From d03934cb1b09aa6a6698a732eec60ad7f3fc1911 Mon Sep 17 00:00:00 2001 From: Lin Wang Date: Wed, 9 Aug 2023 10:49:31 +0800 Subject: [PATCH] write permisions outside instead of workspace attributes Signed-off-by: Lin Wang --- .../public/workspace/workspaces_client.ts | 4 +-- .../saved_objects/serialization/serializer.ts | 5 +++- .../saved_objects/serialization/types.ts | 1 + .../saved_objects/service/lib/repository.ts | 8 ++++-- .../service/saved_objects_client.ts | 6 +++++ src/core/server/workspaces/index.ts | 6 ++++- src/core/server/workspaces/types.ts | 14 +++++++--- .../server/workspaces/workspaces_client.ts | 26 ++++++++++++------- 8 files changed, 51 insertions(+), 19 deletions(-) diff --git a/src/core/public/workspace/workspaces_client.ts b/src/core/public/workspace/workspaces_client.ts index 92773712ec09..46ca139d9551 100644 --- a/src/core/public/workspace/workspaces_client.ts +++ b/src/core/public/workspace/workspaces_client.ts @@ -192,7 +192,7 @@ export class WorkspacesClient { * @returns */ public async create( - attributes: Omit & { + attributes: Omit & { permissions: WorkspaceRoutePermissionItem[]; } ): Promise> { @@ -280,7 +280,7 @@ export class WorkspacesClient { public async update( id: string, attributes: Partial< - Omit & { + WorkspaceAttribute & { permissions: WorkspaceRoutePermissionItem[]; } > diff --git a/src/core/server/saved_objects/serialization/serializer.ts b/src/core/server/saved_objects/serialization/serializer.ts index 5c3e22ac646a..492379068cdb 100644 --- a/src/core/server/saved_objects/serialization/serializer.ts +++ b/src/core/server/saved_objects/serialization/serializer.ts @@ -73,7 +73,7 @@ export class SavedObjectsSerializer { */ public rawToSavedObject(doc: SavedObjectsRawDoc): SavedObjectSanitizedDoc { const { _id, _source, _seq_no, _primary_term } = doc; - const { type, namespace, namespaces, originId, workspaces } = _source; + const { type, namespace, namespaces, originId, workspaces, permissions } = _source; const version = _seq_no != null || _primary_term != null @@ -92,6 +92,7 @@ export class SavedObjectsSerializer { ...(_source.updated_at && { updated_at: _source.updated_at }), ...(version && { version }), ...(workspaces && { workspaces }), + ...(permissions && { permissions }), }; } @@ -114,6 +115,7 @@ export class SavedObjectsSerializer { version, references, workspaces, + permissions, } = savedObj; const source = { [type]: attributes, @@ -125,6 +127,7 @@ export class SavedObjectsSerializer { ...(migrationVersion && { migrationVersion }), ...(updated_at && { updated_at }), ...(workspaces && { workspaces }), + ...(permissions && { permissions }), }; return { diff --git a/src/core/server/saved_objects/serialization/types.ts b/src/core/server/saved_objects/serialization/types.ts index 360cdc6b3a62..fee9f503dceb 100644 --- a/src/core/server/saved_objects/serialization/types.ts +++ b/src/core/server/saved_objects/serialization/types.ts @@ -73,6 +73,7 @@ interface SavedObjectDoc { updated_at?: string; originId?: string; workspaces?: string[]; + permissions?: Permissions; } interface Referencable { diff --git a/src/core/server/saved_objects/service/lib/repository.ts b/src/core/server/saved_objects/service/lib/repository.ts index 7b033b8e0211..0fd6efd2675f 100644 --- a/src/core/server/saved_objects/service/lib/repository.ts +++ b/src/core/server/saved_objects/service/lib/repository.ts @@ -249,6 +249,7 @@ export class SavedObjectsRepository { initialNamespaces, version, workspaces, + permissions, } = options; const namespace = normalizeNamespace(options.namespace); @@ -310,6 +311,7 @@ export class SavedObjectsRepository { updated_at: time, ...(Array.isArray(references) && { references }), ...(Array.isArray(savedObjectWorkspaces) && { workspaces: savedObjectWorkspaces }), + ...(permissions && { permissions }), }); const raw = this._serializer.savedObjectToRaw(migrated as SavedObjectSanitizedDoc); @@ -1012,7 +1014,7 @@ export class SavedObjectsRepository { throw SavedObjectsErrorHelpers.createGenericNotFoundError(type, id); } - const { originId, updated_at: updatedAt, workspaces } = body._source; + const { originId, updated_at: updatedAt, workspaces, permissions } = body._source; let namespaces: string[] = []; if (!this._registry.isNamespaceAgnostic(type)) { @@ -1028,6 +1030,7 @@ export class SavedObjectsRepository { ...(originId && { originId }), ...(updatedAt && { updated_at: updatedAt }), ...(workspaces && { workspaces }), + ...(permissions && { permissions }), version: encodeHitVersion(body), attributes: body._source[type], references: body._source.references || [], @@ -1056,7 +1059,7 @@ export class SavedObjectsRepository { throw SavedObjectsErrorHelpers.createGenericNotFoundError(type, id); } - const { version, references, refresh = DEFAULT_REFRESH_SETTING } = options; + const { version, references, refresh = DEFAULT_REFRESH_SETTING, permissions } = options; const namespace = normalizeNamespace(options.namespace); let preflightResult: SavedObjectsRawDoc | undefined; @@ -1070,6 +1073,7 @@ export class SavedObjectsRepository { [type]: attributes, updated_at: time, ...(Array.isArray(references) && { references }), + ...(permissions && { permissions }), }; const { body, statusCode } = await this.client.update( diff --git a/src/core/server/saved_objects/service/saved_objects_client.ts b/src/core/server/saved_objects/service/saved_objects_client.ts index 119aea8b2743..ff37d3e45537 100644 --- a/src/core/server/saved_objects/service/saved_objects_client.ts +++ b/src/core/server/saved_objects/service/saved_objects_client.ts @@ -28,6 +28,8 @@ * under the License. */ +import { Permissions } from '../permission_control/acl'; + import { ISavedObjectsRepository } from './lib'; import { SavedObject, @@ -68,6 +70,8 @@ export interface SavedObjectsCreateOptions extends SavedObjectsBaseOptions { * Note: this can only be used for multi-namespace object types. */ initialNamespaces?: string[]; + /** permission control describe by ACL object */ + permissions?: Permissions; } /** @@ -182,6 +186,8 @@ export interface SavedObjectsUpdateOptions extends SavedObjectsBaseOptions { references?: SavedObjectReference[]; /** The OpenSearch Refresh setting for this operation */ refresh?: MutatingOperationRefreshSetting; + /** permission control describe by ACL object */ + permissions?: Permissions; } /** diff --git a/src/core/server/workspaces/index.ts b/src/core/server/workspaces/index.ts index 6a312f00484d..cbebde2237f7 100644 --- a/src/core/server/workspaces/index.ts +++ b/src/core/server/workspaces/index.ts @@ -10,7 +10,11 @@ export { InternalWorkspacesServiceStart, } from './workspaces_service'; -export { WorkspaceAttribute, WorkspaceFindOptions } from './types'; +export { + WorkspaceAttribute, + WorkspaceFindOptions, + WorkspaceAttributeWithPermission, +} from './types'; export { workspacesValidator, formatWorkspaces } from './utils'; export { WORKSPACE_TYPE } from './constants'; diff --git a/src/core/server/workspaces/types.ts b/src/core/server/workspaces/types.ts index 17b0776d07e6..1a1ae8583639 100644 --- a/src/core/server/workspaces/types.ts +++ b/src/core/server/workspaces/types.ts @@ -22,6 +22,9 @@ export interface WorkspaceAttribute { color?: string; icon?: string; defaultVISTheme?: string; +} + +export interface WorkspaceAttributeWithPermission extends WorkspaceAttribute { permissions: Permissions; } @@ -44,7 +47,7 @@ export interface IWorkspaceDBImpl { setup(dep: WorkspacesSetupDeps): Promise>; create( requestDetail: IRequestDetail, - payload: Omit + payload: Omit ): Promise>; list( requestDetail: IRequestDetail, @@ -52,15 +55,18 @@ export interface IWorkspaceDBImpl { ): Promise< IResponse< { - workspaces: WorkspaceAttribute[]; + workspaces: WorkspaceAttributeWithPermission[]; } & Pick > >; - get(requestDetail: IRequestDetail, id: string): Promise>; + get( + requestDetail: IRequestDetail, + id: string + ): Promise>; update( requestDetail: IRequestDetail, id: string, - payload: Omit + payload: Omit ): Promise>; delete(requestDetail: IRequestDetail, id: string): Promise>; destroy(): Promise>; diff --git a/src/core/server/workspaces/workspaces_client.ts b/src/core/server/workspaces/workspaces_client.ts index 7d4fdc858143..698c80c1488a 100644 --- a/src/core/server/workspaces/workspaces_client.ts +++ b/src/core/server/workspaces/workspaces_client.ts @@ -9,6 +9,7 @@ import { WorkspaceFindOptions, IResponse, IRequestDetail, + WorkspaceAttributeWithPermission, } from './types'; import { WorkspacesSetupDeps } from './workspaces_service'; import { workspace } from './saved_objects'; @@ -24,11 +25,12 @@ export class WorkspacesClientWithSavedObject implements IWorkspaceDBImpl { ): SavedObjectsClientContract { return requestDetail.context.core.savedObjects.client; } - private getFlatternedResultWithSavedObject( + private getFlattenedResultWithSavedObject( savedObject: SavedObject - ): WorkspaceAttribute { + ): WorkspaceAttributeWithPermission { return { ...savedObject.attributes, + permissions: savedObject.permissions || {}, id: savedObject.id, }; } @@ -44,12 +46,15 @@ export class WorkspacesClientWithSavedObject implements IWorkspaceDBImpl { } public async create( requestDetail: IRequestDetail, - payload: Omit + payload: Omit ): ReturnType { try { + const { permissions, ...attributes } = payload; const result = await this.getSavedObjectClientsFromRequestDetail(requestDetail).create< Omit - >(WORKSPACE_TYPE, payload); + >(WORKSPACE_TYPE, attributes, { + permissions, + }); return { success: true, result: { @@ -81,7 +86,7 @@ export class WorkspacesClientWithSavedObject implements IWorkspaceDBImpl { success: true, result: { ...others, - workspaces: savedObjects.map((item) => this.getFlatternedResultWithSavedObject(item)), + workspaces: savedObjects.map((item) => this.getFlattenedResultWithSavedObject(item)), }, }; } catch (e: unknown) { @@ -94,14 +99,14 @@ export class WorkspacesClientWithSavedObject implements IWorkspaceDBImpl { public async get( requestDetail: IRequestDetail, id: string - ): Promise> { + ): Promise> { try { const result = await this.getSavedObjectClientsFromRequestDetail(requestDetail).get< WorkspaceAttribute >(WORKSPACE_TYPE, id); return { success: true, - result: this.getFlatternedResultWithSavedObject(result), + result: this.getFlattenedResultWithSavedObject(result), }; } catch (e: unknown) { return { @@ -113,12 +118,15 @@ export class WorkspacesClientWithSavedObject implements IWorkspaceDBImpl { public async update( requestDetail: IRequestDetail, id: string, - payload: Omit + payload: Omit ): Promise> { + const { permissions, ...attributes } = payload; try { await this.getSavedObjectClientsFromRequestDetail(requestDetail).update< Omit - >(WORKSPACE_TYPE, id, payload); + >(WORKSPACE_TYPE, id, attributes, { + permissions, + }); return { success: true, result: true,