Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Support for sub-feature privileges (#60563)
* initial server-side support for sub-feature privileges (#57507) * initial server-side support for sub-feature privileges * start addressing PR feedback * renaming interfaces * move privilege id collision check to security plugin * additional testing * change featurePrivilegeIterator import location * fix link assertions following rebase from master * Initial UI support for sub-feature privileges (#59198) * Initial UI support for sub-feature privileges * Address PR feedback * display deleted spaces correctly in the privilege summary * additional testing * update snapshot * Enables sub-feature privileges for gold+ licenses (#59750) * enables sub-feature privileges for gold+ licenses * Address PR feedback * address platform review feedback
- Loading branch information
Showing
180 changed files
with
12,447 additions
and
7,069 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,87 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
|
||
import { RecursiveReadonly } from '@kbn/utility-types'; | ||
import { FeatureKibanaPrivileges } from './feature_kibana_privileges'; | ||
|
||
/** | ||
* Configuration for a sub-feature. | ||
*/ | ||
export interface SubFeatureConfig { | ||
/** Display name for this sub-feature */ | ||
name: string; | ||
|
||
/** Collection of privilege groups */ | ||
privilegeGroups: SubFeaturePrivilegeGroupConfig[]; | ||
} | ||
|
||
/** | ||
* The type of privilege group. | ||
* - `mutually_exclusive`:: | ||
* Users will be able to select at most one privilege within this group. | ||
* Privileges must be specified in descending order of permissiveness (e.g. `All`, `Read`, not `Read`, `All) | ||
* - `independent`:: | ||
* Users will be able to select any combination of privileges within this group. | ||
*/ | ||
export type SubFeaturePrivilegeGroupType = 'mutually_exclusive' | 'independent'; | ||
|
||
/** | ||
* Configuration for a sub-feature privilege group. | ||
*/ | ||
export interface SubFeaturePrivilegeGroupConfig { | ||
/** | ||
* The type of privilege group. | ||
* - `mutually_exclusive`:: | ||
* Users will be able to select at most one privilege within this group. | ||
* Privileges must be specified in descending order of permissiveness (e.g. `All`, `Read`, not `Read`, `All) | ||
* - `independent`:: | ||
* Users will be able to select any combination of privileges within this group. | ||
*/ | ||
groupType: SubFeaturePrivilegeGroupType; | ||
|
||
/** | ||
* The privileges which belong to this group. | ||
*/ | ||
privileges: SubFeaturePrivilegeConfig[]; | ||
} | ||
|
||
/** | ||
* Configuration for a sub-feature privilege. | ||
*/ | ||
export interface SubFeaturePrivilegeConfig | ||
extends Omit<FeatureKibanaPrivileges, 'excludeFromBasePrivileges'> { | ||
/** | ||
* Identifier for this privilege. Must be unique across all other privileges within a feature. | ||
*/ | ||
id: string; | ||
|
||
/** | ||
* The display name for this privilege. | ||
*/ | ||
name: string; | ||
|
||
/** | ||
* Denotes which Primary Feature Privilege this sub-feature privilege should be included in. | ||
* `read` is also included in `all` automatically. | ||
*/ | ||
includeIn: 'all' | 'read' | 'none'; | ||
} | ||
|
||
export class SubFeature { | ||
constructor(protected readonly config: RecursiveReadonly<SubFeatureConfig>) {} | ||
|
||
public get name() { | ||
return this.config.name; | ||
} | ||
|
||
public get privilegeGroups() { | ||
return this.config.privilegeGroups; | ||
} | ||
|
||
public toRaw() { | ||
return { ...this.config }; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -4,5 +4,5 @@ | |
"kibanaVersion": "kibana", | ||
"optionalPlugins": ["timelion"], | ||
"server": true, | ||
"ui": false | ||
"ui": true | ||
} |
Oops, something went wrong.