"mapping": {
            "type": "keyword"
          }
        }
      }
    ],
    "properties": {
      "user": {
        "type": "keyword"
      },
      "roles": {
        "type": "keyword"
      },
      "queryId": {
        "type": "keyword"
      },
      "searchWord": {
        "type": "keyword"
      },
      "requestedAt": {
        "type": "date",

            }
        }
    }

    /**
     * Builds role-based query filters using the provided role set.
     * This method adds should clauses for allowed roles and must-not clauses for denied roles.
     *
     * @param roleSet the set of roles to use for filtering
     * @param boolQuery the boolean query builder to add role filters to
     */

     * @param fields the array of fields associated with the search words
     * @param tags the array of tags associated with the search words
     * @param roles the array of roles associated with the search words
     * @param score the score associated with the search words
     * @param readingConverter the converter to use for converting readings

                                        <th><la:message key="labels.roles"/></th>
                                        <td><c:forEach var="rt" varStatus="s"
                                                       items="${roleItems}">
                                            <c:forEach var="rtid" varStatus="s" items="${roles}">
                                                <c:if test="${rtid==rt.id}">

 * governing permissions and limitations under the License.
 */
package org.codelibs.fess.app.web.admin.role;

/**
 * The search form for Role.
 */
public class SearchForm {

    /**
     * Default constructor for SearchForm.
     */
    public SearchForm() {
    }

    /**
     * The ID field for searching roles.
     */
    public String id;

        if (password != null) {
            sourceMap.put("password", password);
        }
        if (groups != null) {
            sourceMap.put("groups", groups);
        }
        if (roles != null) {
            sourceMap.put("roles", roles);
        }
        if (attributes != null) {
            sourceMap.putAll(attributes);
        }
        return sourceMap;
    }

     * For admin actions, verifies that the user has appropriate admin roles or
     * meets the secured annotation requirements.
     *
     * @param resource the login handling resource to check permission for
     * @throws LoginRequiredException if login is required
     * @throws UserRoleLoginException if the user doesn't have required roles
     */
    @Override

                if (fessConfig.isValidSearchLogPermissions(roles.toArray(new String[roles.size()]))) {
                    suggester.indexer()
                            .indexFromSearchWord(sb.toString(), fields.toArray(new String[fields.size()]),
                                    tags.toArray(new String[tags.size()]), roles.toArray(new String[roles.size()]), 1, langs);

    public void setRoles_Equal(String roles) {
        setRoles_Term(roles, null);
    }

    public void setRoles_Equal(String roles, ConditionOptionCall<TermQueryBuilder> opLambda) {
        setRoles_Term(roles, opLambda);
    }

    public void setRoles_Term(String roles) {
        setRoles_Term(roles, null);
    }

    public void setRoles_Term(String roles, ConditionOptionCall<TermQueryBuilder> opLambda) {

If you want to secure your API, there are several better things you can do, for example:

* Make sure you have well defined Pydantic models for your request bodies and responses.
* Configure any required permissions and roles using dependencies.
* Never store plaintext passwords, only password hashes.
* Implement and use well-known cryptographic tools, like pwdlib and JWT tokens, etc.
* Add more granular permission controls with OAuth2 scopes where needed.