Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fixes security plugin capabilities switcher to handle opt-out and def…
…ault behaviors (#154098) Closes #153817 ## Summary This PR implements logical checks within the security plugin's capabilities switcher to account for features that opt out of the Kibana security model (e.g. Enterprise Search features). It also more explicitly handles default cases (when a feature is neither a Kibana or ES feature), exclusions (features handled exclusively by other plugins), and the catalogue feature (we now qualify each catalogue feature capability). In these cases (opt-out, default, exclusion, etc.), the capabilities switcher will ignore the capability and neither enable nor disable it (see detailed list below). We are now effectively ignoring only these: - `spaces` feature ID (handled by spaces plugin capabilities switcher) - `fileUpload` feature ID (handled by file_upload plugin capabilities switcher) - `catalogue` capabilities that are not 'spaces' and are not referenced by at least one Kibana or ES feature - `navLinks` that are not referenced by at least one Kibana feature - Anything that is not a global settings, management, catalogue, nav link, Kibana, or ES feature On the flip side we always affect everything under the `management` feature. This PR _should_ unblock the ability to implement parallel execution of capabilities switchers, #152982. ### Related Tests - x-pack/plugins/security/server/authorization/disable_ui_capabilities.test.ts - x-pack/test/ui_capabilities/security_and_spaces/config.ts - x-pack/test/functional/apps/home/config.ts --------- Co-authored-by: kibanamachine <[email protected]>
- Loading branch information