Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[APM] Solution navigation: Restricted permissions to view app should be reflected in the navigation options #101512

Closed
formgeist opened this issue Jun 7, 2021 · 4 comments · Fixed by #101707
Closed

[APM] Solution navigation: Restricted permissions to view app should be reflected in the navigation options #101512

formgeist opened this issue Jun 7, 2021 · 4 comments · Fixed by #101707
Labels
bug Fixes for quality problems that affect the customer experience Project:ObservabilitySolutionNavigation Team:APM - DEPRECATED Use Team:obs-ux-infra_services. v7.14.0

Comments

@formgeist
Copy link
Contributor

formgeist commented Jun 7, 2021
edited
Loading

Summary

Follow-up to #99883

We need to ensure that restricted access to APM through RBAC is reflected in the navigation. E.g. a Space has limited access to the APM app, should not show the APM section in the navigation but reflect the same as in the main Kibana menu where the APM is not available as an option.

This is documented in the component docs https://github.com/elastic/kibana/tree/master/x-pack/plugins/observability/public/components/shared/page_template

Screenshot 2021-06-07 at 19 25 43

cc @sqren
@formgeist formgeist added bug Fixes for quality problems that affect the customer experience Team:APM - DEPRECATED Use Team:obs-ux-infra_services. v7.14.0 Project:ObservabilitySolutionNavigation labels Jun 7, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/apm-ui (Team:apm)

@sorenlouv
Copy link
Member

sorenlouv commented Jun 7, 2021
edited
Loading

Good catch!
@weltenwort Is this something you've thought about? I did see this in the readme:

Solutions are expected to handle their own permissions, and what should or should not be displayed at any time, the Observability plugin will not add and remove items for you.

However, the navigation items are registered during the plugin's setup phase which does not take the user context into account (afair) - so how can we, at the same time, conditionally display the nav to certain users, and not to others?

@weltenwort
Copy link
Member

As with all registrations taking place during setup() which require access to start()-phase information, core.getStartServices() would be the way to go. Since the registration takes an observable it should be easy to do something like the following:

    pluginsSetup.observability.navigation.registerSections(
      from(core.getStartServices()).pipe(
        map(([{ application: { capabilities } }]) =>
          capabilities[myAppId].show
            ? [
                /* sections go here */
              ]
            : []
        )
      )
    );

Does that make sense? Or do you think the nav should somehow be coupled to the capabilities behind the scenes?

@sorenlouv
Copy link
Member

sorenlouv commented Jun 8, 2021
edited
Loading

Does that make sense?

Yes! When I wrote my comment I was of the impression that this was happening on the server. It's obviously happening on the client in which case we'll have access to the end user's capabilities.
Thanks!

@sorenlouv sorenlouv mentioned this issue Jun 9, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Fixes for quality problems that affect the customer experience Project:ObservabilitySolutionNavigation Team:APM - DEPRECATED Use Team:obs-ux-infra_services. v7.14.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[APM] Only register items in side nav if user has permissions to see app sorenlouv/kibana
4 participants
@sorenlouv @weltenwort @formgeist @elasticmachine