Fills the hasExplicitIndexPermission method in v6 config

Signed-off-by: Darshit Chanpura <dchanp@amazon.com>

src/main/java/org/opensearch/security/securityconf/ConfigModelV6.java

@@ -455,8 +455,27 @@ public boolean hasExplicitIndexPermission(
             IndexNameExpressionResolver resolver,
             ClusterService cs
         ) {
-            // TODO: Handle this scenario in V6 config
-            return false;
+            final Set<String> indicesForRequest = new HashSet<>(resolved.getAllIndicesResolved(cs, resolver));
+            if (indicesForRequest.isEmpty()) {
+                // If no indices could be found on the request there is no way to check for the explicit permissions
+                return false;
+            }
+
+            final Set<String> explicitlyAllowedIndices = roles.stream()
+                .map(role -> role.getAllResolvedPermittedIndices(resolved, user, actions, resolver, cs, true))
+                .flatMap(Collection::stream)
+                .collect(Collectors.toSet());
+
+            if (log.isDebugEnabled()) {
+                log.debug(
+                    "ExplicitIndexPermission check indices for request {}, explicitly allowed indices {}",
+                    indicesForRequest.toString(),
+                    explicitlyAllowedIndices.toString()
+                );
+            }
+
+            indicesForRequest.removeAll(explicitlyAllowedIndices);
+            return indicesForRequest.isEmpty();
         }
 
         // opensearchDashboards special only, terms eval
@@ -469,7 +488,7 @@ public Set<String> getAllPermittedIndicesForDashboards(
         ) {
             Set<String> retVal = new HashSet<>();
             for (SecurityRole sr : roles) {
-                retVal.addAll(sr.getAllResolvedPermittedIndices(Resolved._LOCAL_ALL, user, actions, resolver, cs));
+                retVal.addAll(sr.getAllResolvedPermittedIndices(Resolved._LOCAL_ALL, user, actions, resolver, cs, false));
                 retVal.addAll(resolved.getRemoteIndices());
             }
             return Collections.unmodifiableSet(retVal);
@@ -479,7 +498,7 @@ public Set<String> getAllPermittedIndicesForDashboards(
         public Set<String> reduce(Resolved resolved, User user, String[] actions, IndexNameExpressionResolver resolver, ClusterService cs) {
             Set<String> retVal = new HashSet<>();
             for (SecurityRole sr : roles) {
-                retVal.addAll(sr.getAllResolvedPermittedIndices(resolved, user, actions, resolver, cs));
+                retVal.addAll(sr.getAllResolvedPermittedIndices(resolved, user, actions, resolver, cs, false));
             }
             if (log.isDebugEnabled()) {
                 log.debug("Reduced requested resolved indices {} to permitted indices {}.", resolved, retVal.toString());
@@ -547,7 +566,8 @@ private Set<String> getAllResolvedPermittedIndices(
             User user,
             String[] actions,
             IndexNameExpressionResolver resolver,
-            ClusterService cs
+            ClusterService cs,
+            boolean matchExplicitly
         ) {
 
             final Set<String> retVal = new HashSet<>();
@@ -556,7 +576,11 @@ private Set<String> getAllResolvedPermittedIndices(
                 boolean patternMatch = false;
                 final Set<TypePerm> tperms = p.getTypePerms();
                 for (TypePerm tp : tperms) {
-                    if (tp.typeMatcher.matchAny(resolved.getTypes())) {
+                    // if matchExplicitly is true we don't want to match against `*` pattern
+                    WildcardMatcher matcher = matchExplicitly && (tp.getTypeMatcher() == WildcardMatcher.ANY)
+                        ? WildcardMatcher.NONE
+                        : tp.getTypeMatcher();
+                    if (matcher.matchAny(resolved.getTypes())) {
                         patternMatch = tp.getPerms().matchAll(actions);
                     }
                 }