[SECURITY SOLUTION] [CASES] Allow cases to be there when security solutions privileges is none

packages/kbn-optimizer/limits.yml

@@ -94,7 +94,7 @@ pageLoadAssetSize:
   expressionShape: 34008
   interactiveSetup: 80000
   expressionTagcloud: 27505
-  securitySolution: 231753
+  securitySolution: 273763
   customIntegrations: 28810
   expressionMetricVis: 23121
   visTypeMetric: 23332

src/plugins/kibana_usage_collection/server/collectors/application_usage/schema.ts

@@ -156,7 +156,7 @@ export const applicationUsageSchema = {
   security_login: commonSchema,
   security_logout: commonSchema,
   security_overwritten_session: commonSchema,
-  securitySolution: commonSchema,
+  securitySolutionUI: commonSchema,
   siem: commonSchema,
   space_selector: commonSchema,
   uptime: commonSchema,

src/plugins/telemetry/schema/oss_plugins.json

@@ -5018,7 +5018,7 @@
             }
           }
         },
-        "securitySolution": {
+        "securitySolutionUI": {
           "properties": {
             "appId": {
               "type": "keyword",

x-pack/plugins/security_solution/common/constants.ts

@@ -12,6 +12,7 @@ import { ENABLE_CASE_CONNECTOR } from '../../cases/common';
 import { METADATA_TRANSFORMS_PATTERN } from './endpoint/constants';
 
 export const APP_ID = 'securitySolution';
+export const APP_UI_ID = 'securitySolutionUI';
 export const CASES_FEATURE_ID = 'securitySolutionCases';
 export const SERVER_APP_ID = 'siem';
 export const APP_NAME = 'Security';

x-pack/plugins/security_solution/public/app/deep_links/index.test.ts

@@ -8,7 +8,7 @@ import { getDeepLinks, PREMIUM_DEEP_LINK_IDS } from '.';
 import { AppDeepLink, Capabilities } from '../../../../../../src/core/public';
 import { SecurityPageName } from '../types';
 import { mockGlobalState } from '../../common/mock';
-import { CASES_FEATURE_ID } from '../../../common/constants';
+import { CASES_FEATURE_ID, SERVER_APP_ID } from '../../../common/constants';
 
 const findDeepLink = (id: string, deepLinks: AppDeepLink[]): AppDeepLink | null =>
   deepLinks.reduce((deepLinkFound: AppDeepLink | null, deepLink) => {
@@ -24,10 +24,11 @@ const findDeepLink = (id: string, deepLinks: AppDeepLink[]): AppDeepLink | null
     return null;
   }, null);
 
+const basicLicense = 'basic';
+const platinumLicense = 'platinum';
+
 describe('deepLinks', () => {
   it('should return a subset of links for basic license and the full set for platinum', () => {
-    const basicLicense = 'basic';
-    const platinumLicense = 'platinum';
     const basicLinks = getDeepLinks(mockGlobalState.app.enableExperimental, basicLicense);
     const platinumLinks = getDeepLinks(mockGlobalState.app.enableExperimental, platinumLicense);
 
@@ -57,44 +58,58 @@ describe('deepLinks', () => {
   });
 
   it('should return case links for basic license with only read_cases capabilities', () => {
-    const basicLicense = 'basic';
     const basicLinks = getDeepLinks(mockGlobalState.app.enableExperimental, basicLicense, {
       [CASES_FEATURE_ID]: { read_cases: true, crud_cases: false },
+      [SERVER_APP_ID]: { show: true },
     } as unknown as Capabilities);
-
     expect(findDeepLink(SecurityPageName.case, basicLinks)).toBeTruthy();
   });
 
   it('should return case links with NO deepLinks for basic license with only read_cases capabilities', () => {
-    const basicLicense = 'basic';
     const basicLinks = getDeepLinks(mockGlobalState.app.enableExperimental, basicLicense, {
       [CASES_FEATURE_ID]: { read_cases: true, crud_cases: false },
+      [SERVER_APP_ID]: { show: true },
     } as unknown as Capabilities);
     expect(findDeepLink(SecurityPageName.case, basicLinks)?.deepLinks?.length === 0).toBeTruthy();
   });
 
   it('should return case links with deepLinks for basic license with crud_cases capabilities', () => {
-    const basicLicense = 'basic';
     const basicLinks = getDeepLinks(mockGlobalState.app.enableExperimental, basicLicense, {
       [CASES_FEATURE_ID]: { read_cases: true, crud_cases: true },
+      [SERVER_APP_ID]: { show: true },
     } as unknown as Capabilities);
 
     expect(
       (findDeepLink(SecurityPageName.case, basicLinks)?.deepLinks?.length ?? 0) > 0
     ).toBeTruthy();
   });
 
+  it('should return case links with deepLinks for basic license with crud_cases capabilities and security disabled', () => {
+    const basicLinks = getDeepLinks(mockGlobalState.app.enableExperimental, platinumLicense, {
+      [CASES_FEATURE_ID]: { read_cases: true, crud_cases: true },
+      [SERVER_APP_ID]: { show: false },
+    } as unknown as Capabilities);
+    expect(findDeepLink(SecurityPageName.case, basicLinks)).toBeTruthy();
+  });
+
   it('should return NO case links for basic license with NO read_cases capabilities', () => {
-    const basicLicense = 'basic';
     const basicLinks = getDeepLinks(mockGlobalState.app.enableExperimental, basicLicense, {
       [CASES_FEATURE_ID]: { read_cases: false, crud_cases: false },
+      [SERVER_APP_ID]: { show: true },
     } as unknown as Capabilities);
-
     expect(findDeepLink(SecurityPageName.case, basicLinks)).toBeFalsy();
   });
 
+  it('should return empty links for any license', () => {
+    const emptyDeepLinks = getDeepLinks(
+      mockGlobalState.app.enableExperimental,
+      basicLicense,
+      {} as unknown as Capabilities
+    );
+    expect(emptyDeepLinks.length).toBe(0);
+  });
+
   it('should return case links for basic license with undefined capabilities', () => {
-    const basicLicense = 'basic';
     const basicLinks = getDeepLinks(
       mockGlobalState.app.enableExperimental,
       basicLicense,
@@ -105,7 +120,6 @@ describe('deepLinks', () => {
   });
 
   it('should return case deepLinks for basic license with undefined capabilities', () => {
-    const basicLicense = 'basic';
     const basicLinks = getDeepLinks(
       mockGlobalState.app.enableExperimental,
       basicLicense,

x-pack/plugins/security_solution/public/app/deep_links/index.ts

@@ -6,16 +6,11 @@
  */
 
 import { i18n } from '@kbn/i18n';
-import { Subject } from 'rxjs';
 
+import { isEmpty } from 'lodash';
 import { LicenseType } from '../../../../licensing/common/types';
 import { SecurityPageName } from '../types';
-import {
-  AppDeepLink,
-  ApplicationStart,
-  AppNavLinkStatus,
-  AppUpdater,
-} from '../../../../../../src/core/public';
+import { AppDeepLink, ApplicationStart, AppNavLinkStatus } from '../../../../../../src/core/public';
 import {
   OVERVIEW,
   DETECT,
@@ -50,6 +45,7 @@ import {
   UEBA_PATH,
   CASES_FEATURE_ID,
   HOST_ISOLATION_EXCEPTIONS_PATH,
+  SERVER_APP_ID,
 } from '../../../common/constants';
 import { ExperimentalFeatures } from '../../../common/experimental_features';
 
@@ -356,25 +352,18 @@ export function getDeepLinks(
 ): AppDeepLink[] {
   const isPremium = isPremiumLicense(licenseType);
 
+  /**
+   * Recursive DFS function to filter deepLinks by permissions (licence and capabilities).
+   * Checks "end" deepLinks with no children first, the other parent deepLinks will be included if
+   * they still have children deepLinks after filtering
+   */
   const filterDeepLinks = (deepLinks: AppDeepLink[]): AppDeepLink[] => {
     return deepLinks
-      .filter((deepLink) => {
-        if (!isPremium && PREMIUM_DEEP_LINK_IDS.has(deepLink.id)) {
-          return false;
-        }
-        if (deepLink.id === SecurityPageName.case) {
-          return capabilities == null || capabilities[CASES_FEATURE_ID].read_cases === true;
-        }
-        if (deepLink.id === SecurityPageName.ueba) {
-          return enableExperimental.uebaEnabled;
-        }
-        return true;
-      })
       .map((deepLink) => {
         if (
           deepLink.id === SecurityPageName.case &&
           capabilities != null &&
-          capabilities[CASES_FEATURE_ID].crud_cases === false
+          capabilities[CASES_FEATURE_ID]?.crud_cases === false
         ) {
           return {
             ...deepLink,
@@ -388,6 +377,21 @@ export function getDeepLinks(
           };
         }
         return deepLink;
+      })
+      .filter((deepLink) => {
+        if (!isPremium && PREMIUM_DEEP_LINK_IDS.has(deepLink.id)) {
+          return false;
+        }
+        if (deepLink.path && deepLink.path.startsWith(CASES_PATH)) {
+          return capabilities == null || capabilities[CASES_FEATURE_ID]?.read_cases === true;
+        }
+        if (deepLink.id === SecurityPageName.ueba) {
+          return enableExperimental.uebaEnabled;
+        }
+        if (!isEmpty(deepLink.deepLinks)) {
+          return true;
+        }
+        return capabilities == null || capabilities[SERVER_APP_ID]?.show === true;
       });
   };
 
@@ -402,18 +406,3 @@ export function isPremiumLicense(licenseType?: LicenseType): boolean {
     licenseType === 'trial'
   );
 }
-
-export function updateGlobalNavigation({
-  capabilities,
-  updater$,
-  enableExperimental,
-}: {
-  capabilities: ApplicationStart['capabilities'];
-  updater$: Subject<AppUpdater>;
-  enableExperimental: ExperimentalFeatures;
-}) {
-  updater$.next(() => ({
-    navLinkStatus: AppNavLinkStatus.hidden, // needed to prevent showing main nav link
-    deepLinks: getDeepLinks(enableExperimental, undefined, capabilities),
-  }));
-}

x-pack/plugins/security_solution/public/app/home/template_wrapper/index.tsx

@@ -78,8 +78,12 @@ export const SecuritySolutionTemplateWrapper: React.FC<SecuritySolutionPageWrapp
     const showEmptyState = useShowPagesWithEmptyView();
     const emptyStateProps = showEmptyState ? NO_DATA_PAGE_TEMPLATE_PROPS : {};
 
-    // StyledKibanaPageTemplate is a styled EuiPageTemplate. Security solution currently passes the header and page content as the children of StyledKibanaPageTemplate, as opposed to using the pageHeader prop, which may account for any style discrepancies, such as the bottom border not extending the full width of the page, between EuiPageTemplate and the security solution pages.
-
+    /*
+     * StyledKibanaPageTemplate is a styled EuiPageTemplate. Security solution currently passes the header
+     * and page content as the children of StyledKibanaPageTemplate, as opposed to using the pageHeader prop,
+     * which may account for any style discrepancies, such as the bottom border not extending the full width of the page,
+     * between EuiPageTemplate and the security solution pages.
+     */
     return (
       <StyledKibanaPageTemplate
         $isTimelineBottomBarVisible={isTimelineBottomBarVisible}

x-pack/plugins/security_solution/public/app/index.tsx

@@ -7,8 +7,7 @@
 
 import React from 'react';
 import { render, unmountComponentAtNode } from 'react-dom';
-import { Redirect, Route, Switch } from 'react-router-dom';
-import { OVERVIEW_PATH } from '../../common/constants';
+import { Route, Switch } from 'react-router-dom';
 
 import { NotFoundPage } from './404';
 import { SecurityApp } from './app';
@@ -22,7 +21,7 @@ export const renderApp = ({
   services,
   store,
   usageCollection,
-  subPlugins,
+  subPluginRoutes,
 }: RenderAppProps): (() => void) => {
   const ApplicationUsageTrackingProvider =
     usageCollection?.components.ApplicationUsageTrackingProvider ?? React.Fragment;
@@ -36,25 +35,9 @@ export const renderApp = ({
     >
       <ApplicationUsageTrackingProvider>
         <Switch>
-          {[
-            ...subPlugins.overview.routes,
-            ...subPlugins.alerts.routes,
-            ...subPlugins.rules.routes,
-            ...subPlugins.exceptions.routes,
-            ...subPlugins.hosts.routes,
-            ...subPlugins.network.routes,
-            // will be undefined if enabledExperimental.uebaEnabled === false
-            ...(subPlugins.ueba != null ? subPlugins.ueba.routes : []),
-            ...subPlugins.timelines.routes,
-            ...subPlugins.cases.routes,
-            ...subPlugins.management.routes,
-          ].map((route, index) => (
-            <Route key={`route-${index}`} {...route} />
-          ))}
-
-          <Route path="" exact>
-            <Redirect to={OVERVIEW_PATH} />
-          </Route>
+          {subPluginRoutes.map((route, index) => {
+            return <Route key={`route-${index}`} {...route} />;
+          })}
           <Route>
             <NotFoundPage />
           </Route>

x-pack/plugins/security_solution/public/app/no_privileges.tsx

@@ -0,0 +1,47 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { useMemo } from 'react';
+
+import { EuiPageTemplate } from '@elastic/eui';
+import { SecuritySolutionPageWrapper } from '../common/components/page_wrapper';
+import { EmptyPage } from '../common/components/empty_page';
+import { useKibana } from '../common/lib/kibana';
+import * as i18n from './translations';
+
+interface NoPrivilegesPageProps {
+  subPluginKey: string;
+}
+
+export const NoPrivilegesPage = React.memo<NoPrivilegesPageProps>(({ subPluginKey }) => {
+  const { docLinks } = useKibana().services;
+  const emptyPageActions = useMemo(
+    () => ({
+      feature: {
+        icon: 'documents',
+        label: i18n.GO_TO_DOCUMENTATION,
+        url: `${docLinks.links.siem.privileges}`,
+        target: '_blank',
+      },
+    }),
+    [docLinks]
+  );
+  return (
+    <SecuritySolutionPageWrapper>
+      <EuiPageTemplate template="centeredContent">
+        <EmptyPage
+          actions={emptyPageActions}
+          message={i18n.NO_PERMISSIONS_MSG(subPluginKey)}
+          data-test-subj="no_feature_permissions-alerts"
+          title={i18n.NO_PERMISSIONS_TITLE}
+        />
+      </EuiPageTemplate>
+    </SecuritySolutionPageWrapper>
+  );
+});
+
+NoPrivilegesPage.displayName = 'NoPrivilegePage';

x-pack/plugins/security_solution/public/app/translations.ts

@@ -80,3 +80,21 @@ export const INVESTIGATE = i18n.translate('xpack.securitySolution.navigation.inv
 export const MANAGE = i18n.translate('xpack.securitySolution.navigation.manage', {
   defaultMessage: 'Manage',
 });
+
+export const GO_TO_DOCUMENTATION = i18n.translate(
+  'xpack.securitySolution.goToDocumentationButton',
+  {
+    defaultMessage: 'View documentation',
+  }
+);
+
+export const NO_PERMISSIONS_MSG = (subPluginKey: string) =>
+  i18n.translate('xpack.securitySolution.noPermissionsMessage', {
+    values: { subPluginKey },
+    defaultMessage:
+      'To view {subPluginKey}, you must update privileges. For more information, contact your Kibana administrator.',
+  });
+
+export const NO_PERMISSIONS_TITLE = i18n.translate('xpack.securitySolution.noPermissionsTitle', {
+  defaultMessage: 'Privileges required',
+});

x-pack/plugins/security_solution/public/app/types.ts

@@ -18,15 +18,15 @@ import {
 import { RouteProps } from 'react-router-dom';
 import { AppMountParameters } from '../../../../../src/core/public';
 import { UsageCollectionSetup } from '../../../../../src/plugins/usage_collection/public';
-import { StartedSubPlugins, StartServices } from '../types';
+import { StartServices } from '../types';
 
 /**
  * The React properties used to render `SecurityApp` as well as the `element` to render it into.
  */
 export interface RenderAppProps extends AppMountParameters {
   services: StartServices;
   store: Store<State, Action>;
-  subPlugins: StartedSubPlugins;
+  subPluginRoutes: RouteProps[];
   usageCollection?: UsageCollectionSetup;
 }