[Security Solution][Endpoint] Fix Policy form being displayed as Read Only when displayed in Fleet pages #147212
Conversation
…ivileges().endpointPrivileges` instead
…et by endpoint components
…cess and use it in policy form components
|
Pinging @elastic/security-onboarding-and-lifecycle-mgt (Team:Onboarding and Lifecycle Mgt) |
x-pack/plugins/security_solution/public/management/pages/policy/view/policy_hooks.ts
Outdated
Show resolved
Hide resolved
…olicy-form-shown-in-fleet
…olicy-form-shown-in-fleet # Conflicts: # x-pack/plugins/security_solution/public/management/pages/policy/view/ingest_manager_integration/endpoint_package_custom_extension/endpoint_package_custom_extension.tsx
…olicy-form-shown-in-fleet
…olicy-form-shown-in-fleet
|
checked it out and tried it, LGTM! When
When Fleet ALL and Policy Mgmt none, we can still edit in Fleet ✅ When Policy Mgmt is ALL, we can edit in Security ✅ When Policy Mgmt is Read, we can only read in Security ✅ |
💚 Build Succeeded
Metrics [docs]Async chunks
Page load bundle
Unknown metric groupsESLint disabled in files
ESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: |
There was a problem hiding this comment.
Checked it out and works as expected. I tested with the following RBAC privileges on a custom role.
-
policy management:read,fleet:all,integrations:all/read. On the security side, I could only view the policy settings but not edit them. All form inputs/toggles were disabled and there was noSavebutton. -
policy management:all,fleet:all,integrations:all/read. On the security side, I could view and edit the policy settings. All input/toggles were enabled and I could see theSavebutton. -
policy management:none,fleet:all,integrations:all/read. On the security side, I could not see thepolicylink, and accessing the page with the URL shows me theprivileges requiredcallout.
-
policy management:none,fleet:all,integrations:all. On the fleet side, I could view and edit the policy settings. -
policy management:none,fleet:all,integrations:read. On the fleet side, I could view but not edit the policy form. However, I could toggle some of the settings/inputs on the form, which is not the same as on the form on the security side where all form inputs/toggles are all disabled. Also clicking on cancel showsDiscard Changes?confirm modal even where there are no changes to the form. I presume this is a bug on the fleet side and not related to changes here.
Here are screenshots to compare for 5.
security side (policy management:read, fleet:all, integrations:all/read)
fleet side (policy management:none, fleet:all, integrations:read)
| }); | ||
| }); | ||
| afterEach(() => { | ||
| useUserPrivilegesMock.mockReturnValue(getUserPrivilegesMockDefaultValue()); | ||
| }); |
There was a problem hiding this comment.
I think this should be in the beforeEach hook, because now the first test case passes accidentally, because it receives a mocked return value that's okay, but it comes from somewhere else, it's not defined in this file.
Actually I think it is weird that the first test passes - the return value of useUserPrivileges should be undefined until we configure a mock return value. But it looks like it is configured somewhere, but I couldn't find where. Do you have any idea? Does it maybe come from the depths of createFleetContextRendererMock()?
There was a problem hiding this comment.
Yeah, some of our most used hooks are "auto-mocked" via Jest's __mocks__ directory. The useUserPrivileges() hook is one of those that you don't have to explicitly set on initial load - its mocked to set all privileges to true here:
There was a problem hiding this comment.
Oh, cool! That's good to know, thanks! And now I see that you are restoring exactly the same default implementation, great!
* main: (21 commits) [Profiling] Remove link to 'Other' bucket (elastic#147523) [Synthetics UI] Add missing configuration options to the add/edit monitor forms (elastic#147265) [DOCS] Updates what's new pages (elastic#147483) [Fleet][Endpoint][RBAC V2] Update fleet router and config to allow API access via RBAC controls (elastic#145361) [Guided onboarding] Update guide IDs (elastic#147348) [Synthetics] Add synthetics settings alerting default (elastic#147339) [Security Solution][Endpoint] Fix Policy form being displayed as Read Only when displayed in Fleet pages (elastic#147212) [Cases] Save draft user comment (elastic#146327) [API Docs] Fix `--plugin` filter (elastic#147500) [Fleet] added a logic to use `destinationId` when tagging imported SOs (elastic#147439) Do not skip UPDATE_TARGET_MAPPINGS if upgrading to a newer stack version (elastic#147503) [Discover] Validate if Data View time field exists on Alert creation / editing (elastic#146324) [Discover] Fix Discover navigation from Lens embeddable (elastic#147000) Allow users to Update API Keys (elastic#146237) Update dependency xstate to ^4.35.0 (main) (elastic#147463) [Behavioral Analytics] Remove feature flag to hide functionality (elastic#147429) [Fleet] Add agent policy `inactivity_timeout`experimental setting (elastic#147432) [APM] Switching service groups from grid to flex layout (elastic#147448) [Fleet] Add missing endpoints to openApi specs (elastic#147452) [AO] Allow providing custom time range for Alert Summary Widget (elastic#147253) ...
Summary
Tested:
With Role that DOES NOT have access to Security Solution
With Role that does have
policy managementprivilege to Security Solution