github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 17:59:23 -04:00
Code Issues Projects Releases Packages Wiki Activity

Adds RBAC API checks for host isolation exceptions (#144021)

Browse source
This commit is contained in:
David Sánchez 2022-10-27 12:17:57 +02:00 committed by GitHub
parent 1ea3f45e2f
commit 7ce362cb4c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

22
x-pack/plugins/security_solution/server/lists_integration/endpoint/validators/host_isolation_exceptions_validator.ts
View file

@ -60,9 +60,18 @@ export class HostIsolationExceptionsValidator extends BaseValidator {
return item.listId === ENDPOINT_HOST_ISOLATION_EXCEPTIONS_LIST_ID;
}
protected async validateHasWritePrivilege(): Promise<void> {
return super.validateHasPrivilege('canWriteHostIsolationExceptions');
}
protected async validateHasReadPrivilege(): Promise<void> {
return super.validateHasPrivilege('canReadHostIsolationExceptions');
}
async validatePreCreateItem(
item: CreateExceptionListItemOptions
): Promise<CreateExceptionListItemOptions> {
await this.validateHasWritePrivilege();
await this.validateCanIsolateHosts();
await this.validateHostIsolationData(item);
await this.validateByPolicyItem(item);
@ -75,6 +84,7 @@ export class HostIsolationExceptionsValidator extends BaseValidator {
): Promise<UpdateExceptionListItemOptions> {
const updatedItem = _updatedItem as ExceptionItemLikeOptions;
await this.validateHasWritePrivilege();
await this.validateCanIsolateHosts();
await this.validateHostIsolationData(updatedItem);
await this.validateByPolicyItem(updatedItem);
@ -83,27 +93,27 @@ export class HostIsolationExceptionsValidator extends BaseValidator {
}
async validatePreGetOneItem(): Promise<void> {
await this.validateCanManageEndpointArtifacts();
await this.validateHasReadPrivilege();
}
async validatePreSummary(): Promise<void> {
await this.validateCanManageEndpointArtifacts();
await this.validateHasReadPrivilege();
}
async validatePreDeleteItem(): Promise<void> {
await this.validateCanManageEndpointArtifacts();
await this.validateHasWritePrivilege();
}
async validatePreExport(): Promise<void> {
await this.validateCanManageEndpointArtifacts();
await this.validateHasWritePrivilege();
}
async validatePreSingleListFind(): Promise<void> {
await this.validateCanManageEndpointArtifacts();
await this.validateHasReadPrivilege();
}
async validatePreMultiListFind(): Promise<void> {
await this.validateCanManageEndpointArtifacts();
await this.validateHasReadPrivilege();
}
async validatePreImport(): Promise<void> {