[Security solution] [Endpoint] Hide Add endpoint event filter option when wrong permission (#126329)

* Hide Add endpoint event filter option from context menu and take action button when user does not have the right permissions

* Fix unit test

* Disable add endpoint event filters option when no sufficient privileges instead of hide it

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>

x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/alert_context_menu.tsx

@@ -14,6 +14,7 @@ import { ExceptionListType } from '@kbn/securitysolution-io-ts-list-types';
 import { get } from 'lodash/fp';
 import { useRouteSpy } from '../../../../common/utils/route/use_route_spy';
 import { buildGetAlertByIdQuery } from '../../../../common/components/exceptions/helpers';
+import { useUserPrivileges } from '../../../../common/components/user_privileges';
 import { EventsTdContent } from '../../../../timelines/components/timeline/styles';
 import { DEFAULT_ACTION_BUTTON_WIDTH } from '../../../../../../timelines/public';
 import { Ecs } from '../../../../../common/ecs';
@@ -77,6 +78,13 @@ const AlertContextMenuComponent: React.FC<AlertContextMenuProps & PropsFromRedux
     ariaLabel: ATTACH_ALERT_TO_CASE_FOR_ROW({ ariaRowindex, columnValues }),
   });
 
+  const { loading: canAccessEndpointManagementLoading, canAccessEndpointManagement } =
+    useUserPrivileges().endpointPrivileges;
+  const canCreateEndpointEventFilters = useMemo(
+    () => !canAccessEndpointManagementLoading && canAccessEndpointManagement,
+    [canAccessEndpointManagement, canAccessEndpointManagementLoading]
+  );
+
   const alertStatus = get(0, ecsRowData?.kibana?.alert?.workflow_status) as Status | undefined;
 
   const isEvent = useMemo(() => indexOf(ecsRowData.event?.kind, 'event') !== -1, [ecsRowData]);
@@ -165,7 +173,7 @@ const AlertContextMenuComponent: React.FC<AlertContextMenuProps & PropsFromRedux
   });
   const { eventFilterActionItems } = useEventFilterAction({
     onAddEventFilterClick: handleOnAddEventFilterClick,
-    disabled: !isEvent,
+    disabled: !isEvent || !canCreateEndpointEventFilters,
   });
   const items: React.ReactElement[] = useMemo(
     () =>

x-pack/plugins/security_solution/public/detections/components/take_action_dropdown/index.test.tsx

@@ -18,6 +18,10 @@ import { mockTimelines } from '../../../common/mock/mock_timelines_plugin';
 import { createStartServicesMock } from '../../../common/lib/kibana/kibana_react.mock';
 import { useKibana } from '../../../common/lib/kibana';
 import { mockCasesContract } from '../../../../../cases/public/mocks';
+import { initialUserPrivilegesState as mockInitialUserPrivilegesState } from '../../../common/components/user_privileges/user_privileges_context';
+import { useUserPrivileges } from '../../../common/components/user_privileges';
+
+jest.mock('../../../common/components/user_privileges');
 
 jest.mock('../user_info', () => ({
   useUserData: jest.fn().mockReturnValue([{ canUserCRUD: true, hasIndexWrite: true }]),
@@ -232,6 +236,28 @@ describe('take action dropdown', () => {
       });
     });
 
+    test('should disable the "Add Endpoint event filter" button if no endpoint management privileges', async () => {
+      (useUserPrivileges as jest.Mock).mockReturnValue({
+        ...mockInitialUserPrivilegesState(),
+        endpointPrivileges: { loading: false, canAccessEndpointManagement: false },
+      });
+      wrapper = mount(
+        <TestProviders>
+          <TakeActionDropdown
+            {...defaultProps}
+            detailsData={modifiedMockDetailsData}
+            ecsData={getEcsDataWithAgentType('endpoint')}
+          />
+        </TestProviders>
+      );
+      wrapper.find('button[data-test-subj="take-action-dropdown-btn"]').simulate('click');
+      await waitFor(() => {
+        expect(
+          wrapper.find('[data-test-subj="add-event-filter-menu-item"]').first().getDOMNode()
+        ).toBeDisabled();
+      });
+    });
+
     test('should hide the "Add Endpoint event filter" button if provided no event from endpoint', async () => {
       wrapper = mount(
         <TestProviders>

x-pack/plugins/security_solution/public/detections/components/take_action_dropdown/index.tsx

@@ -21,6 +21,7 @@ import type { Ecs } from '../../../../common/ecs';
 import { Status } from '../../../../common/detection_engine/schemas/common/schemas';
 import { isAlertFromEndpointAlert } from '../../../common/utils/endpoint_alert_check';
 import { useIsExperimentalFeatureEnabled } from '../../../common/hooks/use_experimental_features';
+import { useUserPrivileges } from '../../../common/components/user_privileges';
 import { useAddToCaseActions } from '../alerts_table/timeline_actions/use_add_to_case_actions';
 interface ActionsData {
   alertStatus: Status;
@@ -59,6 +60,13 @@ export const TakeActionDropdown = React.memo(
     timelineId,
   }: TakeActionDropdownProps) => {
     const tGridEnabled = useIsExperimentalFeatureEnabled('tGridEnabled');
+    const { loading: canAccessEndpointManagementLoading, canAccessEndpointManagement } =
+      useUserPrivileges().endpointPrivileges;
+
+    const canCreateEndpointEventFilters = useMemo(
+      () => !canAccessEndpointManagementLoading && canAccessEndpointManagement,
+      [canAccessEndpointManagement, canAccessEndpointManagementLoading]
+    );
 
     const [isPopoverOpen, setIsPopoverOpen] = useState(false);
 
@@ -134,7 +142,7 @@ export const TakeActionDropdown = React.memo(
 
     const { eventFilterActionItems } = useEventFilterAction({
       onAddEventFilterClick: handleOnAddEventFilterClick,
-      disabled: !isEndpointEvent,
+      disabled: !isEndpointEvent || !canCreateEndpointEventFilters,
     });
 
     const onMenuItemClick = useCallback(() => {