ATLAS-2442:- Fix for read-only permission to allow read entity when http method is POST

authorization/src/main/java/org/apache/atlas/authorize/AtlasAccessRequest.java

@@ -40,7 +40,7 @@ public class AtlasAccessRequest {
     public AtlasAccessRequest(HttpServletRequest request, String user, Set<String> userGroups) {
         // Spring Security 4 Change => request.getServletPath() -> request.getPathInfo()
         this(AtlasAuthorizationUtils.getAtlasResourceType(request.getPathInfo()), "*", AtlasAuthorizationUtils
-            .getAtlasAction(request.getMethod()), user, userGroups,AtlasAuthorizationUtils.getRequestIpAddress(request));
+            .getAtlasAction(request.getMethod(),request.getPathInfo()), user, userGroups,AtlasAuthorizationUtils.getRequestIpAddress(request));
     }
 
     public AtlasAccessRequest(Set<AtlasResourceTypes> resourceType, String resource, AtlasActionTypes action,

authorization/src/main/java/org/apache/atlas/authorize/simple/AtlasAuthorizationUtils.java

@@ -71,12 +71,17 @@ public class AtlasAuthorizationUtils {
         return api;
     }
 
-    public static AtlasActionTypes getAtlasAction(String method) {
+    public static AtlasActionTypes getAtlasAction(String method, String contextPath) {
         AtlasActionTypes action = null;
 
         switch (method.toUpperCase()) {
             case "POST":
-                action = AtlasActionTypes.CREATE;
+                String api = getApi(contextPath);
+                if (api != null && api.startsWith("search")) {   // exceptional case for basic search api with POST method
+                    action = AtlasActionTypes.READ;
+                } else {
+                    action = AtlasActionTypes.CREATE;
+                }
                 break;
             case "GET":
                 action = AtlasActionTypes.READ;