Introducing uiCapabilities, removing config providers & user profile (#…

…25387)

## Summary
Introduces the concept of "UI Capabilities", which allows Kibana applications to declare capabilities via the `uiCapabilities` injected var, and then use them client-side via the `ui/capabilities` module to inform their rendering decisions.

src/core/public/injected_metadata/injected_metadata_service.ts

@@ -19,7 +19,7 @@
 
 import { get } from 'lodash';
 import { UiSettingsState } from '../ui_settings';
-import { deepFreeze } from './deep_freeze';
+import { deepFreeze } from '../utils/deep_freeze';
 
 export interface InjectedMetadataParams {
   injectedMetadata: {

src/core_plugins/kibana/index.js

@@ -131,6 +131,24 @@ export default function (kibana) {
         return {
           kbnIndex: options.index,
           kbnBaseUrl,
+          uiCapabilities: {
+            navLinks: {
+              'kibana:discover': true,
+              'kibana:visualize': true,
+              'kibana:dashboard': true,
+              'kibana:dev_tools': true,
+              'kibana:management': true,
+            },
+            discover: {
+              showWriteControls: true
+            },
+            visualize: {
+              showWriteControls: true
+            },
+            dashboard: {
+              showWriteControls: true
+            },
+          }
         };
       },
 

src/core_plugins/kibana/public/dashboard/dashboard_config.js

@@ -18,9 +18,11 @@
  */
 
 import { uiModules } from 'ui/modules';
+import { uiCapabilities } from 'ui/capabilities';
+
 uiModules.get('kibana')
   .provider('dashboardConfig', () => {
-    let hideWriteControls = false;
+    let hideWriteControls = !uiCapabilities.dashboard.showWriteControls;
 
     return {
       /**

src/core_plugins/kibana/public/discover/controllers/discover.js

@@ -157,6 +157,7 @@ function discoverController(
   kbnUrl,
   localStorage,
   i18n,
+  uiCapabilities,
 ) {
   const Vis = Private(VisProvider);
   const docTitle = Private(DocTitleProvider);
@@ -298,12 +299,12 @@ function discoverController(
       }
     };
 
-    const hideSave = false;
+    const { showWriteControls } = uiCapabilities.discover;
 
-    if (hideSave) {
-      return [newSearch, openSearch, shareSearch, inspectSearch];
+    if (showWriteControls) {
+      return [newSearch, saveSearch, openSearch, shareSearch, inspectSearch];
     }
-    return [newSearch, saveSearch, openSearch, shareSearch, inspectSearch];
+    return [newSearch, openSearch, shareSearch, inspectSearch];
   };
 
   $scope.topNavMenu = getTopNavLinks();

src/core_plugins/kibana/public/discover/index.js

@@ -17,7 +17,6 @@
  * under the License.
  */
 
-import './discover_config';
 import './saved_searches/saved_searches';
 import './directives';
 import 'ui/collapsible_sidebar';

src/core_plugins/timelion/index.js

@@ -41,7 +41,18 @@ export default function (kibana) {
         'plugins/timelion/register_feature'
       ],
       mappings: require('./mappings.json'),
-
+      injectDefaultVars() {
+        return {
+          uiCapabilities: {
+            navLinks: {
+              timelion: true
+            },
+            timelion: {
+              showWriteControls: true,
+            }
+          }
+        };
+      },
       uiSettingDefaults: {
         'timelion:showTutorial': {
           name: 'Show tutorial',

src/core_plugins/kibana/public/discover/discover_config.js → src/ui/public/capabilities/index.ts

@@ -16,17 +16,5 @@
  * specific language governing permissions and limitations
  * under the License.
  */
-import { uiModules } from 'ui/modules';
 
-uiModules.get('kibana')
-  .provider('discoverConfig', () => {
-    return {
-      $get() {
-        return {
-          getHideWriteControls() {
-            return false;
-          }
-        };
-      }
-    };
-  });
+export { uiCapabilities, UICapabilities } from './ui_capabilities';

src/ui/public/capabilities/ui_capabilities.test.ts

@@ -0,0 +1,50 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+jest.mock(
+  'ui/chrome',
+  () => ({
+    getInjected: (key: string) => {
+      if (key !== 'uiCapabilities') {
+        throw new Error(`Unexpected key for test: ${key}`);
+      }
+
+      return {
+        navLinks: {},
+        app1: {
+          feature1: true,
+          feature2: false,
+        },
+        app2: {
+          feature1: true,
+          feature3: true,
+        },
+      };
+    },
+  }),
+  { virtual: true }
+);
+
+import { uiCapabilities } from './ui_capabilities';
+
+describe('uiCapabilities', () => {
+  it('allows a nested property to be accessed', () => {
+    expect(uiCapabilities.app1.feature2).toEqual(false);
+  });
+});

src/ui/public/chrome/api/config.js → src/ui/public/capabilities/ui_capabilities.ts

@@ -16,19 +16,12 @@
  * specific language governing permissions and limitations
  * under the License.
  */
-import { uiModules } from '../../modules';
+import chrome from 'ui/chrome';
+import { deepFreeze } from '../../../core/public/utils/deep_freeze';
 
-export function initConfig() {
-  uiModules.get('kibana')
-    .provider('chromeConfig', () => {
-      return {
-        $get() {
-          return {
-            shouldHideNavLink() {
-              return false;
-            }
-          };
-        }
-      };
-    });
+export interface UICapabilities {
+  navLinks: Record<string, boolean>;
+  [key: string]: Record<string, boolean>;
 }
+
+export const uiCapabilities: UICapabilities = deepFreeze(chrome.getInjected('uiCapabilities'));

src/ui/public/chrome/chrome.js

@@ -38,7 +38,6 @@ import { initChromeNavApi } from './api/nav';
 import { initBreadcrumbsApi } from './api/breadcrumbs';
 import templateApi from './api/template';
 import { initChromeThemeApi } from './api/theme';
-import { initConfig } from './api/config';
 import { initChromeXsrfApi } from './api/xsrf';
 import { initUiSettingsApi } from './api/ui_settings';
 import { initLoadingCountApi } from './api/loading_count';
@@ -62,7 +61,6 @@ const internals = _.defaults(
   }
 );
 
-initConfig();
 initUiSettingsApi(chrome);
 initSavedObjectClient(chrome);
 appsApi(chrome, internals);

src/ui/public/chrome/directives/global_nav/app_switcher/app_switcher.js

@@ -69,13 +69,15 @@ uiModules
       },
       template: appSwitcherTemplate,
       controllerAs: 'switcher',
-      controller($scope, appSwitcherEnsureNavigation, globalNavState, chromeConfig) {
+      controller($scope, appSwitcherEnsureNavigation, globalNavState, uiCapabilities) {
         if (!$scope.chrome || !$scope.chrome.getNavLinks) {
           throw new TypeError('appSwitcher directive requires the "chrome" config-object');
         }
 
+        const { navLinks: navLinkCapabilities = {} } = uiCapabilities;
+
         this.links = $scope.chrome.getNavLinks()
-          .filter(navLink => !chromeConfig.shouldHideNavLink(navLink));
+          .filter(navLink => navLinkCapabilities[navLink.id]);
 
         // links don't cause full-navigation events in certain scenarios
         // so we force them when needed

x-pack/plugins/__mocks__/ui/capabilities.ts

@@ -0,0 +1,27 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { UICapabilities } from 'ui/capabilities';
+
+let internals: UICapabilities = {
+  navLinks: {},
+  spaces: {
+    manage: true,
+  },
+};
+
+export const uiCapabilities = new Proxy(
+  {},
+  {
+    get: (target, property) => {
+      return internals[String(property)] as any;
+    },
+  }
+);
+
+export function setMockCapabilities(mockCapabilities: UICapabilities) {
+  internals = mockCapabilities;
+}

x-pack/plugins/__mocks__/ui/chrome.js

@@ -4,6 +4,8 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
+import { uiCapabilities } from './capabilities';
+
 function getUiSettingsClient() {
   return {
     get: key => {
@@ -29,6 +31,8 @@ function getInjected(key) {
       return 'apm*';
     case 'mlEnabled':
       return true;
+    case 'uiCapabilities':
+      return uiCapabilities;
     default:
       throw new Error(`Unexpected config key: ${key}`);
   }

x-pack/plugins/security/index.js

@@ -24,8 +24,6 @@ import { createAuthorizationService, registerPrivilegesWithCluster } from './ser
 import { watchStatusAndLicenseToInitialize } from '../../server/lib/watch_status_and_license_to_initialize';
 import { SecureSavedObjectsClientWrapper } from './server/lib/saved_objects_client/secure_saved_objects_client_wrapper';
 import { deepFreeze } from './server/lib/deep_freeze';
-import { capabilityDecorator } from './server/lib/capability_decorator';
-import { registerUserProfileCapabilityDecorator } from '../xpack_main/server/lib/user_profile';
 
 export const security = (kibana) => new kibana.Plugin({
   id: 'security',
@@ -127,8 +125,6 @@ export const security = (kibana) => new kibana.Plugin({
       }
     });
 
-    registerUserProfileCapabilityDecorator(Number.MIN_SAFE_INTEGER, capabilityDecorator);
-
     const auditLogger = new SecurityAuditLogger(server.config(), new AuditLogger(server, 'security'));
 
     const { savedObjects } = server;
@@ -198,11 +194,8 @@ export const security = (kibana) => new kibana.Plugin({
 
       // Enforce app restrictions
       if (path.startsWith('/app/')) {
-        const appId = path.split('/', 3)[2];
-        const userProfile = await req.getUserProfile();
-        if (!userProfile.canAccessFeature(appId)) {
-          return Boom.notFound();
-        }
+        // const appId = path.split('/', 3)[2];
+        // TODO: feature access check
       }
 
       // Enforce API restrictions for associated applications

x-pack/plugins/security/public/views/management/edit_role/components/edit_role_page.tsx

@@ -23,9 +23,9 @@ import {
 import { FormattedMessage, InjectedIntl, injectI18n } from '@kbn/i18n/react';
 import { get } from 'lodash';
 import React, { ChangeEvent, Component, Fragment, HTMLProps } from 'react';
+import { UICapabilities } from 'ui/capabilities';
 import { toastNotifications } from 'ui/notify';
 import { Space } from '../../../../../../spaces/common/model/space';
-import { UserProfile } from '../../../../../../xpack_main/common/user_profile';
 import { IndexPrivilege } from '../../../../../common/model/index_privilege';
 import { KibanaPrivilege } from '../../../../../common/model/kibana_privilege';
 import { Role } from '../../../../../common/model/role';
@@ -48,8 +48,8 @@ interface Props {
   kibanaAppPrivileges: KibanaPrivilege[];
   spaces?: Space[];
   spacesEnabled: boolean;
-  userProfile: UserProfile;
   intl: InjectedIntl;
+  uiCapabilities: UICapabilities;
 }
 
 interface State {
@@ -252,7 +252,7 @@ class EditRolePageUI extends Component<Props, State> {
           kibanaAppPrivileges={this.props.kibanaAppPrivileges}
           spaces={this.props.spaces}
           spacesEnabled={this.props.spacesEnabled}
-          userProfile={this.props.userProfile}
+          uiCapabilities={this.props.uiCapabilities}
           editable={!isReservedRole(this.state.role)}
           role={this.state.role}
           onChange={this.onRoleChange}

x-pack/plugins/security/public/views/management/edit_role/components/privileges/kibana/__snapshots__/kibana_privileges.test.tsx.snap

@@ -43,8 +43,17 @@ exports[`<KibanaPrivileges> renders without crashing 1`] = `
       }
       userProfile={
         Object {
-          "hasCapability": [Function],
-        }
+          "id": "marketing",
+          "name": "Marketing",
+        },
+      ]
+    }
+    uiCapabilities={
+      Object {
+        "navLinks": Object {},
+        "spaces": Object {
+          "manage": true,
+        },
       }
       validator={
         RoleValidator {

x-pack/plugins/security/public/views/management/edit_role/components/privileges/kibana/__snapshots__/space_aware_privilege_form.test.tsx.snap

@@ -369,11 +369,6 @@ exports[`<SpaceAwarePrivilegeForm> renders without crashing 1`] = `
               },
             ]
           }
-          userProfile={
-            Object {
-              "hasCapability": [Function],
-            }
-          }
         />
       </EuiFlexItem>
     </EuiFlexGroup>

x-pack/plugins/security/public/views/management/edit_role/components/privileges/kibana/impacted_spaces_flyout.test.tsx

@@ -35,7 +35,6 @@ const buildProps = (customProps = {}) => {
         name: 'Marketing',
       },
     ],
-    userProfile: new UserProfile(),
     kibanaAppPrivileges: [
       {
         name: 'all',