Show sub-feature privileges when using the Basic license (#142020)

* Augments /api/security/privileges with optional respectLicenseLevel parameter for use by the edit_role_page. Implements fix for 125289 - Show sub-feature privileges when using the Basic license * Changed EuiTooltip to EuiIconTip. * Updated unit tests for feature table expanded row to include new property checks. * Renamed property to improve readability and reduce confusion. Fixed state of switch checked in sub-feature customization. * [CI] Auto-commit changed files from 'node scripts/eslint --no-cache --fix' * Fixed privilege get API default for 'respectLicenseLevel'. Updated privilege unit tests. * [CI] Auto-commit changed files from 'node scripts/precommit_hook.js --ref HEAD~1..HEAD --fix' * Uodated test description to match property name. * Updated privilege API integration tests to include new 'respectLicenseLevel' optional parameter. * Replaced empty fragment with undefined. Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Thom Heymann <190132+thomheymann@users.noreply.github.com>
2025-06-27 18:51:07 -04:00 · 2022-10-11 09:33:58 -04:00 · 2022-10-11 09:33:58 -04:00 · fb632caa33
commit fb632caa33
parent b6885f21c6
11 changed files with 638 additions and 100 deletions
--- a/x-pack/test/api_integration/apis/security/privileges_basic.ts
+++ b/x-pack/test/api_integration/apis/security/privileges_basic.ts
@ -79,6 +79,95 @@ export default function ({ getService }: FtrProviderContext) {
          })
          .expect(200);
      });
+
+      it('should include sub-feature privileges when respectlicenseLevel is false', async () => {
+        const expected = {
+          global: ['all', 'read'],
+          space: ['all', 'read'],
+          features: {
+            graph: ['all', 'read', 'minimal_all', 'minimal_read'],
+            savedObjectsTagging: ['all', 'read', 'minimal_all', 'minimal_read'],
+            canvas: ['all', 'read', 'minimal_all', 'minimal_read'],
+            maps: ['all', 'read', 'minimal_all', 'minimal_read'],
+            generalCases: ['all', 'read', 'minimal_all', 'minimal_read', 'cases_delete'],
+            observabilityCases: ['all', 'read', 'minimal_all', 'minimal_read', 'cases_delete'],
+            fleetv2: ['all', 'read', 'minimal_all', 'minimal_read'],
+            fleet: ['all', 'read', 'minimal_all', 'minimal_read'],
+            actions: ['all', 'read', 'minimal_all', 'minimal_read'],
+            stackAlerts: ['all', 'read', 'minimal_all', 'minimal_read'],
+            ml: ['all', 'read', 'minimal_all', 'minimal_read'],
+            siem: ['all', 'read', 'minimal_all', 'minimal_read'],
+            uptime: ['all', 'read', 'minimal_all', 'minimal_read'],
+            securitySolutionCases: ['all', 'read', 'minimal_all', 'minimal_read', 'cases_delete'],
+            infrastructure: ['all', 'read', 'minimal_all', 'minimal_read'],
+            logs: ['all', 'read', 'minimal_all', 'minimal_read'],
+            apm: ['all', 'read', 'minimal_all', 'minimal_read'],
+            discover: [
+              'all',
+              'read',
+              'minimal_all',
+              'minimal_read',
+              'url_create',
+              'store_search_session',
+            ],
+            visualize: ['all', 'read', 'minimal_all', 'minimal_read', 'url_create'],
+            dashboard: [
+              'all',
+              'read',
+              'minimal_all',
+              'minimal_read',
+              'url_create',
+              'store_search_session',
+            ],
+            dev_tools: ['all', 'read', 'minimal_all', 'minimal_read'],
+            advancedSettings: ['all', 'read', 'minimal_all', 'minimal_read'],
+            indexPatterns: ['all', 'read', 'minimal_all', 'minimal_read'],
+            savedObjectsManagement: ['all', 'read', 'minimal_all', 'minimal_read'],
+            osquery: [
+              'all',
+              'read',
+              'minimal_all',
+              'minimal_read',
+              'live_queries_all',
+              'live_queries_read',
+              'run_saved_queries',
+              'saved_queries_all',
+              'saved_queries_read',
+              'packs_all',
+              'packs_read',
+            ],
+          },
+          reserved: ['fleet-setup', 'ml_user', 'ml_admin', 'ml_apm_user', 'monitoring'],
+        };
+
+        await supertest
+          .get('/api/security/privileges?respectLicenseLevel=false')
+          .set('kbn-xsrf', 'xxx')
+          .send()
+          .expect(200)
+          .expect((res: any) => {
+            // when comparing privileges, the order of the privileges doesn't matter.
+            // supertest uses assert.deepStrictEqual.
+            // expect.js doesn't help us here.
+            // and lodash's isEqual doesn't know how to compare Sets.
+            const success = isEqualWith(res.body, expected, (value, other, key) => {
+              if (Array.isArray(value) && Array.isArray(other)) {
+                return isEqual(value.sort(), other.sort());
+              }
+
+              // Lodash types aren't correct, `undefined` should be supported as a return value here and it
+              // has special meaning.
+              return undefined as any;
+            });
+
+            if (!success) {
+              throw new Error(
+                `Expected ${util.inspect(res.body)} to equal ${util.inspect(expected)}`
+              );
+            }
+          })
+          .expect(200);
+      });
    });
  });
 }