getLowLevelClient() { private void buildSearchRBACQuery( SubjectContext subjectContext, SearchSourceBuilder searchSourceBuilder) { - if (Boolean.TRUE.equals( - SettingsCache.getSetting(SettingsType.SEARCH_SETTINGS, SearchSettings.class) - .getEnableAccessControl()) - && subjectContext != null - && !subjectContext.isAdmin() - && !subjectContext.isBot() - && rbacConditionEvaluator != null) { + if (SearchClient.shouldApplyRbacConditions(subjectContext, rbacConditionEvaluator)) { OMQueryBuilder rbacQuery = rbacConditionEvaluator.evaluateConditions(subjectContext); if (rbacQuery != null) { searchSourceBuilder.query(