Skip to content

Commit

Permalink
feat: add workspace into includeHiddenTypes (opensearch-project#249)
Browse files Browse the repository at this point in the history
* feat: add workspace into includeHiddenTypes of client wrapper and permission control client

Signed-off-by: SuZhou-Joe <[email protected]>

* fix: hiddenType side effect

Signed-off-by: SuZhou-Joe <[email protected]>

---------

Signed-off-by: SuZhou-Joe <[email protected]>
  • Loading branch information
SuZhou-Joe authored and wanglam committed Feb 28, 2024
1 parent ee72f38 commit d2bc698
Show file tree
Hide file tree
Showing 3 changed files with 30 additions and 4 deletions.
7 changes: 6 additions & 1 deletion src/plugins/workspace/server/permission_control/client.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,12 @@
*/

import { i18n } from '@osd/i18n';
import { OpenSearchDashboardsRequest, Principals, SavedObject } from '../../../../core/server';
import {
OpenSearchDashboardsRequest,
Principals,
SavedObject,
WORKSPACE_TYPE,
} from '../../../../core/server';
import {
ACL,
TransformedPermission,
Expand Down
6 changes: 4 additions & 2 deletions src/plugins/workspace/server/plugin.ts
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ export class WorkspacePlugin implements Plugin<{}, {}> {
private client?: IWorkspaceClientImpl;
private permissionControl?: SavedObjectsPermissionControlContract;
private readonly config$: Observable<WorkspacePluginConfigType>;
private workspaceSavedObjectsClientWrapper?: WorkspaceSavedObjectsClientWrapper;

private proxyWorkspaceTrafficToRealHandler(setupDeps: CoreSetup) {
/**
Expand Down Expand Up @@ -66,14 +67,14 @@ export class WorkspacePlugin implements Plugin<{}, {}> {
this.proxyWorkspaceTrafficToRealHandler(core);
this.permissionControl = new SavedObjectsPermissionControl(this.logger);

const workspaceSavedObjectsClientWrapper = new WorkspaceSavedObjectsClientWrapper(
this.workspaceSavedObjectsClientWrapper = new WorkspaceSavedObjectsClientWrapper(
this.permissionControl
);

core.savedObjects.addClientWrapper(
0,
WORKSPACE_SAVED_OBJECTS_CLIENT_WRAPPER_ID,
workspaceSavedObjectsClientWrapper.wrapperFactory
this.workspaceSavedObjectsClientWrapper.wrapperFactory
);
}

Expand All @@ -99,6 +100,7 @@ export class WorkspacePlugin implements Plugin<{}, {}> {
this.logger.debug('Starting Workspace service');
this.permissionControl?.setup(core.savedObjects.getScopedClient);
this.client?.setSavedObjects(core.savedObjects);
this.workspaceSavedObjectsClientWrapper?.setScopedClient(core.savedObjects.getScopedClient);

return {
client: this.client as IWorkspaceClientImpl,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,12 @@ import {
WorkspacePermissionMode,
SavedObjectsDeleteByWorkspaceOptions,
SavedObjectsErrorHelpers,
SavedObjectsServiceStart,
SavedObjectsClientContract,
} from '../../../../core/server';
import { SavedObjectsPermissionControlContract } from '../permission_control/client';
import { getPrincipalsFromRequest } from '../utils';
import { WORKSPACE_SAVED_OBJECTS_CLIENT_WRAPPER_ID } from '../../common/constants';

// Can't throw unauthorized for now, the page will be refreshed if unauthorized
const generateWorkspacePermissionError = () =>
Expand All @@ -50,6 +53,7 @@ const generateSavedObjectsPermissionError = () =>
);

export class WorkspaceSavedObjectsClientWrapper {
private getScopedClient?: SavedObjectsServiceStart['getScopedClient'];
private formatWorkspacePermissionModeToStringArray(
permission: WorkspacePermissionMode | WorkspacePermissionMode[]
): string[] {
Expand Down Expand Up @@ -173,6 +177,17 @@ export class WorkspaceSavedObjectsClientWrapper {
return hasPermission;
}

private getWorkspaceTypeEnabledClient(request: OpenSearchDashboardsRequest) {
return this.getScopedClient?.(request, {
includedHiddenTypes: [WORKSPACE_TYPE],
excludedWrappers: [WORKSPACE_SAVED_OBJECTS_CLIENT_WRAPPER_ID],
}) as SavedObjectsClientContract;
}

public setScopedClient(getScopedClient: SavedObjectsServiceStart['getScopedClient']) {
this.getScopedClient = getScopedClient;
}

public wrapperFactory: SavedObjectsClientWrapperFactory = (wrapperOptions) => {
const deleteWithWorkspacePermissionControl = async (
type: string,
Expand Down Expand Up @@ -396,8 +411,12 @@ export class WorkspaceSavedObjectsClientWrapper {
];
options.ACLSearchParams.principals = principals;
} else {
/**
* Workspace is a hidden type so that we need to
* initialize a new saved objects client with workspace enabled to retrieve all the workspaces with permission.
*/
const permittedWorkspaceIds = (
await wrapperOptions.client.find({
await this.getWorkspaceTypeEnabledClient(wrapperOptions.request).find({
type: WORKSPACE_TYPE,
perPage: 999,
ACLSearchParams: {
Expand Down

0 comments on commit d2bc698

Please sign in to comment.