From 01b70dd9dce9f576a5524426d864a8b9f94a7d4c Mon Sep 17 00:00:00 2001
From: Ryland Herrick <ryalnd@gmail.com>
Date: Tue, 28 Jul 2020 12:04:42 -0500
Subject: [PATCH] [Security Solution] Fix Lists route permissions (#73368)

* Do not display threshold field for an ML Rule

* Give 'read' privileges to 'all' users

We have several lists routes that require lists-read access. If the user
was given the 'all' privilege for securitySolution, they would
previously be locked out of those routes.
---
 .../pages/detection_engine/rules/create/helpers.ts         | 7 ++++---
 x-pack/plugins/security_solution/server/plugin.ts          | 2 +-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/create/helpers.ts b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/create/helpers.ts
index a972afbd8c0c5f..705013beb750f9 100644
--- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/create/helpers.ts
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/create/helpers.ts
@@ -12,6 +12,7 @@ import { NOTIFICATION_THROTTLE_NO_ACTIONS } from '../../../../../../common/const
 import { transformAlertToRuleAction } from '../../../../../../common/detection_engine/transform_actions';
 import { RuleType } from '../../../../../../common/detection_engine/types';
 import { isMlRule } from '../../../../../../common/machine_learning/helpers';
+import { isThresholdRule } from '../../../../../../common/detection_engine/utils';
 import { List } from '../../../../../../common/detection_engine/schemas/types';
 import { ENDPOINT_LIST_ID } from '../../../../../shared_imports';
 import { NewRule, Rule } from '../../../../containers/detection_engine/rules';
@@ -57,7 +58,7 @@ export interface RuleFields {
 }
 type QueryRuleFields<T> = Omit<T, 'anomalyThreshold' | 'machineLearningJobId' | 'threshold'>;
 type ThresholdRuleFields<T> = Omit<T, 'anomalyThreshold' | 'machineLearningJobId'>;
-type MlRuleFields<T> = Omit<T, 'queryBar' | 'index'>;
+type MlRuleFields<T> = Omit<T, 'queryBar' | 'index' | 'threshold'>;
 
 const isMlFields = <T>(
   fields: QueryRuleFields<T> | MlRuleFields<T> | ThresholdRuleFields<T>
@@ -69,9 +70,9 @@ const isThresholdFields = <T>(
 
 export const filterRuleFieldsForType = <T extends RuleFields>(fields: T, type: RuleType) => {
   if (isMlRule(type)) {
-    const { index, queryBar, ...mlRuleFields } = fields;
+    const { index, queryBar, threshold, ...mlRuleFields } = fields;
     return mlRuleFields;
-  } else if (type === 'threshold') {
+  } else if (isThresholdRule(type)) {
     const { anomalyThreshold, machineLearningJobId, ...thresholdRuleFields } = fields;
     return thresholdRuleFields;
   } else {
diff --git a/x-pack/plugins/security_solution/server/plugin.ts b/x-pack/plugins/security_solution/server/plugin.ts
index 8fc413236dd2c7..f2fad16d80414c 100644
--- a/x-pack/plugins/security_solution/server/plugin.ts
+++ b/x-pack/plugins/security_solution/server/plugin.ts
@@ -182,7 +182,7 @@ export class Plugin implements IPlugin<PluginSetup, PluginStart, SetupPlugins, S
         all: {
           app: [...securitySubPlugins, 'kibana'],
           catalogue: ['securitySolution'],
-          api: ['securitySolution', 'lists-all'],
+          api: ['securitySolution', 'lists-all', 'lists-read'],
           savedObject: {
             all: [
               'alert',