Add hook that calculates abilty to write policy also base on fleet ac…

…cess and use it in policy form components

x-pack/plugins/security_solution/public/management/pages/policy/view/components/antivirus_registration_form/index.tsx

@@ -11,9 +11,11 @@ import { i18n } from '@kbn/i18n';
 import { EuiSpacer, EuiSwitch, EuiText } from '@elastic/eui';
 
 import { OperatingSystem } from '@kbn/securitysolution-utils';
-import { useUserPrivileges } from '../../../../../../common/components/user_privileges';
 import { isAntivirusRegistrationEnabled } from '../../../store/policy_details/selectors';
-import { usePolicyDetailsSelector } from '../../policy_hooks';
+import {
+  useCanWritePolicyManagementOrHasFleetAccess,
+  usePolicyDetailsSelector,
+} from '../../policy_hooks';
 import { ConfigForm } from '../config_form';
 
 const TRANSLATIONS: Readonly<{ [K in 'title' | 'description' | 'label']: string }> = {
@@ -42,7 +44,7 @@ const TRANSLATIONS: Readonly<{ [K in 'title' | 'description' | 'label']: string
 export const AntivirusRegistrationForm = memo(() => {
   const antivirusRegistrationEnabled = usePolicyDetailsSelector(isAntivirusRegistrationEnabled);
   const dispatch = useDispatch();
-  const { canWritePolicyManagement } = useUserPrivileges().endpointPrivileges;
+  const canWritePolicyManagement = useCanWritePolicyManagementOrHasFleetAccess();
 
   const handleSwitchChange = useCallback(
     (event) =>

x-pack/plugins/security_solution/public/management/pages/policy/view/components/attack_surface_reduction_form/index.tsx

@@ -11,9 +11,11 @@ import { i18n } from '@kbn/i18n';
 import { EuiSwitch } from '@elastic/eui';
 
 import { OperatingSystem } from '@kbn/securitysolution-utils';
-import { useUserPrivileges } from '../../../../../../common/components/user_privileges';
 import { isCredentialHardeningEnabled } from '../../../store/policy_details/selectors';
-import { usePolicyDetailsSelector } from '../../policy_hooks';
+import {
+  useCanWritePolicyManagementOrHasFleetAccess,
+  usePolicyDetailsSelector,
+} from '../../policy_hooks';
 import { ConfigForm } from '../config_form';
 
 const TRANSLATIONS: Readonly<{ [K in 'title' | 'label']: string }> = {
@@ -34,7 +36,7 @@ const TRANSLATIONS: Readonly<{ [K in 'title' | 'label']: string }> = {
 export const AttackSurfaceReductionForm = memo(() => {
   const credentialHardeningEnabled = usePolicyDetailsSelector(isCredentialHardeningEnabled);
   const dispatch = useDispatch();
-  const { canWritePolicyManagement } = useUserPrivileges().endpointPrivileges;
+  const canWritePolicyManagement = useCanWritePolicyManagementOrHasFleetAccess();
 
   const handleSwitchChange = useCallback(
     (event) =>

x-pack/plugins/security_solution/public/management/pages/policy/view/components/events_form/index.tsx

@@ -19,12 +19,14 @@ import {
 } from '@elastic/eui';
 import { OperatingSystem } from '@kbn/securitysolution-utils';
 import { ThemeContext } from 'styled-components';
-import { useUserPrivileges } from '../../../../../../common/components/user_privileges';
 import type {
   PolicyOperatingSystem,
   UIPolicyConfig,
 } from '../../../../../../../common/endpoint/types';
-import { usePolicyDetailsSelector } from '../../policy_hooks';
+import {
+  useCanWritePolicyManagementOrHasFleetAccess,
+  usePolicyDetailsSelector,
+} from '../../policy_hooks';
 import { policyConfig } from '../../../store/policy_details/selectors';
 import { ConfigForm, ConfigFormHeading } from '../config_form';
 
@@ -76,7 +78,7 @@ const InnerEventsForm = <T extends OperatingSystem>({
   onValueSelection,
   supplementalOptions,
 }: EventsFormProps<T>) => {
-  const { canWritePolicyManagement } = useUserPrivileges().endpointPrivileges;
+  const canWritePolicyManagement = useCanWritePolicyManagementOrHasFleetAccess();
   const policyDetailsConfig = usePolicyDetailsSelector(policyConfig);
   const theme = useContext(ThemeContext);
   const countSelected = useCallback(() => {

x-pack/plugins/security_solution/public/management/pages/policy/view/policy_advanced.tsx

@@ -21,9 +21,11 @@ import {
 import { cloneDeep } from 'lodash';
 import { FormattedMessage } from '@kbn/i18n-react';
 import { i18n } from '@kbn/i18n';
-import { useUserPrivileges } from '../../../../common/components/user_privileges';
 import { policyConfig } from '../store/policy_details/selectors';
-import { usePolicyDetailsSelector } from './policy_hooks';
+import {
+  useCanWritePolicyManagementOrHasFleetAccess,
+  usePolicyDetailsSelector,
+} from './policy_hooks';
 import { AdvancedPolicySchema } from '../models/advanced_policy_schema';
 
 function setValue(obj: Record<string, unknown>, value: string, path: string[]) {
@@ -146,7 +148,7 @@ const PolicyAdvanced = React.memo(
     lastSupportedVersion?: string;
     documentation: string;
   }) => {
-    const { canWritePolicyManagement } = useUserPrivileges().endpointPrivileges;
+    const canWritePolicyManagement = useCanWritePolicyManagementOrHasFleetAccess();
     const dispatch = useDispatch();
     const policyDetailsConfig = usePolicyDetailsSelector(policyConfig);
     const onChange = useCallback(

x-pack/plugins/security_solution/public/management/pages/policy/view/policy_details_form.tsx

@@ -55,9 +55,9 @@ export const PolicyDetailsForm = memo(() => {
     setShowAdvancedPolicy(!showAdvancedPolicy);
   }, [showAdvancedPolicy]);
   const isPlatinumPlus = useLicense().isPlatinumPlus();
-  const endpointPrivileges = useUserPrivileges().endpointPrivileges;
+  const { loading: authzLoading } = useUserPrivileges().endpointPrivileges;
 
-  if (endpointPrivileges.loading) {
+  if (authzLoading) {
     return <EuiLoadingContent lines={5} />;
   }
 

x-pack/plugins/security_solution/public/management/pages/policy/view/policy_forms/components/policy_form_layout.tsx

@@ -23,8 +23,10 @@ import { useLocation } from 'react-router-dom';
 import type { ApplicationStart } from '@kbn/core/public';
 import { toMountPoint } from '@kbn/kibana-react-plugin/public';
 import { useIsExperimentalFeatureEnabled } from '../../../../../../common/hooks/use_experimental_features';
-import { useUserPrivileges } from '../../../../../../common/components/user_privileges';
-import { usePolicyDetailsSelector } from '../../policy_hooks';
+import {
+  useCanWritePolicyManagementOrHasFleetAccess,
+  usePolicyDetailsSelector,
+} from '../../policy_hooks';
 import {
   policyDetails,
   agentStatusSummary,
@@ -52,7 +54,7 @@ export const PolicyFormLayout = React.memo(() => {
   } = useKibana();
   const toasts = useToasts();
   const { state: locationRouteState } = useLocation<PolicyDetailsRouteState>();
-  const { canWritePolicyManagement } = useUserPrivileges().endpointPrivileges;
+  const canWritePolicyManagement = useCanWritePolicyManagementOrHasFleetAccess();
 
   // Store values
   const policyItem = usePolicyDetailsSelector(policyDetails);

x-pack/plugins/security_solution/public/management/pages/policy/view/policy_forms/components/protection_radio.tsx

@@ -9,11 +9,13 @@ import React, { useCallback, useMemo } from 'react';
 import { useDispatch } from 'react-redux';
 import { cloneDeep } from 'lodash';
 import { htmlIdGenerator, EuiRadio } from '@elastic/eui';
-import { useUserPrivileges } from '../../../../../../common/components/user_privileges';
 import type { ImmutableArray, UIPolicyConfig } from '../../../../../../../common/endpoint/types';
 import { ProtectionModes } from '../../../../../../../common/endpoint/types';
 import type { MacPolicyProtection, LinuxPolicyProtection, PolicyProtection } from '../../../types';
-import { usePolicyDetailsSelector } from '../../policy_hooks';
+import {
+  useCanWritePolicyManagementOrHasFleetAccess,
+  usePolicyDetailsSelector,
+} from '../../policy_hooks';
 import { policyConfig } from '../../../store/policy_details/selectors';
 import type { AppAction } from '../../../../../../common/store/actions';
 import { useLicense } from '../../../../../../common/hooks/use_license';
@@ -35,7 +37,7 @@ export const ProtectionRadio = React.memo(
     const radioButtonId = useMemo(() => htmlIdGenerator()(), []);
     const selected = policyDetailsConfig && policyDetailsConfig.windows[protection].mode;
     const isPlatinumPlus = useLicense().isPlatinumPlus();
-    const { canWritePolicyManagement } = useUserPrivileges().endpointPrivileges;
+    const canWritePolicyManagement = useCanWritePolicyManagementOrHasFleetAccess();
 
     const handleRadioChange = useCallback(() => {
       if (policyDetailsConfig) {

x-pack/plugins/security_solution/public/management/pages/policy/view/policy_forms/components/protection_switch.tsx

@@ -10,10 +10,12 @@ import { useDispatch } from 'react-redux';
 import { i18n } from '@kbn/i18n';
 import { EuiSwitch } from '@elastic/eui';
 import { cloneDeep } from 'lodash';
-import { useUserPrivileges } from '../../../../../../common/components/user_privileges';
 import { useLicense } from '../../../../../../common/hooks/use_license';
 import { policyConfig } from '../../../store/policy_details/selectors';
-import { usePolicyDetailsSelector } from '../../policy_hooks';
+import {
+  useCanWritePolicyManagementOrHasFleetAccess,
+  usePolicyDetailsSelector,
+} from '../../policy_hooks';
 import type { AppAction } from '../../../../../../common/store/actions';
 import type {
   ImmutableArray,
@@ -41,8 +43,7 @@ export const ProtectionSwitch = React.memo(
   }) => {
     const policyDetailsConfig = usePolicyDetailsSelector(policyConfig);
     const isPlatinumPlus = useLicense().isPlatinumPlus();
-    const endpointPrivileges = useUserPrivileges().endpointPrivileges;
-    const { canWritePolicyManagement } = endpointPrivileges;
+    const canWritePolicyManagement = useCanWritePolicyManagementOrHasFleetAccess();
     const dispatch = useDispatch<(action: AppAction) => void>();
     const selected = policyDetailsConfig && policyDetailsConfig.windows[protection].mode;
 

x-pack/plugins/security_solution/public/management/pages/policy/view/policy_forms/components/user_notification.tsx

@@ -19,12 +19,14 @@ import {
   EuiText,
   EuiTextArea,
 } from '@elastic/eui';
-import { useUserPrivileges } from '../../../../../../common/components/user_privileges';
 import type { ImmutableArray, UIPolicyConfig } from '../../../../../../../common/endpoint/types';
 import { ProtectionModes } from '../../../../../../../common/endpoint/types';
 import type { PolicyProtection, MacPolicyProtection, LinuxPolicyProtection } from '../../../types';
 import { ConfigFormHeading } from '../../components/config_form';
-import { usePolicyDetailsSelector } from '../../policy_hooks';
+import {
+  useCanWritePolicyManagementOrHasFleetAccess,
+  usePolicyDetailsSelector,
+} from '../../policy_hooks';
 import { policyConfig } from '../../../store/policy_details/selectors';
 import type { AppAction } from '../../../../../../common/store/actions';
 import { SupportedVersionNotice } from './supported_version';
@@ -37,7 +39,7 @@ export const UserNotification = React.memo(
     protection: PolicyProtection;
     osList: ImmutableArray<Partial<keyof UIPolicyConfig>>;
   }) => {
-    const { canWritePolicyManagement } = useUserPrivileges().endpointPrivileges;
+    const canWritePolicyManagement = useCanWritePolicyManagementOrHasFleetAccess();
     const policyDetailsConfig = usePolicyDetailsSelector(policyConfig);
     const dispatch = useDispatch<(action: AppAction) => void>();
     const selected = policyDetailsConfig && policyDetailsConfig.windows[protection].mode;

x-pack/plugins/security_solution/public/management/pages/policy/view/policy_forms/protections/malware.tsx

@@ -19,7 +19,6 @@ import {
 import { OperatingSystem } from '@kbn/securitysolution-utils';
 import { useDispatch } from 'react-redux';
 import { cloneDeep } from 'lodash';
-import { useUserPrivileges } from '../../../../../../common/components/user_privileges';
 import { APP_UI_ID } from '../../../../../../../common/constants';
 import { SecurityPageName } from '../../../../../../app/types';
 import type {
@@ -36,7 +35,10 @@ import { RadioButtons } from '../components/radio_buttons';
 import { UserNotification } from '../components/user_notification';
 import { ProtectionSwitch } from '../components/protection_switch';
 import { policyConfig } from '../../../store/policy_details/selectors';
-import { usePolicyDetailsSelector } from '../../policy_hooks';
+import {
+  useCanWritePolicyManagementOrHasFleetAccess,
+  usePolicyDetailsSelector,
+} from '../../policy_hooks';
 import type { AppAction } from '../../../../../../common/store/actions';
 
 /** The Malware Protections form for policy details
@@ -60,7 +62,7 @@ export const MalwareProtections = React.memo(() => {
       defaultMessage: 'Blocklist enabled',
     }
   );
-  const { canWritePolicyManagement } = useUserPrivileges().endpointPrivileges;
+  const canWritePolicyManagement = useCanWritePolicyManagementOrHasFleetAccess();
   const isPlatinumPlus = useLicense().isPlatinumPlus();
   const dispatch = useDispatch<(action: AppAction) => void>();
   const policyDetailsConfig = usePolicyDetailsSelector(policyConfig);

x-pack/plugins/security_solution/public/management/pages/policy/view/policy_hooks.ts

@@ -13,6 +13,7 @@ import {
   ENDPOINT_EVENT_FILTERS_LIST_ID,
   ENDPOINT_TRUSTED_APPS_LIST_ID,
 } from '@kbn/securitysolution-list-constants';
+import { useUserPrivileges } from '../../../../common/components/user_privileges';
 import type { PolicyDetailsArtifactsPageLocation, PolicyDetailsState } from '../types';
 import type { State } from '../../../../common/store';
 import {
@@ -88,3 +89,16 @@ export const useIsPolicySettingsBarVisible = () => {
     window.location.pathname.includes('/settings')
   );
 };
+
+/**
+ * Indicates if user is granted Write access to Policy Management. This method differs from what
+ * `useUserPrivileges().endpointPrivileges.canWritePolicyManagement` in that it also checks if
+ * user has `canAccessFleet`. This is to ensure that the Policy Form remains accessible when
+ * when displayed inside of Fleet pages if the user does not have privileges to security solution
+ * policy management.
+ */
+export const useCanWritePolicyManagementOrHasFleetAccess = (): boolean => {
+  const { canWritePolicyManagement, canAccessFleet } = useUserPrivileges().endpointPrivileges;
+
+  return canWritePolicyManagement || canAccessFleet;
+};