Skip to content

Commit

Permalink
feat: add ACLSearchParams consumer in repository (#3)
Browse files Browse the repository at this point in the history
Signed-off-by: SuZhou-Joe <suzhou@amazon.com>
  • Loading branch information
SuZhou-Joe authored and wanglam committed Mar 5, 2024
1 parent 1e3c1b8 commit 48fea51
Show file tree
Hide file tree
Showing 4 changed files with 114 additions and 1 deletion.
2 changes: 2 additions & 0 deletions src/core/server/saved_objects/service/lib/repository.ts
Original file line number Diff line number Diff line change
Expand Up @@ -823,6 +823,7 @@ export class SavedObjectsRepository {
filter,
preference,
workspaces,
ACLSearchParams,
} = options;

if (!type && !typeToNamespacesMap) {
Expand Down Expand Up @@ -897,6 +898,7 @@ export class SavedObjectsRepository {
hasReference,
kueryNode,
workspaces,
ACLSearchParams,
}),
},
};
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -646,6 +646,79 @@ describe('#getQueryParams', () => {
});
});
});

describe('when using ACLSearchParams search', () => {
it('no ACLSearchParams provided', () => {
const result: Result = getQueryParams({
registry,
ACLSearchParams: {},
});
expect(result.query.bool.filter[1]).toEqual(undefined);
});

it('workspaces provided in ACLSearchParams', () => {
const result: Result = getQueryParams({
registry,
ACLSearchParams: {
workspaces: ['foo'],
},
});
expect(result.query.bool.filter[1]).toEqual({
bool: { should: [{ terms: { workspaces: ['foo'] } }] },
});
});

it('principals and permissionModes provided in ACLSearchParams', () => {
const result: Result = getQueryParams({
registry,
ACLSearchParams: {
principals: {
users: ['user-foo'],
groups: ['group-foo'],
},
permissionModes: ['read'],
},
});
expect(result.query.bool.filter[1]).toEqual({
bool: {
should: [
{
bool: {
filter: [
{
bool: {
should: [
{
terms: {
'permissions.read.users': ['user-foo'],
},
},
{
term: {
'permissions.read.users': '*',
},
},
{
terms: {
'permissions.read.groups': ['group-foo'],
},
},
{
term: {
'permissions.read.groups': '*',
},
},
],
},
},
],
},
},
],
},
});
});
});
});

describe('namespaces property', () => {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,8 @@ type KueryNode = any;

import { ISavedObjectTypeRegistry } from '../../../saved_objects_type_registry';
import { ALL_NAMESPACES_STRING, DEFAULT_NAMESPACE_STRING } from '../utils';
import { SavedObjectsFindOptions } from '../../../types';
import { ACL } from '../../../permission_control/acl';

/**
* Gets the types based on the type. Uses mappings to support
Expand Down Expand Up @@ -166,6 +168,7 @@ interface QueryParams {
hasReference?: HasReferenceQueryParams;
kueryNode?: KueryNode;
workspaces?: string[];
ACLSearchParams?: SavedObjectsFindOptions['ACLSearchParams'];
}

export function getClauseForReference(reference: HasReferenceQueryParams) {
Expand Down Expand Up @@ -223,6 +226,7 @@ export function getQueryParams({
hasReference,
kueryNode,
workspaces,
ACLSearchParams,
}: QueryParams) {
const types = getTypes(
registry,
Expand Down Expand Up @@ -279,7 +283,38 @@ export function getQueryParams({
}
}

return { query: { bool } };
const result = { query: { bool } };

if (ACLSearchParams) {
const shouldClause: any = [];
if (ACLSearchParams.permissionModes && ACLSearchParams.principals) {
const permissionDSL = ACL.generateGetPermittedSavedObjectsQueryDSL(
ACLSearchParams.permissionModes,
ACLSearchParams.principals
);
shouldClause.push(permissionDSL.query);
}

if (ACLSearchParams.workspaces) {
shouldClause.push({
terms: {
workspaces: ACLSearchParams.workspaces,
},
});
}

if (shouldClause.length) {
bool.filter.push({
bool: {
should: shouldClause,
},
});
}

return result;
}

return result;
}

// we only want to add match_phrase_prefix clauses
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ import { IndexMapping } from '../../../mappings';
import { getQueryParams } from './query_params';
import { getSortingParams } from './sorting_params';
import { ISavedObjectTypeRegistry } from '../../../saved_objects_type_registry';
import { SavedObjectsFindOptions } from '../../../types';

type KueryNode = any;

Expand All @@ -53,6 +54,7 @@ interface GetSearchDslOptions {
};
kueryNode?: KueryNode;
workspaces?: string[];
ACLSearchParams?: SavedObjectsFindOptions['ACLSearchParams'];
}

export function getSearchDsl(
Expand Down Expand Up @@ -96,6 +98,7 @@ export function getSearchDsl(
hasReference,
kueryNode,
workspaces,
ACLSearchParams,
}),
...getSortingParams(mappings, type, sortField, sortOrder),
};
Expand Down

0 comments on commit 48fea51

Please sign in to comment.