[8.15] [Fleet] Fix privileges to delete request diagnostics (#187678) (#187757)

# Backport

This will backport the following commits from `main` to `8.15`:
- [[Fleet] Fix privileges to delete request diagnostics
(#187678)](https://github.com/elastic/kibana/pull/187678)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Nicolas
Chaulet","email":"nicolas.chaulet@elastic.co"},"sourceCommit":{"committedDate":"2024-07-08T14:33:18Z","message":"[Fleet]
Fix privileges to delete request diagnostics
(#187678)","sha":"6590457792143880d12f2f62fd0f5aaf2d4927a8","branchLabelMapping":{"^v8.16.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","Team:Fleet","backport:prev-minor","v8.16.0"],"title":"[Fleet]
Fix privileges to delete request
diagnostics","number":187678,"url":"https://github.com/elastic/kibana/pull/187678","mergeCommit":{"message":"[Fleet]
Fix privileges to delete request diagnostics
(#187678)","sha":"6590457792143880d12f2f62fd0f5aaf2d4927a8"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/187678","number":187678,"mergeCommit":{"message":"[Fleet]
Fix privileges to delete request diagnostics
(#187678)","sha":"6590457792143880d12f2f62fd0f5aaf2d4927a8"}}]}]
BACKPORT-->

Co-authored-by: Nicolas Chaulet <nicolas.chaulet@elastic.co>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>

x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_details_page/components/agent_diagnostics/index.tsx

@@ -232,32 +232,39 @@ export const AgentDiagnosticsTab: React.FunctionComponent<AgentDiagnosticsProps>
         );
       },
     },
-    {
-      name: i18n.translate('xpack.fleet.requestDiagnostics.tableColumns.actionsLabelText', {
-        defaultMessage: 'Actions',
-      }),
-      width: '70px',
-      actions: [
-        {
-          type: 'icon',
-          icon: 'trash',
-          color: 'danger',
-          name: i18n.translate('xpack.fleet.requestDiagnostics.tableColumns.deleteButtonText', {
-            defaultMessage: 'Delete',
-          }),
-          available: (item: AgentDiagnostics) => item.status === 'READY',
-          description: i18n.translate(
-            'xpack.fleet.requestDiagnostics.tableColumns.deleteButtonDesc',
-            {
-              defaultMessage: 'Delete diagnostics file',
-            }
-          ),
-          onClick: (item: AgentDiagnostics) => {
-            deleteFile(item.id);
+    ...((authz.fleet.allAgents
+      ? [
+          {
+            name: i18n.translate('xpack.fleet.requestDiagnostics.tableColumns.actionsLabelText', {
+              defaultMessage: 'Actions',
+            }),
+            width: '70px',
+            actions: [
+              {
+                type: 'icon',
+                icon: 'trash',
+                color: 'danger',
+                name: i18n.translate(
+                  'xpack.fleet.requestDiagnostics.tableColumns.deleteButtonText',
+                  {
+                    defaultMessage: 'Delete',
+                  }
+                ),
+                available: (item: AgentDiagnostics) => item.status === 'READY',
+                description: i18n.translate(
+                  'xpack.fleet.requestDiagnostics.tableColumns.deleteButtonDesc',
+                  {
+                    defaultMessage: 'Delete diagnostics file',
+                  }
+                ),
+                onClick: (item: AgentDiagnostics) => {
+                  deleteFile(item.id);
+                },
+              },
+            ],
           },
-        },
-      ],
-    },
+        ]
+      : []) as Array<EuiBasicTableColumn<AgentDiagnostics>>),
   ];
 
   const requestDiagnosticsButton = (

x-pack/plugins/fleet/server/routes/agent/index.ts

@@ -338,7 +338,7 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
     .delete({
       path: AGENT_API_ROUTES.DELETE_UPLOAD_FILE_PATTERN,
       fleetAuthz: {
-        fleet: { readAgents: true },
+        fleet: { allAgents: true },
       },
     })
     .addVersion(

x-pack/test/fleet_api_integration/apis/agents/privileges.ts

@@ -10,12 +10,18 @@ import {
   AGENTS_INDEX,
   PACKAGE_POLICY_SAVED_OBJECT_TYPE,
 } from '@kbn/fleet-plugin/common';
+import {
+  FILE_STORAGE_DATA_AGENT_INDEX,
+  FILE_STORAGE_METADATA_AGENT_INDEX,
+} from '@kbn/fleet-plugin/server/constants';
 
 import { FtrProviderContext } from '../../../api_integration/ftr_provider_context';
 import { generateAgent } from '../../helpers';
 import { runPrivilegeTests } from '../../privileges_helpers';
 import { testUsers } from '../test_users';
 
+const ES_INDEX_OPTIONS = { headers: { 'X-elastic-product-origin': 'fleet' } };
+
 export default function (providerContext: FtrProviderContext) {
   const { getService } = providerContext;
   const esArchiver = getService('esArchiver');
@@ -177,6 +183,66 @@ export default function (providerContext: FtrProviderContext) {
       });
     };
 
+    const createFileBeforeEach = async () => {
+      await es.index(
+        {
+          id: 'file1.0',
+          refresh: 'wait_for',
+          op_type: 'create',
+          index: FILE_STORAGE_DATA_AGENT_INDEX,
+          document: {
+            bid: 'file1',
+            '@timestamp': new Date().toISOString(),
+            last: true,
+            data: 'test',
+          },
+        },
+        ES_INDEX_OPTIONS
+      );
+
+      await es.index(
+        {
+          index: FILE_STORAGE_METADATA_AGENT_INDEX,
+          id: 'file1',
+          refresh: true,
+          op_type: 'create',
+          body: {
+            '@timestamp': new Date().toISOString(),
+            upload_id: 'file1',
+            action_id: `fleet_uploads_test-file1-action`,
+            agent_id: 'agent1',
+            file: {
+              ChunkSize: 4194304,
+              extension: 'zip',
+              hash: {},
+              mime_type: 'application/zip',
+              mode: '0644',
+              name: `elastic-agent-diagnostics-file-name.zip`,
+              path: `/agent/elastic-agent-diagnostics-file-name.zip`,
+              size: 24917,
+              Status: 'READY',
+              type: 'file',
+            },
+          },
+        },
+        ES_INDEX_OPTIONS
+      );
+    };
+
+    const deleteFileAfterEach = async () => {
+      await es.deleteByQuery(
+        {
+          index: `${FILE_STORAGE_DATA_AGENT_INDEX},${FILE_STORAGE_METADATA_AGENT_INDEX}`,
+          refresh: true,
+          ignore_unavailable: true,
+          query: {
+            match_all: {},
+          },
+        },
+        ES_INDEX_OPTIONS
+      );
+    };
+
     const ROUTES = [
       // READ scenarios
       {
@@ -204,6 +270,13 @@ export default function (providerContext: FtrProviderContext) {
         path: '/api/fleet/agents/agent1/request_diagnostics',
         scenarios: READ_SCENARIOS,
       },
+      {
+        method: 'GET',
+        path: '/api/fleet/agents/files/file1/elastic-agent-diagnostics-file-name.zip',
+        scenarios: READ_SCENARIOS,
+        beforeEach: createFileBeforeEach,
+        afterEach: deleteFileAfterEach,
+      },
 
       // ALL scenarios
       {
@@ -238,6 +311,13 @@ export default function (providerContext: FtrProviderContext) {
         beforeEach: updateAgentBeforeEach,
         afterEach: updateAgentAfterEach,
       },
+      {
+        method: 'DELETE',
+        path: '/api/fleet/agents/files/file1',
+        scenarios: ALL_SCENARIOS,
+        beforeEach: createFileBeforeEach,
+        afterEach: deleteFileAfterEach,
+      },
     ];
     before(async () => {
       // Make agent 1 upgradeable