[Cases] Fix fields query parameter in the _find API

x-pack/plugins/cases/common/api/cases/case.ts

@@ -153,7 +153,7 @@ export const CasesFindRequestRt = rt.partial({
   /**
    * The fields in the entity to return in the response
    */
-  fields: rt.array(rt.string),
+  fields: rt.union([rt.array(rt.string), rt.string]),
   /**
    * The page of objects to return
    */

x-pack/plugins/cases/server/authorization/utils.test.ts

@@ -174,8 +174,8 @@ describe('utils', () => {
       expect(includeFieldsRequiredForAuthentication()).toBeUndefined();
     });
 
-    it('returns an array with a single entry containing the owner field', () => {
-      expect(includeFieldsRequiredForAuthentication([])).toStrictEqual([OWNER_FIELD]);
+    it('returns undefined when the fields parameter is an empty array', () => {
+      expect(includeFieldsRequiredForAuthentication([])).toBeUndefined();
     });
 
     it('returns an array without duplicates and including the owner field', () => {

x-pack/plugins/cases/server/authorization/utils.ts

@@ -58,7 +58,7 @@ export const ensureFieldIsSafeForQuery = (field: string, value: string): boolean
 };
 
 export const includeFieldsRequiredForAuthentication = (fields?: string[]): string[] | undefined => {
-  if (fields === undefined) {
+  if (fields === undefined || fields.length === 0) {
     return;
   }
   return uniq([...fields, OWNER_FIELD]);

x-pack/plugins/cases/server/client/cases/find.ts

@@ -38,8 +38,10 @@ export const find = async (
   const { caseService, authorization, logger } = clientArgs;
 
   try {
+    const fields = asArray(params.fields);
+
     const queryParams = pipe(
-      excess(CasesFindRequestRt).decode(params),
+      excess(CasesFindRequestRt).decode({ ...params, fields }),
       fold(throwErrors(Boom.badRequest), identity)
     );
 
@@ -67,7 +69,7 @@ export const find = async (
           ...queryParams,
           ...caseQueryOptions,
           searchFields: asArray(queryParams.searchFields),
-          fields: includeFieldsRequiredForAuthentication(queryParams.fields),
+          fields: includeFieldsRequiredForAuthentication(fields),
         },
       }),
       caseService.getCaseStatusStats({

x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/find_cases.ts

@@ -195,6 +195,46 @@ export default ({ getService }: FtrProviderContext): void => {
         expect(cases.count_in_progress_cases).to.eql(1);
       });
 
+      it('returns the correct fields', async () => {
+        const postedCase = await createCase(supertest, postCaseReq);
+        const queryFields: Array<keyof CaseResponse | Array<keyof CaseResponse>> = [
+          'title',
+          ['title', 'description'],
+        ];
+
+        for (const fields of queryFields) {
+          const cases = await findCases({ supertest, query: { fields } });
+          const fieldsAsArray = Array.isArray(fields) ? fields : [fields];
+
+          const expectedValues = fieldsAsArray.reduce(
+            (theCase, field) => ({
+              ...theCase,
+              [field]: postedCase[field],
+            }),
+            {}
+          );
+
+          expect(cases).to.eql({
+            ...findCasesResp,
+            total: 1,
+            cases: [
+              {
+                id: postedCase.id,
+                version: postedCase.version,
+                external_service: postedCase.external_service,
+                owner: postedCase.owner,
+                connector: postedCase.connector,
+                comments: [],
+                totalAlerts: 0,
+                totalComment: 0,
+                ...expectedValues,
+              },
+            ],
+            count_open_cases: 1,
+          });
+        }
+      });
+
       it('unhappy path - 400s when bad query supplied', async () => {
         await findCases({ supertest, query: { perPage: true }, expectedHttpCode: 400 });
       });