<label for="roles" class="col-sm-3 text-sm-right col-form-label"><la:message
                                            key="labels.roles"/></label>
                                    <div class="col-sm-9">
                                        <la:errors property="roles"/>
                                        <la:select styleId="roles" property="roles" multiple="true"

      },
      "gidNumber" : {
        "type" : "long"
      },
      "homeDirectory" : {
        "type" : "keyword"
      },
      "groups": {
        "type": "keyword"
      },
      "roles": {
        "type": "keyword"
      }
    }

     * For admin actions, verifies that the user has appropriate admin roles or
     * meets the secured annotation requirements.
     *
     * @param resource the login handling resource to check permission for
     * @throws LoginRequiredException if login is required
     * @throws UserRoleLoginException if the user doesn't have required roles
     */
    @Override

 * Provides access to user name, roles, groups, and permissions.
 */
public interface FessUser extends Serializable {

    /**
     * Gets the user's display name.
     * @return The user's name.
     */
    String getName();

    /**
     * Gets the user's assigned role names.
     * @return Array of role names.
     */
    String[] getRoleNames();

    /**

    /**
     * Checks if the current user has the specified action role or administrative privileges.
     *
     * @param role the role to check (supports both view and edit variants)
     * @return true if the user has the role or admin privileges, false otherwise
     */
    public static boolean hasActionRole(final String role) {
        final String[] roles;
        if (role.endsWith(FessAdminAction.VIEW)) {

If you want to secure your API, there are several better things you can do, for example:

* Make sure you have well defined Pydantic models for your request bodies and responses.
* Configure any required permissions and roles using dependencies.
* Never store plaintext passwords, only password hashes.
* Implement and use well-known cryptographic tools, like pwdlib and JWT tokens, etc.
* Add more granular permission controls with OAuth2 scopes where needed.

                throw new WebApiException(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e);
            }
        }
    }

    /**
     * Sets the roles that are allowed to access the search engine API.
     *
     * @param acceptedRoles array of role names that can access the API
     */
    public void setAcceptedRoles(final String[] acceptedRoles) {
        this.acceptedRoles = acceptedRoles;
    }

    /**

                if (fessConfig.isValidSearchLogPermissions(roles.toArray(new String[roles.size()]))) {
                    suggester.indexer()
                            .indexFromSearchWord(sb.toString(), fields.toArray(new String[fields.size()]),
                                    tags.toArray(new String[tags.size()]), roles.toArray(new String[roles.size()]), 1, langs);

    /** OpenID Connect default roles. */
    @Size(max = 1000)
    public String oicDefaultRoles;

    /** SAML service provider base URL. */
    @Size(max = 1000)
    public String samlSpBaseUrl;

    /** SAML attribute name for group membership. */
    @Size(max = 1000)
    public String samlAttributeGroupName;

    /** SAML attribute name for role membership. */
    @Size(max = 1000)

        String[] tags = new String[] { "tag1" };
        String[] roles = new String[] { "role1" };
        String[] langs = new String[] { "ja" };

        SuggestAnalyzer analyzer = suggester.settings().analyzer().new DefaultContentsAnalyzer();
        SuggestItem item = defaultContentsParser.parseSearchWords(words, readings, fields, tags, roles, 10, createDefaultReadingConverter(),