mirror of
https://github.com/elastic/kibana.git
synced 2025-04-24 17:59:23 -04:00
ad0e1d9d9d
## Summary This PR migrates the last routes with `access:<privilege>` tags used in route definitions to new security configuration. Please refer to the documentation for more information: [Authorization API](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization) ### **Before Migration:** Access control tags were defined in the `options` object of the route: ```ts router.get({ path: '/api/path', options: { tags: ['access:<privilege_1>', 'access:<privilege_2>'], }, ... }, handler); ``` ### **After Migration:** Tags have been replaced with the more robust `security.authz.requiredPrivileges` field under `security`: ```ts router.get({ path: '/api/path', security: { authz: { requiredPrivileges: ['<privilege_1>', '<privilege_2>'], }, }, ... }, handler); ``` ### Checklist - [x] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
91 lines
2.5 KiB
TypeScript
91 lines
2.5 KiB
TypeScript
/*
|
|
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
|
* or more contributor license agreements. Licensed under the "Elastic License
|
|
* 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
|
|
* Public License v 1"; you may not use this file except in compliance with, at
|
|
* your election, the "Elastic License 2.0", the "GNU Affero General Public
|
|
* License v3.0 only", or the "Server Side Public License, v 1".
|
|
*/
|
|
|
|
import { CoreSetup, DEFAULT_APP_CATEGORIES, Plugin } from '@kbn/core/server';
|
|
import {
|
|
FeaturesPluginSetup,
|
|
// PluginStartContract as FeaturesPluginStart,
|
|
} from '@kbn/features-plugin/server';
|
|
import { KibanaFeatureScope } from '@kbn/features-plugin/common';
|
|
import { FEATURE_PRIVILEGES_PLUGIN_ID } from '../common';
|
|
|
|
export interface FeatureControlExampleDeps {
|
|
features: FeaturesPluginSetup;
|
|
}
|
|
|
|
export class FeatureControlsPluginExample
|
|
implements Plugin<void, void, any, FeatureControlExampleDeps>
|
|
{
|
|
public setup(core: CoreSetup, { features }: FeatureControlExampleDeps) {
|
|
features.registerKibanaFeature({
|
|
id: FEATURE_PRIVILEGES_PLUGIN_ID,
|
|
name: 'Feature Plugin Examples',
|
|
category: DEFAULT_APP_CATEGORIES.management,
|
|
app: ['FeaturePluginExample'],
|
|
scope: [KibanaFeatureScope.Spaces, KibanaFeatureScope.Security],
|
|
privileges: {
|
|
all: {
|
|
app: ['FeaturePluginExample'],
|
|
savedObject: {
|
|
all: [],
|
|
read: [],
|
|
},
|
|
api: ['my_closed_example_api'],
|
|
ui: ['view', 'create', 'edit', 'delete', 'assign'],
|
|
},
|
|
read: {
|
|
app: ['FeaturePluginExample'],
|
|
savedObject: {
|
|
all: [],
|
|
read: ['tag'],
|
|
},
|
|
api: [],
|
|
ui: ['view'],
|
|
},
|
|
},
|
|
});
|
|
|
|
const router = core.http.createRouter();
|
|
router.get(
|
|
{
|
|
path: '/internal/my_plugin/read',
|
|
validate: false,
|
|
},
|
|
async (context, request, response) => {
|
|
return response.ok({
|
|
body: {
|
|
time: new Date().toISOString(),
|
|
},
|
|
});
|
|
}
|
|
);
|
|
router.get(
|
|
{
|
|
path: '/internal/my_plugin/sensitive_action',
|
|
validate: false,
|
|
security: {
|
|
authz: {
|
|
requiredPrivileges: ['my_closed_example_api'],
|
|
},
|
|
},
|
|
},
|
|
async (context, request, response) => {
|
|
return response.ok({
|
|
body: {
|
|
time: new Date().toISOString(),
|
|
},
|
|
});
|
|
}
|
|
);
|
|
}
|
|
|
|
start() {
|
|
return {};
|
|
}
|
|
}
|