diff --git a/x-pack/plugins/alerting/server/authorization/alerting_authorization.test.ts b/x-pack/plugins/alerting/server/authorization/alerting_authorization.test.ts index 6cb61339a13aa..e92f381b945c5 100644 --- a/x-pack/plugins/alerting/server/authorization/alerting_authorization.test.ts +++ b/x-pack/plugins/alerting/server/authorization/alerting_authorization.test.ts @@ -2010,8 +2010,13 @@ describe('AlertingAuthorization', () => { }); alertTypeRegistry.list.mockReturnValue(setOfAlertTypes); - await expect(alertAuthorization.getAugmentRuleTypesWithAuthorization(['myApp'])).resolves - .toMatchInlineSnapshot(` + await expect( + alertAuthorization.getAugmentRuleTypesWithAuthorization( + ['myApp'], + [ReadOperations.Find, ReadOperations.Get, WriteOperations.Update], + AlertingAuthorizationEntity.Alert + ) + ).resolves.toMatchInlineSnapshot(` Object { "authorizedRuleTypes": Set { Object { @@ -2078,8 +2083,13 @@ describe('AlertingAuthorization', () => { }); alertTypeRegistry.list.mockReturnValue(setOfAlertTypes); - await expect(alertAuthorization.getAugmentRuleTypesWithAuthorization(['myApp'])).resolves - .toMatchInlineSnapshot(` + await expect( + alertAuthorization.getAugmentRuleTypesWithAuthorization( + ['myApp'], + [ReadOperations.Find, ReadOperations.Get, WriteOperations.Update], + AlertingAuthorizationEntity.Alert + ) + ).resolves.toMatchInlineSnapshot(` Object { "authorizedRuleTypes": Set { Object { diff --git a/x-pack/plugins/alerting/server/authorization/alerting_authorization.ts b/x-pack/plugins/alerting/server/authorization/alerting_authorization.ts index 167f6ce6396e8..de49cdd370585 100644 --- a/x-pack/plugins/alerting/server/authorization/alerting_authorization.ts +++ b/x-pack/plugins/alerting/server/authorization/alerting_authorization.ts @@ -143,7 +143,9 @@ export class AlertingAuthorization { * used by the RAC/Alerts client */ public async getAugmentRuleTypesWithAuthorization( - featureIds: string[] + featureIds: string[], + operations: Array, + authorizationEntity: AlertingAuthorizationEntity ): Promise<{ username?: string; hasAllRequested: boolean; @@ -151,8 +153,8 @@ export class AlertingAuthorization { }> { return this.augmentRuleTypesWithAuthorization( this.alertTypeRegistry.list(), - [ReadOperations.Find, ReadOperations.Get, WriteOperations.Update], - AlertingAuthorizationEntity.Alert, + operations, + authorizationEntity, new Set(featureIds) ); } diff --git a/x-pack/plugins/rule_registry/server/alert_data_client/alerts_client.ts b/x-pack/plugins/rule_registry/server/alert_data_client/alerts_client.ts index 0040943c49304..1c6e187162d74 100644 --- a/x-pack/plugins/rule_registry/server/alert_data_client/alerts_client.ts +++ b/x-pack/plugins/rule_registry/server/alert_data_client/alerts_client.ts @@ -64,9 +64,14 @@ export class AlertsClient { this.auditLogger = auditLogger; } - public async getAlertsIndex(featureIds: string[]) { + public async getAlertsIndex( + featureIds: string[], + operations: Array + ) { return this.authorization.getAugmentRuleTypesWithAuthorization( - featureIds.length !== 0 ? featureIds : ['apm', 'siem'] + featureIds.length !== 0 ? featureIds : ['apm', 'siem'], + operations, + AlertingAuthorizationEntity.Alert ); } @@ -186,7 +191,9 @@ export class AlertsClient { public async getAuthorizedAlertsIndices(featureIds: string[]): Promise { const augmentedRuleTypes = await this.authorization.getAugmentRuleTypesWithAuthorization( - featureIds + featureIds, + [ReadOperations.Find, ReadOperations.Get, WriteOperations.Update], + AlertingAuthorizationEntity.Alert ); const arrayOfAuthorizedRuleTypes = Array.from(augmentedRuleTypes.authorizedRuleTypes);