diff --git a/server/readonly/readonly_service.test.ts b/server/readonly/readonly_service.test.ts index ee5ad155c..5ecf2dfaa 100644 --- a/server/readonly/readonly_service.test.ts +++ b/server/readonly/readonly_service.test.ts @@ -68,14 +68,25 @@ const mockAuthInfo = (data: Partial = {}): OpenSearchAuthInf data ); +const mockDashboardsInfo = (data = {}) => + Object.assign( + { + user_name: 'admin', + multitenancy_enabled: true, + }, + data + ); + const getService = ( cookie: SecuritySessionCookie = mockCookie(), - authInfo: OpenSearchAuthInfo = mockAuthInfo() + authInfo: OpenSearchAuthInfo = mockAuthInfo(), + dashboardsInfo = mockDashboardsInfo() ) => { const logger = loggerMock.create(); const securityClient = new SecurityClient(mockEsClient()); securityClient.authinfo = jest.fn().mockReturnValue(authInfo); + securityClient.dashboardsinfo = jest.fn().mockReturnValue(dashboardsInfo); // @ts-ignore mock auth const auth = new BasicAuthentication(); @@ -190,4 +201,12 @@ describe('checks isReadonly', () => { const result = await service.isReadonly(httpServerMock.createOpenSearchDashboardsRequest()); expect(result).toBeTruthy(); }); + it('calls dashboardInfo and checks if multitenancy is enabled', async () => { + const dashboardsInfo = mockDashboardsInfo({ multitenancy_enabled: false }); + const service = getService(mockCookie(), mockAuthInfo(), dashboardsInfo); + service.isAnonymousPage = jest.fn(() => false); + + const result = await service.isReadonly(httpServerMock.createOpenSearchDashboardsRequest()); + expect(result).toBeFalsy(); + }); }); diff --git a/server/readonly/readonly_service.ts b/server/readonly/readonly_service.ts index 385bbd38c..d12bb6668 100644 --- a/server/readonly/readonly_service.ts +++ b/server/readonly/readonly_service.ts @@ -30,6 +30,8 @@ import { IAuthenticationType, OpenSearchAuthInfo } from '../auth/types/authentic import { SecuritySessionCookie } from '../session/security_cookie'; import { SecurityPluginConfigType } from '../index'; import { ReadonlyService as BaseReadonlyService } from '../../../../src/core/server/security/readonly_service'; +import { getDashboardsInfoSafe } from '../../public/utils/dashboards-info-utils'; +import { mult } from '../../../../src/plugins/expressions/common/test_helpers/expression_functions/mult'; export class ReadonlyService extends BaseReadonlyService { protected static readonly ROUTES_TO_IGNORE: string[] = [LOGIN_PAGE_URI, CUSTOM_ERROR_PAGE_URI]; @@ -98,6 +100,12 @@ export class ReadonlyService extends BaseReadonlyService { headers = this.auth.buildAuthHeaderFromCookie(cookie, request); } + const dashboardsInfo = await this.securityClient.dashboardsinfo(request, headers); + + if (!dashboardsInfo.multitenancy_enabled) { + return false; + } + const authInfo = await this.securityClient.authinfo(request, headers); if (!authInfo.user_requested_tenant && cookie) {