From e80805173b9461e02ce6638142fec8d7b11d4879 Mon Sep 17 00:00:00 2001 From: yubonluo Date: Wed, 3 Jul 2024 13:52:53 +0800 Subject: [PATCH 1/8] Delete the virtual global workspace Signed-off-by: yubonluo --- src/core/public/index.ts | 2 - src/core/server/index.ts | 7 +- src/core/utils/constants.ts | 12 ---- src/core/utils/index.ts | 7 +- .../saved_objects_table.test.tsx | 19 +++-- .../objects_table/saved_objects_table.tsx | 15 +--- .../server/routes/scroll_count.ts | 3 +- src/plugins/workspace/server/plugin.ts | 2 +- .../workspace_id_consumer_wrapper.test.ts | 70 ++----------------- .../workspace_id_consumer_wrapper.ts | 21 +----- 10 files changed, 23 insertions(+), 135 deletions(-) diff --git a/src/core/public/index.ts b/src/core/public/index.ts index a60c81e97ec8..ae27aeea72da 100644 --- a/src/core/public/index.ts +++ b/src/core/public/index.ts @@ -102,8 +102,6 @@ export { DEFAULT_APP_CATEGORIES, WORKSPACE_TYPE, cleanWorkspaceId, - PUBLIC_WORKSPACE_ID, - PUBLIC_WORKSPACE_NAME, DEFAULT_NAV_GROUPS, } from '../utils'; export { diff --git a/src/core/server/index.ts b/src/core/server/index.ts index 0a5ea20fb964..66d856642e32 100644 --- a/src/core/server/index.ts +++ b/src/core/server/index.ts @@ -357,12 +357,7 @@ export { } from './metrics'; export { AppCategory, WorkspaceAttribute } from '../types'; -export { - DEFAULT_APP_CATEGORIES, - PUBLIC_WORKSPACE_ID, - PUBLIC_WORKSPACE_NAME, - WORKSPACE_TYPE, -} from '../utils'; +export { DEFAULT_APP_CATEGORIES, WORKSPACE_TYPE } from '../utils'; export { SavedObject, diff --git a/src/core/utils/constants.ts b/src/core/utils/constants.ts index c05d2b06e041..ecc1b7e863c4 100644 --- a/src/core/utils/constants.ts +++ b/src/core/utils/constants.ts @@ -3,18 +3,6 @@ * SPDX-License-Identifier: Apache-2.0 */ -import { i18n } from '@osd/i18n'; - export const WORKSPACE_TYPE = 'workspace'; export const WORKSPACE_PATH_PREFIX = '/w'; - -/** - * public workspace has parity with global tenant, - * it includes saved objects with `public` as its workspace or without any workspce info - */ -export const PUBLIC_WORKSPACE_ID = 'public'; - -export const PUBLIC_WORKSPACE_NAME = i18n.translate('workspaces.public.workspace.default.name', { - defaultMessage: 'Global workspace', -}); diff --git a/src/core/utils/index.ts b/src/core/utils/index.ts index a79b5d0bf2f7..d9294e30361f 100644 --- a/src/core/utils/index.ts +++ b/src/core/utils/index.ts @@ -37,11 +37,6 @@ export { IContextProvider, } from './context'; export { DEFAULT_APP_CATEGORIES } from './default_app_categories'; -export { - WORKSPACE_PATH_PREFIX, - WORKSPACE_TYPE, - PUBLIC_WORKSPACE_ID, - PUBLIC_WORKSPACE_NAME, -} from './constants'; +export { WORKSPACE_PATH_PREFIX, WORKSPACE_TYPE } from './constants'; export { getWorkspaceIdFromUrl, formatUrlWithWorkspaceId, cleanWorkspaceId } from './workspace'; export { DEFAULT_NAV_GROUPS } from './default_nav_groups'; diff --git a/src/plugins/saved_objects_management/public/management_section/objects_table/saved_objects_table.test.tsx b/src/plugins/saved_objects_management/public/management_section/objects_table/saved_objects_table.test.tsx index 684f0a322faa..bee992e0196d 100644 --- a/src/plugins/saved_objects_management/public/management_section/objects_table/saved_objects_table.test.tsx +++ b/src/plugins/saved_objects_management/public/management_section/objects_table/saved_objects_table.test.tsx @@ -64,7 +64,6 @@ import { import { Flyout, Relationships } from './components'; import { SavedObjectWithMetadata } from '../../types'; import { WorkspaceObject } from 'opensearch-dashboards/public'; -import { PUBLIC_WORKSPACE_NAME, PUBLIC_WORKSPACE_ID } from '../../../../../core/public'; import { TableProps } from './components/table'; const allowedTypes = ['index-pattern', 'visualization', 'dashboard', 'search']; @@ -413,10 +412,17 @@ describe('SavedObjectsTable', () => { }); it('should export all, accounting for the current workspace criteria', async () => { - const component = shallowRender(); + const workspaceList: WorkspaceObject[] = [ + { + id: 'workspace1', + name: 'foo', + }, + ]; + workspaces.workspaceList$.next(workspaceList); + const component = shallowRender({ workspaces }); component.instance().onQueryChange({ - query: Query.parse(`test workspaces:("${PUBLIC_WORKSPACE_NAME}")`), + query: Query.parse(`test workspaces:("foo")`), }); // Ensure all promises resolve @@ -435,7 +441,7 @@ describe('SavedObjectsTable', () => { allowedTypes, 'test*', true, - [PUBLIC_WORKSPACE_ID] + ['workspace1'] ); expect(saveAsMock).toHaveBeenCalledWith(blob, 'export.ndjson'); expect(notifications.toasts.addSuccess).toHaveBeenCalledWith({ @@ -708,10 +714,9 @@ describe('SavedObjectsTable', () => { expect(filters.length).toBe(2); expect(filters[0].field).toBe('type'); expect(filters[1].field).toBe('workspaces'); - expect(filters[1].options.length).toBe(3); + expect(filters[1].options.length).toBe(2); expect(filters[1].options[0].value).toBe('foo'); expect(filters[1].options[1].value).toBe('bar'); - expect(filters[1].options[2].value).toBe(PUBLIC_WORKSPACE_NAME); }); it('workspace filter only include current workspaces when in a workspace', async () => { @@ -847,7 +852,7 @@ describe('SavedObjectsTable', () => { expect(findObjectsMock).toBeCalledWith( http, expect.objectContaining({ - workspaces: expect.arrayContaining(['workspace1', 'workspace2', PUBLIC_WORKSPACE_ID]), + workspaces: expect.arrayContaining(['workspace1', 'workspace2']), }) ); }); diff --git a/src/plugins/saved_objects_management/public/management_section/objects_table/saved_objects_table.tsx b/src/plugins/saved_objects_management/public/management_section/objects_table/saved_objects_table.tsx index 04d7a46d24d2..8cc50bb19a80 100644 --- a/src/plugins/saved_objects_management/public/management_section/objects_table/saved_objects_table.tsx +++ b/src/plugins/saved_objects_management/public/management_section/objects_table/saved_objects_table.tsx @@ -70,7 +70,6 @@ import { WorkspaceAttribute, } from 'src/core/public'; import { Subscription } from 'rxjs'; -import { PUBLIC_WORKSPACE_ID, PUBLIC_WORKSPACE_NAME } from '../../../../../core/public'; import { RedirectAppLinks } from '../../../../opensearch_dashboards_react/public'; import { IndexPatternsContract } from '../../../../data/public'; import { @@ -195,7 +194,7 @@ export class SavedObjectsTable extends Component ws.id).concat(PUBLIC_WORKSPACE_ID); + return availableWorkspaces?.map((ws) => ws.id); } else { return [currentWorkspaceId]; } @@ -205,7 +204,6 @@ export class SavedObjectsTable extends Component(); - workspaceNameIdMap.set(PUBLIC_WORKSPACE_NAME, PUBLIC_WORKSPACE_ID); // workspace name is unique across the system availableWorkspaces?.forEach((workspace) => { workspaceNameIdMap.set(workspace.name, workspace.id); @@ -956,8 +954,6 @@ export class SavedObjectsTable extends Component workspace.id === PUBLIC_WORKSPACE_ID) > -1; const wsFilterOptions = availableWorkspaces .filter((ws) => { return this.workspaceIdQuery?.includes(ws.id); @@ -970,15 +966,6 @@ export class SavedObjectsTable extends Component { @@ -92,7 +91,7 @@ export const registerScrollForCountRoute = (router: IRouter) => { }); } if (requestHasWorkspaces) { - const resultWorkspaces = result.workspaces || [PUBLIC_WORKSPACE_ID]; + const resultWorkspaces = result.workspaces || []; resultWorkspaces.forEach((ws) => { counts.workspaces[ws] = counts.workspaces[ws] || 0; counts.workspaces[ws]++; diff --git a/src/plugins/workspace/server/plugin.ts b/src/plugins/workspace/server/plugin.ts index 1479da984580..1081284b7d9e 100644 --- a/src/plugins/workspace/server/plugin.ts +++ b/src/plugins/workspace/server/plugin.ts @@ -137,7 +137,7 @@ export class WorkspacePlugin implements Plugin { }); }); - it(`Should set workspacesSearchOperator to OR when search with public workspace`, async () => { - await wrapperClient.find({ - type: 'dashboard', - workspaces: [PUBLIC_WORKSPACE_ID], - }); - expect(mockedClient.find).toBeCalledWith({ - type: 'dashboard', - workspaces: [PUBLIC_WORKSPACE_ID], - workspacesSearchOperator: 'OR', - }); - }); - - it(`Should set workspace as pubic when workspace is not specified`, async () => { - const mockRequest = httpServerMock.createOpenSearchDashboardsRequest(); - updateWorkspaceState(mockRequest, {}); - const mockedWrapperClient = wrapperInstance.wrapperFactory({ - client: mockedClient, - typeRegistry: requestHandlerContext.savedObjects.typeRegistry, - request: mockRequest, - }); - await mockedWrapperClient.find({ - type: ['dashboard', 'visualization'], - }); - expect(mockedClient.find).toBeCalledWith({ - type: ['dashboard', 'visualization'], - workspaces: [PUBLIC_WORKSPACE_ID], - workspacesSearchOperator: 'OR', - }); - }); - - it(`Should remove public workspace when permission control is enabled`, async () => { - const consumer = new WorkspaceIdConsumerWrapper(true); - const client = consumer.wrapperFactory({ - client: mockedClient, - typeRegistry: requestHandlerContext.savedObjects.typeRegistry, - request: workspaceEnabledMockRequest, - }); - await client.find({ - type: 'dashboard', - workspaces: ['bar', PUBLIC_WORKSPACE_ID], - }); - expect(mockedClient.find).toBeCalledWith({ - type: 'dashboard', - workspaces: ['bar'], - workspacesSearchOperator: 'OR', - }); - }); - - it(`Should not override workspacesSearchOperator when workspacesSearchOperator is specified`, async () => { - await wrapperClient.find({ - type: 'dashboard', - workspaces: [PUBLIC_WORKSPACE_ID], - workspacesSearchOperator: 'AND', - }); - expect(mockedClient.find).toBeCalledWith({ - type: 'dashboard', - workspaces: [PUBLIC_WORKSPACE_ID], - workspacesSearchOperator: 'AND', - }); - }); - - it(`Should not pass a empty workspace array`, async () => { - const workspaceIdConsumerWrapper = new WorkspaceIdConsumerWrapper(true); + it(`Should pass a empty workspace array`, async () => { + const workspaceIdConsumerWrapper = new WorkspaceIdConsumerWrapper(); const mockRequest = httpServerMock.createOpenSearchDashboardsRequest(); updateWorkspaceState(mockRequest, {}); const mockedWrapperClient = workspaceIdConsumerWrapper.wrapperFactory({ @@ -189,10 +127,10 @@ describe('WorkspaceIdConsumerWrapper', () => { await mockedWrapperClient.find({ type: ['dashboard', 'visualization'], }); - // empty workspace array will get deleted + // empty workspace array will add '' expect(mockedClient.find).toBeCalledWith({ type: ['dashboard', 'visualization'], - workspacesSearchOperator: 'OR', + workspaces: [''], }); }); }); diff --git a/src/plugins/workspace/server/saved_objects/workspace_id_consumer_wrapper.ts b/src/plugins/workspace/server/saved_objects/workspace_id_consumer_wrapper.ts index 63f19b5dd0f7..92223e2d2df9 100644 --- a/src/plugins/workspace/server/saved_objects/workspace_id_consumer_wrapper.ts +++ b/src/plugins/workspace/server/saved_objects/workspace_id_consumer_wrapper.ts @@ -12,7 +12,6 @@ import { SavedObjectsCheckConflictsObject, OpenSearchDashboardsRequest, SavedObjectsFindOptions, - PUBLIC_WORKSPACE_ID, WORKSPACE_TYPE, } from '../../../../core/server'; @@ -82,23 +81,7 @@ export class WorkspaceIdConsumerWrapper { // if workspace is enabled, we always find by workspace if (!findOptions.workspaces || findOptions.workspaces.length === 0) { - findOptions.workspaces = [PUBLIC_WORKSPACE_ID]; - } - - // `PUBLIC_WORKSPACE_ID` includes both saved objects without any workspace and with `PUBLIC_WORKSPACE_ID` workspace - const index = findOptions.workspaces - ? findOptions.workspaces.indexOf(PUBLIC_WORKSPACE_ID) - : -1; - if (!findOptions.workspacesSearchOperator && findOptions.workspaces && index !== -1) { - findOptions.workspacesSearchOperator = 'OR'; - // remove this deletion logic when public workspace becomes to real - if (this.isPermissionControlEnabled) { - // remove public workspace to make sure we can pass permission control validation, more details in `WorkspaceSavedObjectsClientWrapper` - findOptions.workspaces.splice(index, 1); - } - } - if (findOptions.workspaces && findOptions.workspaces.length === 0) { - delete findOptions.workspaces; + findOptions.workspaces = ['']; } return wrapperOptions.client.find(findOptions); }, @@ -112,5 +95,5 @@ export class WorkspaceIdConsumerWrapper { }; }; - constructor(private isPermissionControlEnabled?: boolean) {} + constructor() {} } From 6be28103a6928ce186d7112c9a8246cece616778 Mon Sep 17 00:00:00 2001 From: "opensearch-changeset-bot[bot]" <154024398+opensearch-changeset-bot[bot]@users.noreply.github.com> Date: Wed, 3 Jul 2024 05:56:55 +0000 Subject: [PATCH 2/8] Changeset file for PR #7165 created/updated --- changelogs/fragments/7165.yml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 changelogs/fragments/7165.yml diff --git a/changelogs/fragments/7165.yml b/changelogs/fragments/7165.yml new file mode 100644 index 000000000000..39c2b93329e0 --- /dev/null +++ b/changelogs/fragments/7165.yml @@ -0,0 +1,2 @@ +feat: +- [Workspace] Delete the virtual global workspace ([#7165](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/7165)) \ No newline at end of file From f183cb55c2026d40223a4ccdfa05f53b3172742a Mon Sep 17 00:00:00 2001 From: yubonluo Date: Wed, 3 Jul 2024 17:06:31 +0800 Subject: [PATCH 3/8] optimize the code Signed-off-by: yubonluo --- ...space_saved_objects_client_wrapper.test.ts | 10 ++++ .../workspace_id_consumer_wrapper.test.ts | 1 - .../workspace_id_consumer_wrapper.ts | 8 --- ...space_saved_objects_client_wrapper.test.ts | 54 ++++--------------- .../workspace_saved_objects_client_wrapper.ts | 17 +++--- 5 files changed, 27 insertions(+), 63 deletions(-) diff --git a/src/plugins/workspace/server/saved_objects/integration_tests/workspace_saved_objects_client_wrapper.test.ts b/src/plugins/workspace/server/saved_objects/integration_tests/workspace_saved_objects_client_wrapper.test.ts index b5399de9fb5d..241aacb02a76 100644 --- a/src/plugins/workspace/server/saved_objects/integration_tests/workspace_saved_objects_client_wrapper.test.ts +++ b/src/plugins/workspace/server/saved_objects/integration_tests/workspace_saved_objects_client_wrapper.test.ts @@ -269,6 +269,16 @@ describe('WorkspaceSavedObjectsClientWrapper', () => { true ); }); + + it('should return 0 saved object when not workspace type and no workspaces provided', async () => { + const result = await permittedSavedObjectedClient.find({ + type: 'dashboard', + perPage: 999, + page: 1, + }); + + expect(result).toEqual({ page: 1, per_page: 999, saved_objects: [], total: 0 }); + }); }); describe('create', () => { diff --git a/src/plugins/workspace/server/saved_objects/workspace_id_consumer_wrapper.test.ts b/src/plugins/workspace/server/saved_objects/workspace_id_consumer_wrapper.test.ts index 6dd96234567c..c20b7ebbe47e 100644 --- a/src/plugins/workspace/server/saved_objects/workspace_id_consumer_wrapper.test.ts +++ b/src/plugins/workspace/server/saved_objects/workspace_id_consumer_wrapper.test.ts @@ -130,7 +130,6 @@ describe('WorkspaceIdConsumerWrapper', () => { // empty workspace array will add '' expect(mockedClient.find).toBeCalledWith({ type: ['dashboard', 'visualization'], - workspaces: [''], }); }); }); diff --git a/src/plugins/workspace/server/saved_objects/workspace_id_consumer_wrapper.ts b/src/plugins/workspace/server/saved_objects/workspace_id_consumer_wrapper.ts index 92223e2d2df9..3580f1f0b592 100644 --- a/src/plugins/workspace/server/saved_objects/workspace_id_consumer_wrapper.ts +++ b/src/plugins/workspace/server/saved_objects/workspace_id_consumer_wrapper.ts @@ -75,14 +75,6 @@ export class WorkspaceIdConsumerWrapper { delete: wrapperOptions.client.delete, find: (options: SavedObjectsFindOptions) => { const findOptions = this.formatWorkspaceIdParams(wrapperOptions.request, options); - if (this.isWorkspaceType(findOptions.type)) { - return wrapperOptions.client.find(findOptions); - } - - // if workspace is enabled, we always find by workspace - if (!findOptions.workspaces || findOptions.workspaces.length === 0) { - findOptions.workspaces = ['']; - } return wrapperOptions.client.find(findOptions); }, bulkGet: wrapperOptions.client.bulkGet, diff --git a/src/plugins/workspace/server/saved_objects/workspace_saved_objects_client_wrapper.test.ts b/src/plugins/workspace/server/saved_objects/workspace_saved_objects_client_wrapper.test.ts index 79e1b25cd823..e7c00743814b 100644 --- a/src/plugins/workspace/server/saved_objects/workspace_saved_objects_client_wrapper.test.ts +++ b/src/plugins/workspace/server/saved_objects/workspace_saved_objects_client_wrapper.test.ts @@ -617,54 +617,31 @@ describe('WorkspaceSavedObjectsClientWrapper', () => { }, }); }); - it('should call client.find with ACLSearchParams if no workspaces is provided', async () => { + it('should return 0 save object if not workspace type and no workspaces is provided', async () => { + let result; + const returnValue = { page: undefined, per_page: undefined, saved_objects: [], total: 0 }; const { wrapper, clientMock } = generateWorkspaceSavedObjectsClientWrapper(); // no workspaces - await wrapper.find({ + result = await wrapper.find({ type: 'dashboards', }); - expect(clientMock.find).toHaveBeenCalledWith({ - type: 'dashboards', - ACLSearchParams: { - principals: { - users: ['user-1'], - }, - permissionModes: ['read', 'write'], - }, - }); + expect(result).toEqual(returnValue); // workspaces parameter is undefined clientMock.find.mockReset(); - await wrapper.find({ + result = await wrapper.find({ type: 'dashboards', workspaces: undefined, }); - expect(clientMock.find).toHaveBeenLastCalledWith({ - type: 'dashboards', - ACLSearchParams: { - principals: { - users: ['user-1'], - }, - permissionModes: ['read', 'write'], - }, - }); + expect(result).toEqual(returnValue); // empty workspaces array clientMock.find.mockReset(); - await wrapper.find({ + result = await wrapper.find({ type: 'dashboards', workspaces: [], }); - expect(clientMock.find).toHaveBeenLastCalledWith({ - type: 'dashboards', - workspaces: [], - ACLSearchParams: { - principals: { - users: ['user-1'], - }, - permissionModes: ['read', 'write'], - }, - }); + expect(result).toEqual(returnValue); }); it('should call client.find with only read permission if find workspace and permissionModes provided', async () => { const { wrapper, clientMock } = generateWorkspaceSavedObjectsClientWrapper(); @@ -727,19 +704,6 @@ describe('WorkspaceSavedObjectsClientWrapper', () => { }) ); }); - it('should call client.find with arguments if not workspace type and no options.workspace', async () => { - const { wrapper, clientMock } = generateWorkspaceSavedObjectsClientWrapper(); - await wrapper.find({ - type: 'dashboard', - }); - expect(clientMock.find).toHaveBeenCalledWith({ - type: 'dashboard', - ACLSearchParams: { - permissionModes: ['read', 'write'], - principals: { users: ['user-1'] }, - }, - }); - }); }); describe('deleteByWorkspace', () => { diff --git a/src/plugins/workspace/server/saved_objects/workspace_saved_objects_client_wrapper.ts b/src/plugins/workspace/server/saved_objects/workspace_saved_objects_client_wrapper.ts index 06701fba338a..7a6be41e18d4 100644 --- a/src/plugins/workspace/server/saved_objects/workspace_saved_objects_client_wrapper.ts +++ b/src/plugins/workspace/server/saved_objects/workspace_saved_objects_client_wrapper.ts @@ -27,6 +27,7 @@ import { SavedObjectsServiceStart, SavedObjectsClientContract, SavedObjectsDeleteByWorkspaceOptions, + SavedObjectsFindResponse, } from '../../../../core/server'; import { SavedObjectsPermissionControlContract } from '../permission_control/client'; import { @@ -513,15 +514,13 @@ export class WorkspaceSavedObjectsClientWrapper { */ options.workspaces = permittedWorkspaces; } else { - /** - * If no workspaces present, find all the docs that - * ACL matches read / write / user passed permission - */ - options.ACLSearchParams.permissionModes = getDefaultValuesForEmpty( - options.ACLSearchParams.permissionModes, - [WorkspacePermissionMode.Read, WorkspacePermissionMode.Write] - ); - options.ACLSearchParams.principals = principals; + // Non OSD admin users should not see the legacy saved objects if they can not access any workspace. + return { + page: options.page, + per_page: options.perPage, + total: 0, + saved_objects: [], + } as SavedObjectsFindResponse; } } From 83babfd9ae599292dfcae3508fb0311ba00a32b0 Mon Sep 17 00:00:00 2001 From: yubonluo Date: Wed, 3 Jul 2024 17:21:57 +0800 Subject: [PATCH 4/8] optimize the code Signed-off-by: yubonluo --- .../server/saved_objects/workspace_id_consumer_wrapper.test.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/src/plugins/workspace/server/saved_objects/workspace_id_consumer_wrapper.test.ts b/src/plugins/workspace/server/saved_objects/workspace_id_consumer_wrapper.test.ts index c20b7ebbe47e..2db8d146822f 100644 --- a/src/plugins/workspace/server/saved_objects/workspace_id_consumer_wrapper.test.ts +++ b/src/plugins/workspace/server/saved_objects/workspace_id_consumer_wrapper.test.ts @@ -127,7 +127,6 @@ describe('WorkspaceIdConsumerWrapper', () => { await mockedWrapperClient.find({ type: ['dashboard', 'visualization'], }); - // empty workspace array will add '' expect(mockedClient.find).toBeCalledWith({ type: ['dashboard', 'visualization'], }); From 453e858e9eb9ffebc21a08ba41583ff7ce7dffc4 Mon Sep 17 00:00:00 2001 From: yubonluo Date: Wed, 3 Jul 2024 18:04:30 +0800 Subject: [PATCH 5/8] optimize the code Signed-off-by: yubonluo --- .../lib/search_dsl/query_params.test.ts | 146 ++++++++---------- .../service/lib/search_dsl/query_params.ts | 33 +--- .../workspace_saved_objects_client_wrapper.ts | 26 +++- 3 files changed, 81 insertions(+), 124 deletions(-) diff --git a/src/core/server/saved_objects/service/lib/search_dsl/query_params.test.ts b/src/core/server/saved_objects/service/lib/search_dsl/query_params.test.ts index 5af816a1d8f5..ef9fdc6b5588 100644 --- a/src/core/server/saved_objects/service/lib/search_dsl/query_params.test.ts +++ b/src/core/server/saved_objects/service/lib/search_dsl/query_params.test.ts @@ -662,46 +662,32 @@ describe('#getQueryParams', () => { workspaces: ['foo'], workspacesSearchOperator: 'OR', }); - expect(result.query.bool.filter[1]).toEqual({ - bool: { - should: [ - { - bool: { - must_not: [ - { - exists: { - field: 'workspaces', - }, - }, - { - exists: { - field: 'permissions', - }, - }, - ], - }, - }, - { - bool: { - minimum_should_match: 1, - should: [ - { - bool: { - must: [ - { - term: { - workspaces: 'foo', + expect(result.query.bool.filter[1]).toMatchInlineSnapshot(` + Object { + "bool": Object { + "should": Array [ + Object { + "bool": Object { + "minimum_should_match": 1, + "should": Array [ + Object { + "bool": Object { + "must": Array [ + Object { + "term": Object { + "workspaces": "foo", + }, }, - }, - ], + ], + }, }, - }, - ], + ], + }, }, - }, - ], - }, - }); + ], + }, + } + `); }); it('principals and permissionModes provided in ACLSearchParams', () => { @@ -715,60 +701,50 @@ describe('#getQueryParams', () => { permissionModes: ['read'], }, }); - expect(result.query.bool.filter[1]).toEqual({ - bool: { - should: [ - { - bool: { - must_not: [ - { - exists: { - field: 'workspaces', - }, - }, - { - exists: { - field: 'permissions', - }, - }, - ], - }, - }, - { - bool: { - filter: [ - { - bool: { - should: [ - { - terms: { - 'permissions.read.users': ['user-foo'], + expect(result.query.bool.filter[1]).toMatchInlineSnapshot(` + Object { + "bool": Object { + "should": Array [ + Object { + "bool": Object { + "filter": Array [ + Object { + "bool": Object { + "should": Array [ + Object { + "terms": Object { + "permissions.read.users": Array [ + "user-foo", + ], + }, }, - }, - { - term: { - 'permissions.read.users': '*', + Object { + "term": Object { + "permissions.read.users": "*", + }, }, - }, - { - terms: { - 'permissions.read.groups': ['group-foo'], + Object { + "terms": Object { + "permissions.read.groups": Array [ + "group-foo", + ], + }, }, - }, - { - term: { - 'permissions.read.groups': '*', + Object { + "term": Object { + "permissions.read.groups": "*", + }, }, - }, - ], + ], + }, }, - }, - ], + ], + }, }, - }, - ], - }, - }); + ], + }, + } + `); }); }); }); diff --git a/src/core/server/saved_objects/service/lib/search_dsl/query_params.ts b/src/core/server/saved_objects/service/lib/search_dsl/query_params.ts index 318768fd83c2..5001d1e61334 100644 --- a/src/core/server/saved_objects/service/lib/search_dsl/query_params.ts +++ b/src/core/server/saved_objects/service/lib/search_dsl/query_params.ts @@ -134,16 +134,6 @@ function getClauseForType( * Gets the clause that will filter for the workspace. */ function getClauseForWorkspace(workspace: string) { - if (workspace === '*') { - return { - bool: { - must: { - match_all: {}, - }, - }, - }; - } - return { bool: { must: [{ term: { workspaces: workspace } }], @@ -311,28 +301,7 @@ export function getQueryParams({ if (ACLSearchParamsShouldClause.length) { bool.filter.push({ bool: { - should: [ - /** - * Return those objects without workspaces field and permissions field to keep find API backward compatible - */ - { - bool: { - must_not: [ - { - exists: { - field: 'workspaces', - }, - }, - { - exists: { - field: 'permissions', - }, - }, - ], - }, - }, - ...ACLSearchParamsShouldClause, - ], + should: ACLSearchParamsShouldClause, }, }); } diff --git a/src/plugins/workspace/server/saved_objects/workspace_saved_objects_client_wrapper.ts b/src/plugins/workspace/server/saved_objects/workspace_saved_objects_client_wrapper.ts index 7a6be41e18d4..6af6be145759 100644 --- a/src/plugins/workspace/server/saved_objects/workspace_saved_objects_client_wrapper.ts +++ b/src/plugins/workspace/server/saved_objects/workspace_saved_objects_client_wrapper.ts @@ -457,6 +457,16 @@ export class WorkspaceSavedObjectsClientWrapper { ); options.ACLSearchParams.principals = principals; } else { + // Non OSD admin users should not see the legacy saved objects if they can not access any workspace. + if (!options.workspaces || options.workspaces.length === 0) { + return { + page: options.page, + per_page: options.perPage, + total: 0, + saved_objects: [], + } as SavedObjectsFindResponse; + } + /** * Workspace is a hidden type so that we need to * initialize a new saved objects client with workspace enabled to retrieve all the workspaces with permission. @@ -514,13 +524,15 @@ export class WorkspaceSavedObjectsClientWrapper { */ options.workspaces = permittedWorkspaces; } else { - // Non OSD admin users should not see the legacy saved objects if they can not access any workspace. - return { - page: options.page, - per_page: options.perPage, - total: 0, - saved_objects: [], - } as SavedObjectsFindResponse; + /** + * If no workspaces present, find all the docs that + * ACL matches read / write / user passed permission + */ + options.ACLSearchParams.permissionModes = getDefaultValuesForEmpty( + options.ACLSearchParams.permissionModes, + [WorkspacePermissionMode.Read, WorkspacePermissionMode.Write] + ); + options.ACLSearchParams.principals = principals; } } From d83f3403317ee3c13dafdb54245729517ead49d6 Mon Sep 17 00:00:00 2001 From: yubonluo Date: Thu, 4 Jul 2024 09:47:56 +0800 Subject: [PATCH 6/8] optimize the code Signed-off-by: yubonluo --- ...kspace_saved_objects_client_wrapper.test.ts | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/src/plugins/workspace/server/saved_objects/workspace_saved_objects_client_wrapper.test.ts b/src/plugins/workspace/server/saved_objects/workspace_saved_objects_client_wrapper.test.ts index e7c00743814b..50173d113ab2 100644 --- a/src/plugins/workspace/server/saved_objects/workspace_saved_objects_client_wrapper.test.ts +++ b/src/plugins/workspace/server/saved_objects/workspace_saved_objects_client_wrapper.test.ts @@ -686,24 +686,6 @@ describe('WorkspaceSavedObjectsClientWrapper', () => { ACLSearchParams: {}, }); }); - it('should find permitted workspaces with filtered permission modes', async () => { - const { wrapper, scopedClientMock } = generateWorkspaceSavedObjectsClientWrapper(); - await wrapper.find({ - type: 'dashboard', - ACLSearchParams: { - permissionModes: ['read', 'library_read'], - }, - }); - expect(scopedClientMock.find).toHaveBeenCalledWith( - expect.objectContaining({ - type: 'workspace', - ACLSearchParams: { - permissionModes: ['library_read'], - principals: { users: ['user-1'] }, - }, - }) - ); - }); }); describe('deleteByWorkspace', () => { From 30a410033d88dc25d632ade4e8a379b45acdd3b6 Mon Sep 17 00:00:00 2001 From: yubonluo Date: Mon, 8 Jul 2024 11:44:43 +0800 Subject: [PATCH 7/8] delete the useless code Signed-off-by: yubonluo --- .../saved_objects/workspace_saved_objects_client_wrapper.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/src/plugins/workspace/server/saved_objects/workspace_saved_objects_client_wrapper.ts b/src/plugins/workspace/server/saved_objects/workspace_saved_objects_client_wrapper.ts index 34dc34b09299..9a156aa6501f 100644 --- a/src/plugins/workspace/server/saved_objects/workspace_saved_objects_client_wrapper.ts +++ b/src/plugins/workspace/server/saved_objects/workspace_saved_objects_client_wrapper.ts @@ -27,7 +27,6 @@ import { SavedObjectsServiceStart, SavedObjectsClientContract, SavedObjectsDeleteByWorkspaceOptions, - SavedObjectsFindResponse, } from '../../../../core/server'; import { SavedObjectsPermissionControlContract } from '../permission_control/client'; import { From d7f28ab8d93a85bc805264ef5615e01b9d532403 Mon Sep 17 00:00:00 2001 From: yubonluo Date: Mon, 8 Jul 2024 12:02:06 +0800 Subject: [PATCH 8/8] delete the useless code Signed-off-by: yubonluo --- .../saved_objects/workspace_id_consumer_wrapper.ts | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/src/plugins/workspace/server/saved_objects/workspace_id_consumer_wrapper.ts b/src/plugins/workspace/server/saved_objects/workspace_id_consumer_wrapper.ts index 50a42be103c0..1f9e196d1f49 100644 --- a/src/plugins/workspace/server/saved_objects/workspace_id_consumer_wrapper.ts +++ b/src/plugins/workspace/server/saved_objects/workspace_id_consumer_wrapper.ts @@ -12,7 +12,6 @@ import { SavedObjectsCheckConflictsObject, OpenSearchDashboardsRequest, SavedObjectsFindOptions, - WORKSPACE_TYPE, } from '../../../../core/server'; type WorkspaceOptions = Pick | undefined; @@ -40,14 +39,6 @@ export class WorkspaceIdConsumerWrapper { }; } - private isWorkspaceType(type: SavedObjectsFindOptions['type']): boolean { - if (Array.isArray(type)) { - return type.every((item) => item === WORKSPACE_TYPE); - } - - return type === WORKSPACE_TYPE; - } - public wrapperFactory: SavedObjectsClientWrapperFactory = (wrapperOptions) => { return { ...wrapperOptions.client, @@ -75,8 +66,9 @@ export class WorkspaceIdConsumerWrapper { ), delete: wrapperOptions.client.delete, find: (options: SavedObjectsFindOptions) => { - const findOptions = this.formatWorkspaceIdParams(wrapperOptions.request, options); - return wrapperOptions.client.find(findOptions); + return wrapperOptions.client.find( + this.formatWorkspaceIdParams(wrapperOptions.request, options) + ); }, bulkGet: wrapperOptions.client.bulkGet, get: wrapperOptions.client.get,