From 48fea5143e6ac248f94a051c86454a5ccbd8c052 Mon Sep 17 00:00:00 2001 From: SuZhou-Joe Date: Tue, 17 Oct 2023 17:49:36 +0800 Subject: [PATCH] feat: add ACLSearchParams consumer in repository (#3) Signed-off-by: SuZhou-Joe --- .../saved_objects/service/lib/repository.ts | 2 + .../lib/search_dsl/query_params.test.ts | 73 +++++++++++++++++++ .../service/lib/search_dsl/query_params.ts | 37 +++++++++- .../service/lib/search_dsl/search_dsl.ts | 3 + 4 files changed, 114 insertions(+), 1 deletion(-) diff --git a/src/core/server/saved_objects/service/lib/repository.ts b/src/core/server/saved_objects/service/lib/repository.ts index d0ff057a0af4..09bf5a13cfa1 100644 --- a/src/core/server/saved_objects/service/lib/repository.ts +++ b/src/core/server/saved_objects/service/lib/repository.ts @@ -823,6 +823,7 @@ export class SavedObjectsRepository { filter, preference, workspaces, + ACLSearchParams, } = options; if (!type && !typeToNamespacesMap) { @@ -897,6 +898,7 @@ export class SavedObjectsRepository { hasReference, kueryNode, workspaces, + ACLSearchParams, }), }, }; diff --git a/src/core/server/saved_objects/service/lib/search_dsl/query_params.test.ts b/src/core/server/saved_objects/service/lib/search_dsl/query_params.test.ts index a47bc27fcd92..8aab792d2836 100644 --- a/src/core/server/saved_objects/service/lib/search_dsl/query_params.test.ts +++ b/src/core/server/saved_objects/service/lib/search_dsl/query_params.test.ts @@ -646,6 +646,79 @@ describe('#getQueryParams', () => { }); }); }); + + describe('when using ACLSearchParams search', () => { + it('no ACLSearchParams provided', () => { + const result: Result = getQueryParams({ + registry, + ACLSearchParams: {}, + }); + expect(result.query.bool.filter[1]).toEqual(undefined); + }); + + it('workspaces provided in ACLSearchParams', () => { + const result: Result = getQueryParams({ + registry, + ACLSearchParams: { + workspaces: ['foo'], + }, + }); + expect(result.query.bool.filter[1]).toEqual({ + bool: { should: [{ terms: { workspaces: ['foo'] } }] }, + }); + }); + + it('principals and permissionModes provided in ACLSearchParams', () => { + const result: Result = getQueryParams({ + registry, + ACLSearchParams: { + principals: { + users: ['user-foo'], + groups: ['group-foo'], + }, + permissionModes: ['read'], + }, + }); + expect(result.query.bool.filter[1]).toEqual({ + bool: { + should: [ + { + bool: { + filter: [ + { + bool: { + should: [ + { + terms: { + 'permissions.read.users': ['user-foo'], + }, + }, + { + term: { + 'permissions.read.users': '*', + }, + }, + { + terms: { + 'permissions.read.groups': ['group-foo'], + }, + }, + { + term: { + 'permissions.read.groups': '*', + }, + }, + ], + }, + }, + ], + }, + }, + ], + }, + }); + }); + }); }); describe('namespaces property', () => { diff --git a/src/core/server/saved_objects/service/lib/search_dsl/query_params.ts b/src/core/server/saved_objects/service/lib/search_dsl/query_params.ts index b78c5a032992..c2d4fb922791 100644 --- a/src/core/server/saved_objects/service/lib/search_dsl/query_params.ts +++ b/src/core/server/saved_objects/service/lib/search_dsl/query_params.ts @@ -34,6 +34,8 @@ type KueryNode = any; import { ISavedObjectTypeRegistry } from '../../../saved_objects_type_registry'; import { ALL_NAMESPACES_STRING, DEFAULT_NAMESPACE_STRING } from '../utils'; +import { SavedObjectsFindOptions } from '../../../types'; +import { ACL } from '../../../permission_control/acl'; /** * Gets the types based on the type. Uses mappings to support @@ -166,6 +168,7 @@ interface QueryParams { hasReference?: HasReferenceQueryParams; kueryNode?: KueryNode; workspaces?: string[]; + ACLSearchParams?: SavedObjectsFindOptions['ACLSearchParams']; } export function getClauseForReference(reference: HasReferenceQueryParams) { @@ -223,6 +226,7 @@ export function getQueryParams({ hasReference, kueryNode, workspaces, + ACLSearchParams, }: QueryParams) { const types = getTypes( registry, @@ -279,7 +283,38 @@ export function getQueryParams({ } } - return { query: { bool } }; + const result = { query: { bool } }; + + if (ACLSearchParams) { + const shouldClause: any = []; + if (ACLSearchParams.permissionModes && ACLSearchParams.principals) { + const permissionDSL = ACL.generateGetPermittedSavedObjectsQueryDSL( + ACLSearchParams.permissionModes, + ACLSearchParams.principals + ); + shouldClause.push(permissionDSL.query); + } + + if (ACLSearchParams.workspaces) { + shouldClause.push({ + terms: { + workspaces: ACLSearchParams.workspaces, + }, + }); + } + + if (shouldClause.length) { + bool.filter.push({ + bool: { + should: shouldClause, + }, + }); + } + + return result; + } + + return result; } // we only want to add match_phrase_prefix clauses diff --git a/src/core/server/saved_objects/service/lib/search_dsl/search_dsl.ts b/src/core/server/saved_objects/service/lib/search_dsl/search_dsl.ts index df6109eb9d0a..dc71444e916b 100644 --- a/src/core/server/saved_objects/service/lib/search_dsl/search_dsl.ts +++ b/src/core/server/saved_objects/service/lib/search_dsl/search_dsl.ts @@ -34,6 +34,7 @@ import { IndexMapping } from '../../../mappings'; import { getQueryParams } from './query_params'; import { getSortingParams } from './sorting_params'; import { ISavedObjectTypeRegistry } from '../../../saved_objects_type_registry'; +import { SavedObjectsFindOptions } from '../../../types'; type KueryNode = any; @@ -53,6 +54,7 @@ interface GetSearchDslOptions { }; kueryNode?: KueryNode; workspaces?: string[]; + ACLSearchParams?: SavedObjectsFindOptions['ACLSearchParams']; } export function getSearchDsl( @@ -96,6 +98,7 @@ export function getSearchDsl( hasReference, kueryNode, workspaces, + ACLSearchParams, }), ...getSortingParams(mappings, type, sortField, sortOrder), };