Add find integration rbac tests

x-pack/test/case_api_integration/common/lib/mock.ts

@@ -47,6 +47,14 @@ export const postCaseReq: CasePostRequest = {
   scope: 'securitySolutionFixture',
 };
 
+/**
+ * Return a request for creating a case.
+ */
+export const getPostCaseRequest = (req?: Partial<CasePostRequest>): CasePostRequest => ({
+  ...postCaseReq,
+  ...req,
+});
+
 /**
  * The fields for creating a collection style case.
  */

x-pack/test/case_api_integration/security_and_spaces/tests/common/cases/find_cases.ts

@@ -8,26 +8,33 @@
 import expect from '@kbn/expect';
 import supertestAsPromised from 'supertest-as-promised';
 import type { ApiResponse, estypes } from '@elastic/elasticsearch';
-import { FtrProviderContext } from '../../../common/ftr_provider_context';
+import { FtrProviderContext } from '../../../../common/ftr_provider_context';
 
 import {
   CASES_URL,
   SUB_CASES_PATCH_DEL_URL,
 } from '../../../../../../plugins/cases/common/constants';
-import { postCaseReq, postCommentUserReq, findCasesResp } from '../../../../common/lib/mock';
+import {
+  postCaseReq,
+  postCommentUserReq,
+  findCasesResp,
+  getPostCaseRequest,
+} from '../../../../common/lib/mock';
 import {
   deleteAllCaseItems,
   createSubCase,
   setStatus,
   CreateSubCaseResp,
   createCaseAction,
   deleteCaseAction,
+  getSpaceUrlPrefix,
 } from '../../../../common/lib/utils';
 import {
   CasesFindResponse,
   CaseStatuses,
   CaseType,
 } from '../../../../../../plugins/cases/common/api';
+import { obsOnly, secOnly } from '../../../../common/lib/authentication/users';
 
 interface CaseAttributes {
   cases: {
@@ -39,6 +46,8 @@ interface CaseAttributes {
 export default ({ getService }: FtrProviderContext): void => {
   const supertest = getService('supertest');
   const es = getService('es');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
+
   describe('find_cases', () => {
     describe('basic tests', () => {
       afterEach(async () => {
@@ -670,5 +679,46 @@ export default ({ getService }: FtrProviderContext): void => {
         expect(body.count_in_progress_cases).to.eql(0);
       });
     });
+
+    describe('rbac', () => {
+      it('should return the correct cases', async () => {
+        await supertestWithoutAuth
+          .post(`${getSpaceUrlPrefix('space1')}${CASES_URL}`)
+          .auth(secOnly.username, secOnly.password)
+          .set('kbn-xsrf', 'true')
+          .send(getPostCaseRequest())
+          .expect(200);
+
+        await supertestWithoutAuth
+          .post(`${getSpaceUrlPrefix('space1')}${CASES_URL}`)
+          .auth(obsOnly.username, obsOnly.password)
+          .set('kbn-xsrf', 'true')
+          .send(getPostCaseRequest({ scope: 'observabilityFixture' }))
+          .expect(200);
+
+        const { body: secBody } = await supertestWithoutAuth
+          .get(`${getSpaceUrlPrefix('space1')}${CASES_URL}/_find?sortOrder=asc`)
+          .auth(secOnly.username, secOnly.password)
+          .set('kbn-xsrf', 'true')
+          .send()
+          .expect(200);
+
+        const { body: obsBody } = await supertestWithoutAuth
+          .get(`${getSpaceUrlPrefix('space1')}${CASES_URL}/_find?sortOrder=asc`)
+          .auth(obsOnly.username, obsOnly.password)
+          .set('kbn-xsrf', 'true')
+          .send()
+          .expect(200);
+
+        const secRes = secBody as CasesFindResponse;
+        const obsRes = obsBody as CasesFindResponse;
+
+        expect(secRes.total).to.eql(1);
+        expect(obsRes.total).to.eql(1);
+
+        secRes.cases.forEach((theCase) => expect(theCase.scope).to.eql('securitySolutionFixture'));
+        obsRes.cases.forEach((theCase) => expect(theCase.scope).to.eql('observabilityFixture'));
+      });
+    });
   });
 };

x-pack/test/case_api_integration/security_and_spaces/tests/common/cases/post_case.ts

@@ -9,7 +9,11 @@ import expect from '@kbn/expect';
 
 import { CASES_URL } from '../../../../../../plugins/cases/common/constants';
 import {
-  postCaseReq,
+  ConnectorTypes,
+  ConnectorJiraTypeFields,
+} from '../../../../../../plugins/cases/common/api';
+import {
+  getPostCaseRequest,
   postCaseResp,
   removeServerGeneratedPropertiesFromCase,
 } from '../../../../common/lib/mock';
@@ -39,7 +43,7 @@ export default ({ getService }: FtrProviderContext): void => {
       const { body: postedCase } = await supertest
         .post(CASES_URL)
         .set('kbn-xsrf', 'true')
-        .send(postCaseReq)
+        .send(getPostCaseRequest())
         .expect(200);
 
       const data = removeServerGeneratedPropertiesFromCase(postedCase);
@@ -50,12 +54,13 @@ export default ({ getService }: FtrProviderContext): void => {
       await supertest
         .post(CASES_URL)
         .set('kbn-xsrf', 'true')
-        .send({ ...postCaseReq, badKey: true })
+        // @ts-expect-error
+        .send({ ...getPostCaseRequest({ badKey: true }) })
         .expect(400);
     });
 
     it('unhappy path - 400s when connector is not supplied', async () => {
-      const { connector, ...caseWithoutConnector } = postCaseReq;
+      const { connector, ...caseWithoutConnector } = getPostCaseRequest();
 
       await supertest
         .post(CASES_URL)
@@ -69,8 +74,10 @@ export default ({ getService }: FtrProviderContext): void => {
         .post(CASES_URL)
         .set('kbn-xsrf', 'true')
         .send({
-          ...postCaseReq,
-          connector: { id: 'wrong', name: 'wrong', type: '.not-exists', fields: null },
+          ...getPostCaseRequest({
+            // @ts-expect-error
+            connector: { id: 'wrong', name: 'wrong', type: '.not-exists', fields: null },
+          }),
         })
         .expect(400);
     });
@@ -80,13 +87,15 @@ export default ({ getService }: FtrProviderContext): void => {
         .post(CASES_URL)
         .set('kbn-xsrf', 'true')
         .send({
-          ...postCaseReq,
-          connector: {
-            id: 'wrong',
-            name: 'wrong',
-            type: '.jira',
-            fields: { unsupported: 'value' },
-          },
+          ...getPostCaseRequest({
+            // @ts-expect-error
+            connector: {
+              id: 'wrong',
+              name: 'wrong',
+              type: ConnectorTypes.jira,
+              fields: { unsupported: 'value' },
+            } as ConnectorJiraTypeFields,
+          }),
         })
         .expect(400);
     });
@@ -97,7 +106,7 @@ export default ({ getService }: FtrProviderContext): void => {
           .post(`${getSpaceUrlPrefix('space1')}${CASES_URL}`)
           .auth(secOnly.username, secOnly.password)
           .set('kbn-xsrf', 'true')
-          .send(postCaseReq)
+          .send(getPostCaseRequest())
           .expect(200);
 
         expect(theCase.scope).to.eql('securitySolutionFixture');
@@ -108,7 +117,7 @@ export default ({ getService }: FtrProviderContext): void => {
           .post(`${getSpaceUrlPrefix('space1')}${CASES_URL}`)
           .auth(secOnly.username, secOnly.password)
           .set('kbn-xsrf', 'true')
-          .send({ ...postCaseReq, scope: 'observabilityFixture' })
+          .send({ ...getPostCaseRequest({ scope: 'observabilityFixture' }) })
           .expect(403);
       });
 
@@ -120,7 +129,7 @@ export default ({ getService }: FtrProviderContext): void => {
             .post(`${getSpaceUrlPrefix('space1')}${CASES_URL}`)
             .auth(user.username, user.password)
             .set('kbn-xsrf', 'true')
-            .send(postCaseReq)
+            .send(getPostCaseRequest())
             .expect(403);
         });
       }
@@ -130,7 +139,7 @@ export default ({ getService }: FtrProviderContext): void => {
           .post(`${getSpaceUrlPrefix('space2')}${CASES_URL}`)
           .auth(secOnly.username, secOnly.password)
           .set('kbn-xsrf', 'true')
-          .send(postCaseReq)
+          .send(getPostCaseRequest())
           .expect(403);
       });
     });