-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Spaces and Roles] Fix rules on showing Permissions
tab
#196442
[Spaces and Roles] Fix rules on showing Permissions
tab
#196442
Conversation
@@ -92,7 +93,11 @@ export const getTabs = ({ | |||
}, | |||
]; | |||
|
|||
if (canUserViewRoles) { | |||
const canUserViewRoles = Boolean(capabilities?.roles?.view); | |||
const isRoleManagementEnabled = authz && authz.isRoleManagementEnabled() !== false; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
const isRoleManagementEnabled = authz && authz.isRoleManagementEnabled() !== false; | |
const isRoleManagementEnabled = authz && authz.isRoleManagementEnabled(); |
or
const isRoleManagementEnabled = authz && authz.isRoleManagementEnabled() !== false; | |
const isRoleManagementEnabled = authz && authz.isRoleManagementEnabled() === true; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jeramysoucy I think we examined this further in Slack, and agreed that the config.roleManagementEnabled
is only available in serverless, which makes the authz.isRoleManagementEnabled()
return undefined in stateful, when it actually should be interpreted as being enabled.
So how about:
/*
* config.roleManagementEnabled is an offering-based config. In serverless, the value will be true or false.
* In stateful, role management is enabled but the config setting is expected to be undefined.
*/
const isRoleManagementEnabled =
authz &&
(typeof authz.isRoleManagementEnabled() === 'undefined' || authz.isRoleManagementEnabled());
Alternatively, we could update the implementation of authz.isRoleManagementEnabled
in
const isRoleManagementEnabled = () => config.roleManagementEnabled; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Moved this logic to x-pack/plugins/spaces/public/management/edit_space/provider/edit_space_provider.tsx
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, Tim! Sorry for the confusion.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Left some nit comments
x-pack/plugins/spaces/public/management/spaces_management_app.tsx
Outdated
Show resolved
Hide resolved
85247fd
to
db8c2f9
Compare
4e26ce3
to
eeb43a8
Compare
Pinging @elastic/kibana-security (Team:Security) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Just one nit/suggestion to add a unit test case.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: we could a test here to confirm that the Permissions
tab does not render when getIsRoleManagementEnabled
resolves false
.
Wanted to avoid merge before feedback is reviewed.
@jeramysoucy I have addressed the feedback by adding tests to unit tests that deal with the permissions tab. I have also updated the code because the original fix didn't account for an HTTP request that results in a 404 when role management is disabled: 3795630 |
💚 Build Succeeded
Metrics [docs]Async chunks
Page load bundle
History
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
Starting backport for target branches: 8.16, 8.x |
💔 All backports failed
Manual backportTo create the backport manually run:
Questions ?Please refer to the Backport tool documentation |
…6442) ## Summary Some deployment types don't have custom roles. This PR hides the `Permissions` tab in Spaces Management for projects without role management enabled. The solution uses the isRoleManagementEnabled function from the security plugin’s authz service for this. --------- Co-authored-by: kibanamachine <[email protected]> (cherry picked from commit 4ed9e51)
…6442) ## Summary Some deployment types don't have custom roles. This PR hides the `Permissions` tab in Spaces Management for projects without role management enabled. The solution uses the isRoleManagementEnabled function from the security plugin’s authz service for this. --------- Co-authored-by: kibanamachine <[email protected]> (cherry picked from commit 4ed9e51)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
Summary
Some deployment types don't have custom roles. This PR hides the
Permissions
tab in Spaces Management for projects without role management enabled. The solution uses the isRoleManagementEnabled function from the security plugin’s authz service for this.