From 0673dbde1f6f582599c46db7cb5718c24f725181 Mon Sep 17 00:00:00 2001 From: Larry Gregory Date: Mon, 6 Jul 2020 10:23:20 -0400 Subject: [PATCH] Feature Controls: addressing bugs for enterprise search (#70538) Co-authored-by: Elastic Machine --- .../feature_table/feature_table.test.tsx | 39 +++++++++++++++++++ .../kibana/feature_table/feature_table.tsx | 4 +- .../disable_ui_capabilities.test.ts | 4 +- .../authorization/disable_ui_capabilities.ts | 6 ++- .../capabilities_switcher.test.ts | 4 +- .../capabilities/capabilities_switcher.ts | 6 +++ 6 files changed, 59 insertions(+), 4 deletions(-) diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.test.tsx index 6bc829f766e58..2a0922d614f1d 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.test.tsx @@ -846,4 +846,43 @@ describe('FeatureTable', () => { }, }); }); + + it('does not render features which lack privileges', () => { + const role = createRole([ + { + spaces: ['foo'], + base: [], + feature: {}, + }, + ]); + + const featureWithoutPrivileges = createFeature({ + id: 'no_privs', + name: 'No Privileges Feature', + privileges: null, + }); + + const { displayedPrivileges } = setup({ + role, + features: [...kibanaFeatures, featureWithoutPrivileges], + privilegeIndex: 0, + calculateDisplayedPrivileges: true, + canCustomizeSubFeaturePrivileges: false, + }); + + expect(displayedPrivileges).toEqual({ + excluded_from_base: { + primaryFeaturePrivilege: 'none', + }, + no_sub_features: { + primaryFeaturePrivilege: 'none', + }, + with_excluded_sub_features: { + primaryFeaturePrivilege: 'none', + }, + with_sub_features: { + primaryFeaturePrivilege: 'none', + }, + }); + }); }); diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.tsx index a371a9ec9ba1e..57e24f2838226 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.tsx @@ -63,7 +63,9 @@ export class FeatureTable extends Component { public render() { const { role, kibanaPrivileges } = this.props; - const featurePrivileges = kibanaPrivileges.getSecuredFeatures(); + const featurePrivileges = kibanaPrivileges + .getSecuredFeatures() + .filter((feature) => feature.privileges != null || feature.reserved != null); const items: TableRow[] = featurePrivileges .sort((feature1, feature2) => { diff --git a/x-pack/plugins/security/server/authorization/disable_ui_capabilities.test.ts b/x-pack/plugins/security/server/authorization/disable_ui_capabilities.test.ts index a1bedea9f7deb..45f55b34baf96 100644 --- a/x-pack/plugins/security/server/authorization/disable_ui_capabilities.test.ts +++ b/x-pack/plugins/security/server/authorization/disable_ui_capabilities.test.ts @@ -50,7 +50,7 @@ describe('usingPrivileges', () => { new Feature({ id: 'fooFeature', name: 'Foo Feature', - app: [], + app: ['fooApp'], navLinkId: 'foo', privileges: null, }), @@ -63,6 +63,7 @@ describe('usingPrivileges', () => { Object.freeze({ navLinks: { foo: true, + fooApp: true, bar: true, }, management: { @@ -85,6 +86,7 @@ describe('usingPrivileges', () => { expect(result).toEqual({ navLinks: { foo: false, + fooApp: false, bar: true, }, management: { diff --git a/x-pack/plugins/security/server/authorization/disable_ui_capabilities.ts b/x-pack/plugins/security/server/authorization/disable_ui_capabilities.ts index 183ad9169a123..a9b3fa54d3617 100644 --- a/x-pack/plugins/security/server/authorization/disable_ui_capabilities.ts +++ b/x-pack/plugins/security/server/authorization/disable_ui_capabilities.ts @@ -18,8 +18,12 @@ export function disableUICapabilitiesFactory( logger: Logger, authz: AuthorizationServiceSetup ) { + // nav links are sourced from two places: + // 1) The `navLinkId` property. This is deprecated and will be removed (https://github.com/elastic/kibana/issues/66217) + // 2) The apps property. The Kibana Platform associates nav links to the app which registers it, in a 1:1 relationship. + // This behavior is replacing the `navLinkId` property above. const featureNavLinkIds = features - .map((feature) => feature.navLinkId) + .flatMap((feature) => [feature.navLinkId, ...feature.app]) .filter((navLinkId) => navLinkId != null); const shouldDisableFeatureUICapability = ( diff --git a/x-pack/plugins/spaces/server/capabilities/capabilities_switcher.test.ts b/x-pack/plugins/spaces/server/capabilities/capabilities_switcher.test.ts index 1e01e04332f43..babd25dd3ec4b 100644 --- a/x-pack/plugins/spaces/server/capabilities/capabilities_switcher.test.ts +++ b/x-pack/plugins/spaces/server/capabilities/capabilities_switcher.test.ts @@ -43,7 +43,7 @@ const features = ([ id: 'feature_3', name: 'Feature 3', navLinkId: 'feature3', - app: [], + app: ['feature3_app'], catalogue: ['feature3Entry'], management: { kibana: ['indices'], @@ -67,6 +67,7 @@ const buildCapabilities = () => feature1: true, feature2: true, feature3: true, + feature3_app: true, unknownFeature: true, }, catalogue: { @@ -241,6 +242,7 @@ describe('capabilitiesSwitcher', () => { expectedCapabilities.feature_2.foo = false; expectedCapabilities.navLinks.feature3 = false; + expectedCapabilities.navLinks.feature3_app = false; expectedCapabilities.catalogue.feature3Entry = false; expectedCapabilities.management.kibana.indices = false; expectedCapabilities.feature_3.bar = false; diff --git a/x-pack/plugins/spaces/server/capabilities/capabilities_switcher.ts b/x-pack/plugins/spaces/server/capabilities/capabilities_switcher.ts index a0cdd5ad0e931..05d0429596489 100644 --- a/x-pack/plugins/spaces/server/capabilities/capabilities_switcher.ts +++ b/x-pack/plugins/spaces/server/capabilities/capabilities_switcher.ts @@ -68,6 +68,12 @@ function toggleDisabledFeatures( navLinks[feature.navLinkId] = false; } + feature.app.forEach((app) => { + if (navLinks.hasOwnProperty(app)) { + navLinks[app] = false; + } + }); + // Disable associated catalogue entries const privilegeCatalogueEntries = feature.catalogue || []; privilegeCatalogueEntries.forEach((catalogueEntryId) => {