-
Notifications
You must be signed in to change notification settings - Fork 8.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Security Solution][Bug] Add privilege check in open timeline (#147964)
## Summary This PR contains fixe for #147544. On Timelines page, a Kibana read-only user was able to see and click on options to create and duplicate timelines. This PR fixes this bug by checking user privilege (have crud access) before showing timeline actions. ## After: User with read only access to kibana security solutions can: 1) select timelines 2) export timelines 3) export timelines in bulk User with crud access to kibana security solutions can: 1) select timelines 2) have the options to modify timelines as before 3) bulk actions include delete timelines and export timelines 4) see and click on 'import', ' Create new timeline', 'Create new timeline template' buttons ### User with read access but not crud access - Have access to export ('Export selected'), cannot see 'Create new timeline' buttons ![image](https://user-images.githubusercontent.com/18648970/209210913-0554bc4c-5c8e-45ae-8e27-54a7e33e3f8e.png) - 'Export selected' in bulk actions ![image](https://user-images.githubusercontent.com/18648970/209210992-f102d8d4-479f-4d0a-84c2-125cc754c5ce.png) ![image](https://user-images.githubusercontent.com/18648970/209021998-fbe0b63d-8dfd-4098-9774-7423899a45e1.png) ### User with full access ![image](https://user-images.githubusercontent.com/18648970/209209755-b5e5ce2b-0af9-42c6-b1cc-64a2675bf19d.png) - 'Export selected' and 'Delete selected' available in bulk actions dropdown ![image](https://user-images.githubusercontent.com/18648970/210408773-0fc5b100-0f57-4526-9c8f-0aba1f1d0e76.png) ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios Co-authored-by: Kibana Machine <[email protected]>
- Loading branch information
1 parent
ed840b5
commit 3abf705
Showing
7 changed files
with
188 additions
and
70 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.