[Security Solution] [Detections] Only display actions options if user has "read" privileges (#78812)

* adds new 'can_read_actions' property to privileges api * only display rule actions piece if user has 'read' privileges for actions * display dropdown with custom text telling user they do not have read privileges for actions * fixes type error * update tests * utilize application capabilities instead of making a server request * remove changes to route tests * don't show form unless user has read permissions for actions, display text saying user is missing required privileges * pr feedback: refactor logic for rendering form fields
2020-10-02 16:46:12 -04:00 · 2020-10-02 16:46:12 -04:00 · 43cf97e1f2
parent 511eb0f23b
commit 43cf97e1f2
3 changed files with 68 additions and 27 deletions
--- a/x-pack/plugins/security_solution/public/detections/components/rules/step_rule_actions/index.test.tsx
+++ b/x-pack/plugins/security_solution/public/detections/components/rules/step_rule_actions/index.test.tsx
@ -14,6 +14,14 @@ jest.mock('../../../../common/lib/kibana', () => ({
    services: {
      application: {
        getUrlForApp: jest.fn(),
+        capabilities: {
+          siem: {
+            crud: true,
+          },
+          actions: {
+            read: true,
+          },
+        },
      },
      triggers_actions_ui: {
        actionTypeRegistry: jest.fn(),
--- a/x-pack/plugins/security_solution/public/detections/components/rules/step_rule_actions/index.tsx
+++ b/x-pack/plugins/security_solution/public/detections/components/rules/step_rule_actions/index.tsx
@ -11,6 +11,7 @@ import {
  EuiFlexItem,
  EuiButton,
  EuiSpacer,
+  EuiText,
 } from '@elastic/eui';
 import { findIndex } from 'lodash/fp';
 import React, { FC, memo, useCallback, useEffect, useMemo } from 'react';
@ -141,37 +142,61 @@ const StepRuleActionsComponent: FC<StepRuleActionsProps> = ({
    [isLoading, throttleOptions]
  );

-  return isReadOnlyView ? (
-    <StepContentWrapper addPadding={addPadding}>
-      <StepRuleDescription schema={schema} data={initialState} columns="single" />
-    </StepContentWrapper>
+  if (isReadOnlyView) {
+    return (
+      <StepContentWrapper addPadding={addPadding}>
+        <StepRuleDescription schema={schema} data={initialState} columns="single" />
+      </StepContentWrapper>
+    );
+  }
+
+  const displayActionsOptions =
+    throttle !== stepActionsDefaultValue.throttle ? (
+      <>
+        <EuiSpacer />
+        <UseField
+          path="actions"
+          component={RuleActionsField}
+          componentProps={{
+            messageVariables: actionMessageParams,
+          }}
+        />
+      </>
+    ) : (
+      <UseField path="actions" component={GhostFormField} />
+    );
+
+  // only display the actions dropdown if the user has "read" privileges for actions
+  const displayActionsDropDown = application.capabilities.actions.show ? (
+    <>
+      <UseField
+        path="throttle"
+        component={ThrottleSelectField}
+        componentProps={throttleFieldComponentProps}
+      />
+      {displayActionsOptions}
+      <UseField path="kibanaSiemAppUrl" component={GhostFormField} />
+      <UseField path="enabled" component={GhostFormField} />
+    </>
  ) : (
+    <>
+      <EuiText>{I18n.NO_ACTIONS_READ_PERMISSIONS}</EuiText>
+      <UseField
+        path="throttle"
+        componentProps={throttleFieldComponentProps}
+        component={GhostFormField}
+      />
+      <UseField path="actions" component={GhostFormField} />
+      <UseField path="kibanaSiemAppUrl" component={GhostFormField} />
+      <UseField path="enabled" component={GhostFormField} />
+    </>
+  );
+
+  return (
    <>
      <StepContentWrapper addPadding={!isUpdateView}>
        <Form form={form} data-test-subj="stepRuleActions">
-          <EuiForm>
-            <UseField
-              path="throttle"
-              component={ThrottleSelectField}
-              componentProps={throttleFieldComponentProps}
-            />
-            {throttle !== stepActionsDefaultValue.throttle ? (
-              <>
-                <EuiSpacer />
-                <UseField
-                  path="actions"
-                  component={RuleActionsField}
-                  componentProps={{
-                    messageVariables: actionMessageParams,
-                  }}
-                />
-              </>
-            ) : (
-              <UseField path="actions" component={GhostFormField} />
-            )}
-            <UseField path="kibanaSiemAppUrl" component={GhostFormField} />
-            <UseField path="enabled" component={GhostFormField} />
-          </EuiForm>
+          <EuiForm>{displayActionsDropDown}</EuiForm>
        </Form>
      </StepContentWrapper>

--- a/x-pack/plugins/security_solution/public/detections/components/rules/step_rule_actions/translations.tsx
+++ b/x-pack/plugins/security_solution/public/detections/components/rules/step_rule_actions/translations.tsx
@ -28,6 +28,14 @@ export const NO_CONNECTOR_SELECTED = i18n.translate(
  }
 );

+export const NO_ACTIONS_READ_PERMISSIONS = i18n.translate(
+  'xpack.securitySolution.detectionEngine.createRule.stepRuleActions.noReadActionsPrivileges',
+  {
+    defaultMessage:
+      'Cannot create rule actions. You do not have "Read" permissions for the "Actions" plugin.',
+  }
+);
+
 export const INVALID_MUSTACHE_TEMPLATE = (paramKey: string) =>
  i18n.translate(
    'xpack.securitySolution.detectionEngine.createRule.stepRuleActions.invalidMustacheTemplateErrorMessage',