if (values.length > 1) {
                final String[] roles = values[1].split(roleSeparator);
                for (final String role : roles) {
                    if (StringUtil.isNotEmpty(role)) {
                        roleSet.add(role);
                    }
                }
            }
        } else {
            final String[] roles = rolesStr.split(roleSeparator);
            for (final String role : roles) {

            this.groups = groups;
        }

        /**
         * Sets the user's role assignments.
         * @param roles Array of role names.
         */
        public synchronized void setRoles(final String[] roles) {
            this.roles = roles;
        }

        /**
         * Resets permissions to force recalculation on next getPermissions() call.

     * @param roles array of roles to filter results
     * @param fields array of fields to search in
     * @param excludes array of words to exclude from results
     * @return list of popular words matching the criteria
     */
    public List<String> getWordList(final SearchRequestType searchRequestType, final String seed, final String[] tags, final String[] roles,

                if (fessConfig.isValidSearchLogPermissions(roles.toArray(new String[roles.size()]))) {
                    suggester.indexer()
                            .indexFromSearchWord(sb.toString(), fields.toArray(new String[fields.size()]),
                                    tags.toArray(new String[tags.size()]), roles.toArray(new String[roles.size()]), 1, langs);

    }

    /**
     * Processes sub-roles for the specified LDAP user.
     *
     * @param ldapUser the LDAP user to process sub-roles for
     * @param bindDn the bind DN for LDAP connection
     * @param subRoleSet the set of sub-roles to process
     * @param groupFilter the group filter pattern
     * @param roleSet the set of roles to update
     */

     */
    public static boolean hasActionRole(final String role) {
        final String[] roles;
        if (role.endsWith(FessAdminAction.VIEW)) {
            roles = new String[] { role, role.substring(0, role.length() - FessAdminAction.VIEW.length()) };
        } else {
            roles = new String[] { role };
        }

Si quieres asegurar tu API, hay varias cosas mejores que puedes hacer, por ejemplo:

* Asegúrate de tener modelos Pydantic bien definidos para tus request bodies y responses.
* Configura los permisos y roles necesarios usando dependencias.
* Nunca guardes contraseñas en texto plano, solo hashes de contraseñas.
* Implementa y utiliza herramientas criptográficas bien conocidas, como pwdlib y JWT tokens, etc.

If you want to secure your API, there are several better things you can do, for example:

* Make sure you have well defined Pydantic models for your request bodies and responses.
* Configure any required permissions and roles using dependencies.
* Never store plaintext passwords, only password hashes.
* Implement and use well-known cryptographic tools, like pwdlib and JWT tokens, etc.
* Add more granular permission controls with OAuth2 scopes where needed.

public class SearchEngineApiManager extends BaseApiManager {
    private static final String ADMIN_SERVER = "/admin/server_";

    private static final Logger logger = LogManager.getLogger(SearchEngineApiManager.class);

    /** Roles that are allowed to access the search engine API */
    protected String[] acceptedRoles = { "admin" };

    /**
     * Default constructor.
     * Initializes the API manager with the admin server path prefix.
     */

            parameters {
                keepClassesByCoordinates = keepPatterns
            }
        }
    }
    afterEvaluate {
        // Without afterEvaluate, configurations.all runs before the configurations' roles are set.
        // This is yet another reason we need configuration factory methods.
        // workaround for https://github.com/gradle/gradle/issues/12459