2feat: ReadonlyService is aware of disabled multitenancy through dash…

…board Signed-off-by: Kajetan Nobel <[email protected]>
opensearch-project · Nov 23, 2023 · 063664b · 063664b
1 parent b5b9872
commit 063664b
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 1 deletion.
diff --git a/server/readonly/readonly_service.test.ts b/server/readonly/readonly_service.test.ts
@@ -68,14 +68,25 @@ const mockAuthInfo = (data: Partial<OpenSearchAuthInfo> = {}): OpenSearchAuthInf
     data
   );
 
+const mockDashboardsInfo = (data = {}) =>
+  Object.assign(
+    {
+      user_name: 'admin',
+      multitenancy_enabled: true,
+    },
+    data
+  );
+
 const getService = (
   cookie: SecuritySessionCookie = mockCookie(),
-  authInfo: OpenSearchAuthInfo = mockAuthInfo()
+  authInfo: OpenSearchAuthInfo = mockAuthInfo(),
+  dashboardsInfo = mockDashboardsInfo()
 ) => {
   const logger = loggerMock.create();
 
   const securityClient = new SecurityClient(mockEsClient());
   securityClient.authinfo = jest.fn().mockReturnValue(authInfo);
+  securityClient.dashboardsinfo = jest.fn().mockReturnValue(dashboardsInfo);
 
   // @ts-ignore mock auth
   const auth = new BasicAuthentication();
@@ -190,4 +201,12 @@ describe('checks isReadonly', () => {
     const result = await service.isReadonly(httpServerMock.createOpenSearchDashboardsRequest());
     expect(result).toBeTruthy();
   });
+  it('calls dashboardInfo and checks if multitenancy is enabled', async () => {
+    const dashboardsInfo = mockDashboardsInfo({ multitenancy_enabled: false });
+    const service = getService(mockCookie(), mockAuthInfo(), dashboardsInfo);
+    service.isAnonymousPage = jest.fn(() => false);
+
+    const result = await service.isReadonly(httpServerMock.createOpenSearchDashboardsRequest());
+    expect(result).toBeFalsy();
+  });
 });
diff --git a/server/readonly/readonly_service.ts b/server/readonly/readonly_service.ts
@@ -30,6 +30,8 @@ import { IAuthenticationType, OpenSearchAuthInfo } from '../auth/types/authentic
 import { SecuritySessionCookie } from '../session/security_cookie';
 import { SecurityPluginConfigType } from '../index';
 import { ReadonlyService as BaseReadonlyService } from '../../../../src/core/server/security/readonly_service';
+import { getDashboardsInfoSafe } from '../../public/utils/dashboards-info-utils';
+import { mult } from '../../../../src/plugins/expressions/common/test_helpers/expression_functions/mult';
 
 export class ReadonlyService extends BaseReadonlyService {
   protected static readonly ROUTES_TO_IGNORE: string[] = [LOGIN_PAGE_URI, CUSTOM_ERROR_PAGE_URI];
@@ -98,6 +100,12 @@ export class ReadonlyService extends BaseReadonlyService {
         headers = this.auth.buildAuthHeaderFromCookie(cookie, request);
       }
 
+      const dashboardsInfo = await this.securityClient.dashboardsinfo(request, headers);
+
+      if (!dashboardsInfo.multitenancy_enabled) {
+        return false;
+      }
+
       const authInfo = await this.securityClient.authinfo(request, headers);
 
       if (!authInfo.user_requested_tenant && cookie) {