Feature Controls - remove "grantWithBaseRead" flag (#36121)
This commit is contained in:
parent
3efaf756d0
commit
dcf5f91784
|
@ -625,94 +625,6 @@ describe('features', () => {
|
|||
]);
|
||||
});
|
||||
|
||||
test('actions defined in a feature privilege with `includeInBaseRead` are included in `read`', () => {
|
||||
const features: Feature[] = [
|
||||
{
|
||||
id: 'foo',
|
||||
name: 'Foo Feature',
|
||||
icon: 'arrowDown',
|
||||
navLinkId: 'kibana:foo',
|
||||
app: [],
|
||||
catalogue: ['ignore-me-1', 'ignore-me-2'],
|
||||
management: {
|
||||
foo: ['ignore-me-1', 'ignore-me-2'],
|
||||
},
|
||||
privileges: {
|
||||
all: {
|
||||
management: {
|
||||
'ignore-me': ['ignore-me-1', 'ignore-me-2'],
|
||||
},
|
||||
catalogue: ['ignore-me-1', 'ignore-me-2'],
|
||||
savedObject: {
|
||||
all: ['ignore-me-1', 'ignore-me-2'],
|
||||
read: ['ignore-me-1', 'ignore-me-2'],
|
||||
},
|
||||
ui: ['ignore-me-1', 'ignore-me-2'],
|
||||
},
|
||||
bar: {
|
||||
grantWithBaseRead: true,
|
||||
management: {
|
||||
'read-management': ['read-management-1', 'read-management-2'],
|
||||
},
|
||||
catalogue: ['read-catalogue-1', 'read-catalogue-2'],
|
||||
savedObject: {
|
||||
all: ['read-savedObject-all-1', 'read-savedObject-all-2'],
|
||||
read: ['read-savedObject-read-1', 'read-savedObject-read-2'],
|
||||
},
|
||||
ui: ['read-ui-1', 'read-ui-2'],
|
||||
},
|
||||
},
|
||||
},
|
||||
];
|
||||
|
||||
const mockXPackMainPlugin = {
|
||||
getFeatures: jest.fn().mockReturnValue(features),
|
||||
};
|
||||
|
||||
const privileges = privilegesFactory(actions, mockXPackMainPlugin as any);
|
||||
|
||||
const actual = privileges.get();
|
||||
expect(actual).toHaveProperty(`${group}.read`, [
|
||||
actions.login,
|
||||
actions.version,
|
||||
actions.ui.get('catalogue', 'read-catalogue-1'),
|
||||
actions.ui.get('catalogue', 'read-catalogue-2'),
|
||||
actions.ui.get('management', 'read-management', 'read-management-1'),
|
||||
actions.ui.get('management', 'read-management', 'read-management-2'),
|
||||
actions.ui.get('navLinks', 'kibana:foo'),
|
||||
actions.savedObject.get('read-savedObject-all-1', 'bulk_get'),
|
||||
actions.savedObject.get('read-savedObject-all-1', 'get'),
|
||||
actions.savedObject.get('read-savedObject-all-1', 'find'),
|
||||
actions.savedObject.get('read-savedObject-all-1', 'create'),
|
||||
actions.savedObject.get('read-savedObject-all-1', 'bulk_create'),
|
||||
actions.savedObject.get('read-savedObject-all-1', 'update'),
|
||||
actions.savedObject.get('read-savedObject-all-1', 'delete'),
|
||||
actions.savedObject.get('read-savedObject-all-2', 'bulk_get'),
|
||||
actions.savedObject.get('read-savedObject-all-2', 'get'),
|
||||
actions.savedObject.get('read-savedObject-all-2', 'find'),
|
||||
actions.savedObject.get('read-savedObject-all-2', 'create'),
|
||||
actions.savedObject.get('read-savedObject-all-2', 'bulk_create'),
|
||||
actions.savedObject.get('read-savedObject-all-2', 'update'),
|
||||
actions.savedObject.get('read-savedObject-all-2', 'delete'),
|
||||
actions.savedObject.get('read-savedObject-read-1', 'bulk_get'),
|
||||
actions.savedObject.get('read-savedObject-read-1', 'get'),
|
||||
actions.savedObject.get('read-savedObject-read-1', 'find'),
|
||||
actions.savedObject.get('read-savedObject-read-2', 'bulk_get'),
|
||||
actions.savedObject.get('read-savedObject-read-2', 'get'),
|
||||
actions.savedObject.get('read-savedObject-read-2', 'find'),
|
||||
actions.ui.get('savedObjectsManagement', 'read-savedObject-all-1', 'delete'),
|
||||
actions.ui.get('savedObjectsManagement', 'read-savedObject-all-1', 'edit'),
|
||||
actions.ui.get('savedObjectsManagement', 'read-savedObject-all-1', 'read'),
|
||||
actions.ui.get('savedObjectsManagement', 'read-savedObject-all-2', 'delete'),
|
||||
actions.ui.get('savedObjectsManagement', 'read-savedObject-all-2', 'edit'),
|
||||
actions.ui.get('savedObjectsManagement', 'read-savedObject-all-2', 'read'),
|
||||
actions.ui.get('savedObjectsManagement', 'read-savedObject-read-1', 'read'),
|
||||
actions.ui.get('savedObjectsManagement', 'read-savedObject-read-2', 'read'),
|
||||
actions.ui.get('foo', 'read-ui-1'),
|
||||
actions.ui.get('foo', 'read-ui-2'),
|
||||
]);
|
||||
});
|
||||
|
||||
test('actions defined in a reserved privilege are not included in `all` or `read`', () => {
|
||||
const features: Feature[] = [
|
||||
{
|
||||
|
|
|
@ -36,7 +36,7 @@ export function privilegesFactory(actions: Actions, xpackMainPlugin: XPackMainPl
|
|||
flatten(
|
||||
features.map(feature =>
|
||||
Object.entries(feature.privileges).reduce<string[]>((acc, [privilegeId, privilege]) => {
|
||||
if (privilegeId !== 'read' && !Boolean(privilege.grantWithBaseRead)) {
|
||||
if (privilegeId !== 'read') {
|
||||
return acc;
|
||||
}
|
||||
|
||||
|
|
|
@ -40,7 +40,6 @@ describe('FeatureRegistry', () => {
|
|||
},
|
||||
privileges: {
|
||||
all: {
|
||||
grantWithBaseRead: true,
|
||||
catalogue: ['foo'],
|
||||
management: {
|
||||
foo: ['bar'],
|
||||
|
|
|
@ -9,7 +9,6 @@ import { cloneDeep, difference, uniq } from 'lodash';
|
|||
import { UICapabilities } from 'ui/capabilities';
|
||||
|
||||
export interface FeatureKibanaPrivileges {
|
||||
grantWithBaseRead?: boolean;
|
||||
management?: {
|
||||
[sectionId: string]: string[];
|
||||
};
|
||||
|
@ -65,7 +64,6 @@ const managementSchema = Joi.object().pattern(
|
|||
const catalogueSchema = Joi.array().items(Joi.string());
|
||||
|
||||
const privilegeSchema = Joi.object({
|
||||
grantWithBaseRead: Joi.bool(),
|
||||
management: managementSchema,
|
||||
catalogue: catalogueSchema,
|
||||
api: Joi.array().items(Joi.string()),
|
||||
|
|
Loading…
Reference in a new issue