Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allowing individual privileges to be excluded from base privileges #42470

Merged
merged 14 commits into from
Aug 13, 2019
Merged

Allowing individual privileges to be excluded from base privileges #42470

merged 14 commits into from
Aug 13, 2019

Conversation

kobelb
Copy link
Contributor

@kobelb kobelb commented Aug 1, 2019
edited
Loading

Individual feature's privileges can now be excluded from the base privileges. For example, the following feature excludes the all feature privilege from being automatically included in any of the base privileges:

xpackMainPlugin.registerFeature({
      ...
      privileges: {
        all: {
          excludeFromBasePrivileges: true,
          savedObject: {
            all: [],
            read: ['config'],
          },
          ui: ['show', 'write', 'read'],
        },
        read: {
          savedObject: {
            all: [],
            read: ['config'],
          },
          ui: ['show', 'read'],
        },
      },
    });

Changes to the kibana privileges calculator were required to support this in the UI. We're now returning a directlyAssignedFeaturePrivilegeMorePermissiveThanBase property on the calculated privileges only for feature privileges for a specific space(s). We aren't calculating this for the global (all spaces) entries, as we only allow either base or feature privileges here, so this isn't currently required.

DevDocs

Individual feature's privileges can now be excluded from the base privileges using excludeFromBasePrivilege

@kobelb kobelb requested a review from a team as a code owner August 1, 2019 19:17
@kobelb kobelb added release_note:plugin_api_changes Contains a Plugin API changes section for the breaking plugin API changes section. v7.4.0 labels Aug 1, 2019
@kobelb
Copy link
Contributor Author

kobelb commented Aug 2, 2019

retest

@elasticmachine
Copy link
Contributor

💔 Build Failed

@elasticmachine
Copy link
Contributor

💚 Build Succeeded

@elasticmachine
Copy link
Contributor

💚 Build Succeeded

@legrego legrego self-requested a review August 13, 2019 16:01
@elasticmachine
Copy link
Contributor

💔 Build Failed

@legrego
Copy link
Member

legrego commented Aug 13, 2019

retest

legrego
legrego reviewed Aug 13, 2019
View reviewed changes
.../security/public/lib/kibana_privilege_calculator/kibana_feature_privilege_calculator.test.ts Outdated Show resolved Hide resolved
...le/components/privileges/kibana/space_aware_privilege_section/privilege_space_table.test.tsx
@@ -120,9 +120,9 @@ describe('only global', () => {
]);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🏅 awesome test coverage here!

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🙇

@elasticmachine
Copy link
Contributor

💚 Build Succeeded

@kobelb @legrego
Update x-pack/legacy/plugins/security/public/lib/kibana_privilege_cal…
114a5f7 
…culator/kibana_feature_privilege_calculator.test.ts

Co-Authored-By: Larry Gregory <lgregorydev@gmail.com>
legrego
legrego approved these changes Aug 13, 2019
View reviewed changes
Copy link
Member

@legrego legrego left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM on green CI!

@elasticmachine
Copy link
Contributor

💚 Build Succeeded

@kobelb kobelb merged commit 4e59b06 into elastic:master Aug 13, 2019
@kobelb kobelb deleted the authz/exclude-individual-privilege-from-base branch August 13, 2019 20:23
@kobelb kobelb mentioned this pull request Aug 13, 2019
Merged
kobelb added a commit to kobelb/kibana that referenced this pull request Aug 13, 2019
@kobelb @legrego
Allowing individual privileges to be excluded from base privileges (e…
d0c2275 
…lastic#42470)

* Excluding code from base privileges

* Allowing individual privileges to be excluded

* Only returning a boolean for directlyAssigned... for space feature privileges

* We are now called directlyAssignedPrivilegeMorePermissiveThanBase

* An even longer and potentially more accurate name

* Fixing KibanaPrivilegeCalculator tests

* Fixing KibanaAllowedPrivilegesCalculator tests

* Adding privilege space table tests

* Updating privilegesFactory tests

* Removing code's usage

* Updating snapshot

* Update x-pack/legacy/plugins/security/public/lib/kibana_privilege_calculator/kibana_feature_privilege_calculator.test.ts

Co-Authored-By: Larry Gregory <lgregorydev@gmail.com>
kobelb added a commit that referenced this pull request Aug 13, 2019
@kobelb @legrego
Allowing individual privileges to be excluded from base privileges (#…
a8a715d 
…42470) (#43214)

* Excluding code from base privileges

* Allowing individual privileges to be excluded

* Only returning a boolean for directlyAssigned... for space feature privileges

* We are now called directlyAssignedPrivilegeMorePermissiveThanBase

* An even longer and potentially more accurate name

* Fixing KibanaPrivilegeCalculator tests

* Fixing KibanaAllowedPrivilegesCalculator tests

* Adding privilege space table tests

* Updating privilegesFactory tests

* Removing code's usage

* Updating snapshot

* Update x-pack/legacy/plugins/security/public/lib/kibana_privilege_calculator/kibana_feature_privilege_calculator.test.ts

Co-Authored-By: Larry Gregory <lgregorydev@gmail.com>
@zfy0701 zfy0701 mentioned this pull request Aug 21, 2019
Closed
7 tasks
@elasticmachine
Copy link
Contributor

💚 Build Succeeded

@legrego
Copy link
Member

legrego commented Sep 4, 2019

👏 nice job Elastic Machine, I knew you could do it!

@kobelb
Copy link
Contributor Author

kobelb commented Sep 4, 2019

👏 nice job Elastic Machine, I knew you could do it!

😆

@kobelb kobelb mentioned this pull request Jan 16, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@legrego legrego legrego approved these changes

Assignees
No one assigned
Labels
release_note:plugin_api_changes Contains a Plugin API changes section for the breaking plugin API changes section. v7.4.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kobelb @elasticmachine @legrego