-
Notifications
You must be signed in to change notification settings - Fork 8.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[App Search] Add roleHasScopedEngines helper + small
roles/ cleanup (…
…#94038) (#94144) * Split out roles/ into separate files - in preparation for new scoped engines helper * Add new roleHasScopedEngines helper Co-authored-by: Constance <[email protected]>
- Loading branch information
1 parent
bdbff61
commit a25fdc3
Showing
6 changed files
with
163 additions
and
108 deletions.
There are no files selected for viewing
File renamed without changes.
68 changes: 68 additions & 0 deletions
68
...plugins/enterprise_search/public/applications/app_search/utils/role/get_role_abilities.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,68 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the Elastic License | ||
| * 2.0; you may not use this file except in compliance with the Elastic License | ||
| * 2.0. | ||
| */ | ||
|
|
||
| import { Account } from '../../types'; | ||
|
|
||
| import { RoleTypes, AbilityTypes, Role } from './types'; | ||
|
|
||
| /** | ||
| * Transforms the `role` data we receive from the Enterprise Search | ||
| * server into a more convenient format for front-end use | ||
| */ | ||
| export const getRoleAbilities = (role: Account['role']): Role => { | ||
| // Role ability function helpers | ||
| const myRole = { | ||
| can: (action: AbilityTypes, subject: string): boolean => { | ||
| return ( | ||
| role?.ability?.manage?.includes(subject) || | ||
| (Array.isArray(role.ability[action]) && role.ability[action].includes(subject)) | ||
| ); | ||
| }, | ||
| }; | ||
|
|
||
| // Clone top-level role props, and move some props out of `ability` and into the top-level for convenience | ||
| const topLevelProps = { | ||
| id: role.id, | ||
| roleType: role.roleType as RoleTypes, | ||
| availableRoleTypes: role.ability.availableRoleTypes as RoleTypes[], | ||
| credentialTypes: role.ability.credentialTypes, | ||
| }; | ||
|
|
||
| // Ability shorthands (also in top level of role obj for convenience) | ||
| // Example usage: `const { myRole: { canViewSettings } } = useValues(AppLogic);` | ||
| const abilities = { | ||
| canAccessAllEngines: role.ability.accessAllEngines, | ||
| canViewMetaEngines: myRole.can('view', 'account_meta_engines'), | ||
| canViewAccountCredentials: myRole.can('view', 'account_credentials'), | ||
| canViewEngineAnalytics: myRole.can('view', 'engine_analytics'), | ||
| canViewEngineApiLogs: myRole.can('view', 'engine_api_logs'), | ||
| canViewEngineCrawler: myRole.can('view', 'engine_crawler'), | ||
| canViewEngineCredentials: myRole.can('view', 'engine_credentials'), | ||
| canViewEngineDocuments: myRole.can('view', 'engine_documents'), | ||
| canViewEngineSchema: myRole.can('view', 'engine_schema'), | ||
| canViewEngineQueryTester: myRole.can('view', 'engine_query_tester'), | ||
| canViewMetaEngineSourceEngines: myRole.can('view', 'meta_engine_source_engines'), | ||
| canViewSettings: myRole.can('view', 'account_settings'), | ||
| canViewRoleMappings: myRole.can('view', 'role_mappings'), | ||
| canManageEngines: myRole.can('manage', 'account_engines'), | ||
| canManageMetaEngines: myRole.can('manage', 'account_meta_engines'), | ||
| canManageLogSettings: myRole.can('manage', 'account_log_settings'), | ||
| canManageSettings: myRole.can('manage', 'account_settings'), | ||
| canManageEngineCrawler: myRole.can('manage', 'engine_crawler'), | ||
| canManageEngineDocuments: myRole.can('manage', 'engine_documents'), | ||
| canManageEngineSynonyms: myRole.can('manage', 'engine_synonyms'), | ||
| canManageEngineCredentials: myRole.can('manage', 'engine_credentials'), | ||
| canManageEngineCurations: myRole.can('manage', 'engine_curations'), | ||
| canManageEngineRelevanceTuning: myRole.can('manage', 'engine_relevance_tuning'), | ||
| canManageEngineResultSettings: myRole.can('manage', 'engine_result_settings'), | ||
| canManageEngineSchema: myRole.can('manage', 'engine_schema'), | ||
| canManageEngineSearchUi: myRole.can('manage', 'engine_reference_ui'), | ||
| canManageMetaEngineSourceEngines: myRole.can('manage', 'meta_engine_source_engines'), | ||
| }; | ||
|
|
||
| return Object.assign(myRole, topLevelProps, abilities); | ||
| }; |
21 changes: 21 additions & 0 deletions
21
...ns/enterprise_search/public/applications/app_search/utils/role/has_scoped_engines.test.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the Elastic License | ||
| * 2.0; you may not use this file except in compliance with the Elastic License | ||
| * 2.0. | ||
| */ | ||
|
|
||
| import { roleHasScopedEngines } from './'; | ||
|
|
||
| describe('roleHasScopedEngines()', () => { | ||
| it('returns false for owner and admin roles', () => { | ||
| expect(roleHasScopedEngines('owner')).toEqual(false); | ||
| expect(roleHasScopedEngines('admin')).toEqual(false); | ||
| }); | ||
|
|
||
| it('returns true for dev, editor, and analyst roles', () => { | ||
| expect(roleHasScopedEngines('dev')).toEqual(true); | ||
| expect(roleHasScopedEngines('editor')).toEqual(true); | ||
| expect(roleHasScopedEngines('analyst')).toEqual(true); | ||
| }); | ||
| }); |
16 changes: 16 additions & 0 deletions
16
...plugins/enterprise_search/public/applications/app_search/utils/role/has_scoped_engines.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the Elastic License | ||
| * 2.0; you may not use this file except in compliance with the Elastic License | ||
| * 2.0. | ||
| */ | ||
|
|
||
| import { RoleTypes } from './types'; | ||
|
|
||
| /** | ||
| * Small utility helper for determining if a given role can have scoped engines | ||
| */ | ||
| export const roleHasScopedEngines = (roleType: RoleTypes): boolean => { | ||
| const unscopedRoles = ['dev', 'editor', 'analyst']; | ||
| return unscopedRoles.includes(roleType); | ||
| }; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
55 changes: 55 additions & 0 deletions
55
x-pack/plugins/enterprise_search/public/applications/app_search/utils/role/types.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,55 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the Elastic License | ||
| * 2.0; you may not use this file except in compliance with the Elastic License | ||
| * 2.0. | ||
| */ | ||
|
|
||
| import { RoleMapping } from '../../../shared/types'; | ||
| import { Engine } from '../../components/engine/types'; | ||
|
|
||
| export type RoleTypes = 'owner' | 'admin' | 'dev' | 'editor' | 'analyst'; | ||
| export type AbilityTypes = 'manage' | 'edit' | 'view'; | ||
|
|
||
| export interface Role { | ||
| id: string; | ||
| roleType: RoleTypes; | ||
| availableRoleTypes: RoleTypes[]; | ||
| credentialTypes: string[]; | ||
| canAccessAllEngines: boolean; | ||
| can(action: AbilityTypes, subject: string): boolean; | ||
| canViewMetaEngines: boolean; | ||
| canViewAccountCredentials: boolean; | ||
| canViewEngineAnalytics: boolean; | ||
| canViewEngineApiLogs: boolean; | ||
| canViewEngineCrawler: boolean; | ||
| canViewEngineCredentials: boolean; | ||
| canViewEngineDocuments: boolean; | ||
| canViewEngineSchema: boolean; | ||
| canViewEngineQueryTester: boolean; | ||
| canViewMetaEngineSourceEngines: boolean; | ||
| canViewSettings: boolean; | ||
| canViewRoleMappings: boolean; | ||
| canManageEngines: boolean; | ||
| canManageMetaEngines: boolean; | ||
| canManageLogSettings: boolean; | ||
| canManageSettings: boolean; | ||
| canManageEngineCrawler: boolean; | ||
| canManageEngineDocuments: boolean; | ||
| canManageEngineSynonyms: boolean; | ||
| canManageEngineCredentials: boolean; | ||
| canManageEngineCurations: boolean; | ||
| canManageEngineRelevanceTuning: boolean; | ||
| canManageEngineResultSettings: boolean; | ||
| canManageEngineSchema: boolean; | ||
| canManageEngineSearchUi: boolean; | ||
| canManageMetaEngineSourceEngines: boolean; | ||
| } | ||
|
|
||
| export interface ASRoleMapping extends RoleMapping { | ||
| accessAllEngines: boolean; | ||
| engines: Engine[]; | ||
| toolTip?: { | ||
| content: string; | ||
| }; | ||
| } |