[Spaces and Roles] Fix rules on showing Permissions tab
#196442
Conversation
tsullivan
added
release_note:skip
| @@ -92,7 +93,11 @@ export const getTabs = ({ | |||
| }, | |||
| ]; | |||
|
|
|||
| if (canUserViewRoles) { | |||
| const canUserViewRoles = Boolean(capabilities?.roles?.view); | |||
| const isRoleManagementEnabled = authz && authz.isRoleManagementEnabled() !== false; | |||
There was a problem hiding this comment.
| const isRoleManagementEnabled = authz && authz.isRoleManagementEnabled() !== false; | |
| const isRoleManagementEnabled = authz && authz.isRoleManagementEnabled(); |
or
| const isRoleManagementEnabled = authz && authz.isRoleManagementEnabled() !== false; | |
| const isRoleManagementEnabled = authz && authz.isRoleManagementEnabled() === true; |
There was a problem hiding this comment.
@jeramysoucy I think we examined this further in Slack, and agreed that the config.roleManagementEnabled is only available in serverless, which makes the authz.isRoleManagementEnabled() return undefined in stateful, when it actually should be interpreted as being enabled.
So how about:
/*
* config.roleManagementEnabled is an offering-based config. In serverless, the value will be true or false.
* In stateful, role management is enabled but the config setting is expected to be undefined.
*/
const isRoleManagementEnabled =
authz &&
(typeof authz.isRoleManagementEnabled() === 'undefined' || authz.isRoleManagementEnabled());
Alternatively, we could update the implementation of authz.isRoleManagementEnabled in
There was a problem hiding this comment.
Moved this logic to x-pack/plugins/spaces/public/management/edit_space/provider/edit_space_provider.tsx
There was a problem hiding this comment.
Thanks, Tim! Sorry for the confusion.
x-pack/plugins/spaces/public/management/spaces_management_app.tsx
Outdated
Show resolved
Hide resolved
tsullivan
force-pushed
the
spaces/use-role-management-flag
branch
from
85247fd
to
db8c2f9
Compare
tsullivan
force-pushed
the
spaces/use-role-management-flag
branch
from
4e26ce3
to
eeb43a8
Compare
|
Pinging @elastic/kibana-security (Team:Security) |
There was a problem hiding this comment.
Nit: we could a test here to confirm that the Permissions tab does not render when getIsRoleManagementEnabled resolves false.
jeramysoucy
dismissed
their stale review
Wanted to avoid merge before feedback is reviewed.
|
@jeramysoucy I have addressed the feedback by adding tests to unit tests that deal with the permissions tab. I have also updated the code because the original fix didn't account for an HTTP request that results in a 404 when role management is disabled: 3795630 |
💚 Build Succeeded
Metrics [docs]Async chunks
Page load bundle
History
|
|
Starting backport for target branches: 8.16, 8.x |
💔 All backports failed
Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
…6442) ## Summary Some deployment types don't have custom roles. This PR hides the `Permissions` tab in Spaces Management for projects without role management enabled. The solution uses the isRoleManagementEnabled function from the security plugin’s authz service for this. --------- Co-authored-by: kibanamachine <[email protected]> (cherry picked from commit 4ed9e51)
…6442) ## Summary Some deployment types don't have custom roles. This PR hides the `Permissions` tab in Spaces Management for projects without role management enabled. The solution uses the isRoleManagementEnabled function from the security plugin’s authz service for this. --------- Co-authored-by: kibanamachine <[email protected]> (cherry picked from commit 4ed9e51)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
Summary
Some deployment types don't have custom roles. This PR hides the
Permissionstab in Spaces Management for projects without role management enabled. The solution uses the isRoleManagementEnabled function from the security plugin’s authz service for this.