Checking if security license isEnabled, and if not, throwing 404 that is expected downstream (#142410) (#142638)

(cherry picked from commit 36b2296fe8) Co-authored-by: Kurt <kc13greiner@users.noreply.github.com>
2025-04-24 09:48:58 -04:00 · 2022-10-04 11:33:11 -06:00 · 2022-10-04 11:33:11 -06:00 · 042caf313d
commit 042caf313d
parent 9c5a6f20c5
2 changed files with 28 additions and 1 deletions
--- a/x-pack/plugins/security/server/routes/authorization/spaces/share_saved_object_permissions.test.ts
+++ b/x-pack/plugins/security/server/routes/authorization/spaces/share_saved_object_permissions.test.ts
@ -36,6 +36,7 @@ describe('Share Saved Object Permissions', () => {
  describe('GET /internal/security/_share_saved_object_permissions', () => {
    let routeHandler: RequestHandler<any, any, any, SecurityRequestHandlerContext>;
    let routeConfig: RouteConfig<any, any, any, any>;
+
    beforeEach(() => {
      const [shareRouteConfig, shareRouteHandler] = router.get.mock.calls.find(
        ([{ path }]) => path === '/internal/security/_share_saved_object_permissions'
@ -50,6 +51,24 @@ describe('Share Saved Object Permissions', () => {
      expect(routeConfig.validate).toHaveProperty('query');
    });

+    it('returns `not found` when security is diabled', async () => {
+      routeParamsMock.license.isEnabled = jest.fn().mockReturnValue(false);
+
+      const request = httpServerMock.createKibanaRequest({
+        query: {
+          type: 'foo-type',
+        },
+      });
+
+      await expect(
+        routeHandler(mockContext, request, kibanaResponseFactory)
+      ).resolves.toMatchObject({
+        status: 404,
+      });
+
+      expect(routeParamsMock.license.isEnabled).toHaveBeenCalled();
+    });
+
    it('returns `true` when the user is authorized globally', async () => {
      const checkPrivilegesWithRequest = jest.fn().mockResolvedValue({ hasAllRequested: true });

--- a/x-pack/plugins/security/server/routes/authorization/spaces/share_saved_object_permissions.ts
+++ b/x-pack/plugins/security/server/routes/authorization/spaces/share_saved_object_permissions.ts
@ -11,7 +11,11 @@ import type { RouteDefinitionParams } from '../..';
 import { wrapIntoCustomErrorResponse } from '../../../errors';
 import { createLicensedRouteHandler } from '../../licensed_route_handler';

-export function defineShareSavedObjectPermissionRoutes({ router, authz }: RouteDefinitionParams) {
+export function defineShareSavedObjectPermissionRoutes({
+  router,
+  authz,
+  license,
+}: RouteDefinitionParams) {
  router.get(
    {
      path: '/internal/security/_share_saved_object_permissions',
@ -21,6 +25,10 @@ export function defineShareSavedObjectPermissionRoutes({ router, authz }: RouteD
      let shareToAllSpaces = true;
      const { type } = request.query;

+      if (!license.isEnabled()) {
+        return response.notFound();
+      }
+
      try {
        const checkPrivileges = authz.checkPrivilegesWithRequest(request);
        shareToAllSpaces = (