Add lint rule to prevent server code being imported into client (#52447)

x-pack/plugins/features/common/feature.ts

@@ -0,0 +1,120 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { FeatureKibanaPrivileges, FeatureKibanaPrivilegesSet } from './feature_kibana_privileges';
+
+/**
+ * Interface for registering a feature.
+ * Feature registration allows plugins to hide their applications with spaces,
+ * and secure access when configured for security.
+ */
+export interface Feature<
+  TPrivileges extends Partial<FeatureKibanaPrivilegesSet> = FeatureKibanaPrivilegesSet
+> {
+  /**
+   * Unique identifier for this feature.
+   * This identifier is also used when generating UI Capabilities.
+   *
+   * @see UICapabilities
+   */
+  id: string;
+
+  /**
+   * Display name for this feature.
+   * This will be displayed to end-users, so a translatable string is advised for i18n.
+   */
+  name: string;
+
+  /**
+   * Whether or not this feature should be excluded from the base privileges.
+   * This is primarily helpful when migrating applications with a "legacy" privileges model
+   * to use Kibana privileges. We don't want these features to be considered part of the `all`
+   * or `read` base privileges in a minor release if the user was previously granted access
+   * using an additional reserved role.
+   */
+  excludeFromBasePrivileges?: boolean;
+
+  /**
+   * Optional array of supported licenses.
+   * If omitted, all licenses are allowed.
+   * This does not restrict access to your feature based on license.
+   * Its only purpose is to inform the space and roles UIs on which features to display.
+   */
+  validLicenses?: Array<'basic' | 'standard' | 'gold' | 'platinum'>;
+
+  /**
+   * An optional EUI Icon to be used when displaying your feature.
+   */
+  icon?: string;
+
+  /**
+   * The optional Nav Link ID for feature.
+   * If specified, your link will be automatically hidden if needed based on the current space and user permissions.
+   */
+  navLinkId?: string;
+
+  /**
+   * An array of app ids that are enabled when this feature is enabled.
+   * Apps specified here will automatically cascade to the privileges defined below, unless specified differently there.
+   */
+  app: string[];
+
+  /**
+   * If this feature includes management sections, you can specify them here to control visibility of those
+   * pages based on the current space.
+   *
+   * Items specified here will automatically cascade to the privileges defined below, unless specified differently there.
+   *
+   * @example
+   * ```ts
+   *  // Enables access to the "Advanced Settings" management page within the Kibana section
+   *  management: {
+   *    kibana: ['settings']
+   *  }
+   * ```
+   */
+  management?: {
+    [sectionId: string]: string[];
+  };
+  /**
+   * If this feature includes a catalogue entry, you can specify them here to control visibility based on the current space.
+   *
+   * Items specified here will automatically cascade to the privileges defined below, unless specified differently there.
+   */
+  catalogue?: string[];
+
+  /**
+   * Feature privilege definition.
+   *
+   * @example
+   * ```ts
+   *  {
+   *    all: {...},
+   *    read: {...}
+   *  }
+   * ```
+   * @see FeatureKibanaPrivileges
+   */
+  privileges: TPrivileges;
+
+  /**
+   * Optional message to display on the Role Management screen when configuring permissions for this feature.
+   */
+  privilegesTooltip?: string;
+
+  /**
+   * @private
+   */
+  reserved?: {
+    privilege: FeatureKibanaPrivileges;
+    description: string;
+  };
+}
+
+export type FeatureWithAllOrReadPrivileges = Feature<{
+  all?: FeatureKibanaPrivileges;
+  read?: FeatureKibanaPrivileges;
+}>;

x-pack/plugins/features/common/feature_kibana_privileges.ts

@@ -0,0 +1,127 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+/**
+ * Feature privilege definition
+ */
+export interface FeatureKibanaPrivileges {
+  /**
+   * Whether or not this specific privilege should be excluded from the base privileges.
+   */
+  excludeFromBasePrivileges?: boolean;
+
+  /**
+   * If this feature includes management sections, you can specify them here to control visibility of those
+   * pages based on user privileges.
+   *
+   * @example
+   * ```ts
+   *  // Enables access to the "Advanced Settings" management page within the Kibana section
+   *  management: {
+   *    kibana: ['settings']
+   *  }
+   * ```
+   */
+  management?: {
+    [sectionId: string]: string[];
+  };
+
+  /**
+   * If this feature includes a catalogue entry, you can specify them here to control visibility based on user permissions.
+   */
+  catalogue?: string[];
+
+  /**
+   * If your feature includes server-side APIs, you can tag those routes to secure access based on user permissions.
+   *
+   * @example
+   * ```ts
+   *  // Configure your routes with a tag starting with the 'access:' prefix
+   *  server.route({
+   *    path: '/api/my-route',
+   *    method: 'GET',
+   *    handler: () => { ...},
+   *    options: {
+   *      tags: ['access:my_feature-admin']
+   *    }
+   *  });
+   *
+   *  Then, specify the tags here (without the 'access:' prefix) which should be secured:
+   *
+   *  {
+   *    api: ['my_feature-admin']
+   *  }
+   * ```
+   *
+   * NOTE: It is important to name your tags in a way that will not collide with other plugins/features.
+   * A generic tag name like "access:read" could be used elsewhere, and access to that API endpoint would also
+   * extend to any routes you have also tagged with that name.
+   */
+  api?: string[];
+
+  /**
+   * If your feature exposes a client-side application (most of them do!), then you can control access to them here.
+   *
+   * @example
+   * ```ts
+   *  {
+   *    app: ['my-app', 'kibana']
+   *  }
+   * ```
+   *
+   */
+  app?: string[];
+
+  /**
+   * If your feature requires access to specific saved objects, then specify your access needs here.
+   */
+  savedObject: {
+    /**
+     * List of saved object types which users should have full read/write access to when granted this privilege.
+     * @example
+     * ```ts
+     *  {
+     *    all: ['my-saved-object-type']
+     *  }
+     * ```
+     */
+    all: string[];
+
+    /**
+     * List of saved object types which users should have read-only access to when granted this privilege.
+     * @example
+     * ```ts
+     *  {
+     *    read: ['config']
+     *  }
+     * ```
+     */
+    read: string[];
+  };
+  /**
+   * A list of UI Capabilities that should be granted to users with this privilege.
+   * These capabilities will automatically be namespaces within your feature id.
+   *
+   * @example
+   * ```ts
+   *  {
+   *    ui: ['show', 'save']
+   *  }
+   *
+   *  This translates in the UI to the following (assuming a feature id of "foo"):
+   *  import { uiCapabilities } from 'ui/capabilities';
+   *
+   *  const canShowApp = uiCapabilities.foo.show;
+   *  const canSave = uiCapabilities.foo.save;
+   * ```
+   * Note: Since these are automatically namespaced, you are free to use generic names like "show" and "save".
+   *
+   * @see UICapabilities
+   */
+  ui: string[];
+}
+
+export type FeatureKibanaPrivilegesSet = Record<string, FeatureKibanaPrivileges>;

x-pack/plugins/features/common/index.ts

@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+export { FeatureKibanaPrivileges } from './feature_kibana_privileges';
+export * from './feature';