From 168b74796d81aa47872b3d3c4c080a1bbd6b9d73 Mon Sep 17 00:00:00 2001 From: SuZhou-Joe Date: Wed, 9 Aug 2023 12:07:16 +0800 Subject: [PATCH] feat: update query dsl Signed-off-by: SuZhou-Joe --- .../workspace_saved_objects_client_wrapper.ts | 46 ++++++++++++++++++- 1 file changed, 45 insertions(+), 1 deletion(-) diff --git a/src/core/server/workspaces/saved_objects/workspace_saved_objects_client_wrapper.ts b/src/core/server/workspaces/saved_objects/workspace_saved_objects_client_wrapper.ts index f70f7aa3b0f6..9240f363fc7c 100644 --- a/src/core/server/workspaces/saved_objects/workspace_saved_objects_client_wrapper.ts +++ b/src/core/server/workspaces/saved_objects/workspace_saved_objects_client_wrapper.ts @@ -220,7 +220,51 @@ export class WorkspaceSavedObjectsClientWrapper { throw generateWorkspacePermissionError(); } } else { - options.workspaces = permittedWorkspaceIds; + const queryDSL = ACL.genereateGetPermittedSavedObjectsQueryDSL( + [PermissionMode.Read, PermissionMode.Write], + principals, + options.type + ); + options.workspaces = undefined; + /** + * Select all the docs that + * 1. ACL matches right or write permission OR + * 2. workspaces matches library_read or library_write or management OR + * 3. Records without workspaces field (Advances settings) + */ + options.queryDSL = { + query: { + bool: { + filter: [ + { + bool: { + should: [ + { + bool: { + must_not: { + exists: { + field: 'workspaces', + }, + }, + }, + }, + queryDSL.query, + { + bool: { + should: permittedWorkspaceIds?.map((item) => ({ + terms: { + workspaces: [item], + }, + })), + }, + }, + ], + }, + }, + ], + }, + }, + }; } }