diff --git a/x-pack/plugins/cases/common/api/cases/case.ts b/x-pack/plugins/cases/common/api/cases/case.ts index 3477791a555614..4050b217556d3c 100644 --- a/x-pack/plugins/cases/common/api/cases/case.ts +++ b/x-pack/plugins/cases/common/api/cases/case.ts @@ -38,8 +38,8 @@ const CaseBasicRt = rt.type({ [caseTypeField]: CaseTypeRt, connector: CaseConnectorRt, settings: SettingsRt, - // TODO: should a user be able to update the scope? - scope: rt.string, + // TODO: should a user be able to update the owner? + owner: rt.string, }); const CaseExternalServiceBasicRt = rt.type({ @@ -80,7 +80,7 @@ const CasePostRequestNoTypeRt = rt.type({ title: rt.string, connector: CaseConnectorRt, settings: SettingsRt, - scope: rt.string, + owner: rt.string, }); /** diff --git a/x-pack/plugins/cases/common/api/cases/sub_case.ts b/x-pack/plugins/cases/common/api/cases/sub_case.ts index 0940f2951d4012..4bbdfd5b7d3688 100644 --- a/x-pack/plugins/cases/common/api/cases/sub_case.ts +++ b/x-pack/plugins/cases/common/api/cases/sub_case.ts @@ -39,7 +39,7 @@ export const SubCasesFindRequestRt = rt.partial({ searchFields: rt.array(rt.string), sortField: rt.string, sortOrder: rt.union([rt.literal('desc'), rt.literal('asc')]), - scope: rt.string, + owner: rt.string, }); export const SubCaseResponseRt = rt.intersection([ diff --git a/x-pack/plugins/cases/common/constants.ts b/x-pack/plugins/cases/common/constants.ts index 46364be9f0b60e..c6715f28f13f4c 100644 --- a/x-pack/plugins/cases/common/constants.ts +++ b/x-pack/plugins/cases/common/constants.ts @@ -76,7 +76,7 @@ export const MAX_GENERATED_ALERTS_PER_SUB_CASE = MAX_ALERTS_PER_SUB_CASE / DEFAU * This must be the same value that the security solution plugin uses to define the case kind when it registers the * feature for the 7.13 migration only. */ -export const SECURITY_SOLUTION_SCOPE = 'securitySolution'; +export const SECURITY_SOLUTION_OWNER = 'securitySolution'; /** * This flag governs enabling the case as a connector feature. It is disabled by default as the feature is not complete. diff --git a/x-pack/plugins/cases/server/authorization/authorization.ts b/x-pack/plugins/cases/server/authorization/authorization.ts index 832ee6acccbe5b..ab6f9c0f6fef23 100644 --- a/x-pack/plugins/cases/server/authorization/authorization.ts +++ b/x-pack/plugins/cases/server/authorization/authorization.ts @@ -11,7 +11,7 @@ import { KueryNode } from '../../../../../src/plugins/data/server'; import { SecurityPluginStart } from '../../../security/server'; import { PluginStartContract as FeaturesPluginStart } from '../../../features/server'; import { GetSpaceFn, ReadOperations, WriteOperations } from './types'; -import { getScopesFilter } from './utils'; +import { getOwnersFilter } from './utils'; /** * This class handles ensuring that the user making a request has the correct permissions @@ -20,7 +20,7 @@ import { getScopesFilter } from './utils'; export class Authorization { private readonly request: KibanaRequest; private readonly securityAuth: SecurityPluginStart['authz'] | undefined; - private readonly featureCaseScopes: Set; + private readonly featureCaseOwners: Set; private readonly isAuthEnabled: boolean; // TODO: create this // private readonly auditLogger: AuthorizationAuditLogger; @@ -28,17 +28,17 @@ export class Authorization { private constructor({ request, securityAuth, - caseScopes, + caseOwners, isAuthEnabled, }: { request: KibanaRequest; securityAuth?: SecurityPluginStart['authz']; - caseScopes: Set; + caseOwners: Set; isAuthEnabled: boolean; }) { this.request = request; this.securityAuth = securityAuth; - this.featureCaseScopes = caseScopes; + this.featureCaseOwners = caseOwners; this.isAuthEnabled = isAuthEnabled; } @@ -59,58 +59,58 @@ export class Authorization { isAuthEnabled: boolean; }): Promise { // Since we need to do async operations, this static method handles that before creating the Auth class - let caseScopes: Set; + let caseOwners: Set; try { const disabledFeatures = new Set((await getSpace(request))?.disabledFeatures ?? []); - caseScopes = new Set( + caseOwners = new Set( features .getKibanaFeatures() - // get all the features' cases scopes that aren't disabled + // get all the features' cases owners that aren't disabled .filter(({ id }) => !disabledFeatures.has(id)) .flatMap((feature) => feature.cases ?? []) ); } catch (error) { - caseScopes = new Set(); + caseOwners = new Set(); } - return new Authorization({ request, securityAuth, caseScopes, isAuthEnabled }); + return new Authorization({ request, securityAuth, caseOwners, isAuthEnabled }); } private shouldCheckAuthorization(): boolean { return this.securityAuth?.mode?.useRbacForRequest(this.request) ?? false; } - public async ensureAuthorized(scope: string, operation: ReadOperations | WriteOperations) { + public async ensureAuthorized(owner: string, operation: ReadOperations | WriteOperations) { // TODO: remove if (!this.isAuthEnabled) { return; } const { securityAuth } = this; - const isScopeAvailable = this.featureCaseScopes.has(scope); + const isOwnerAvailable = this.featureCaseOwners.has(owner); // TODO: throw if the request is not authorized if (securityAuth && this.shouldCheckAuthorization()) { // TODO: implement ensure logic - const requiredPrivileges: string[] = [securityAuth.actions.cases.get(scope, operation)]; + const requiredPrivileges: string[] = [securityAuth.actions.cases.get(owner, operation)]; const checkPrivileges = securityAuth.checkPrivilegesDynamicallyWithRequest(this.request); const { hasAllRequested, username, privileges } = await checkPrivileges({ kibana: requiredPrivileges, }); - if (!isScopeAvailable) { - // TODO: throw if any of the scope are not available + if (!isOwnerAvailable) { + // TODO: throw if any of the owner are not available /** * Under most circumstances this would have been caught by `checkPrivileges` as - * a user can't have Privileges to an unknown scope, but super users - * don't actually get "privilege checked" so the made up scope *will* return + * a user can't have Privileges to an unknown owner, but super users + * don't actually get "privilege checked" so the made up owner *will* return * as Privileged. * This check will ensure we don't accidentally let these through */ // TODO: audit log using `username` - throw Boom.forbidden('User does not have permissions for this scope'); + throw Boom.forbidden('User does not have permissions for this owner'); } if (hasAllRequested) { @@ -129,11 +129,11 @@ export class Authorization { // TODO: audit log // TODO: User unauthorized. throw an error. authorizedPrivileges & unauthorizedPrivilages are needed for logging. - throw Boom.forbidden('Not authorized for this scope'); + throw Boom.forbidden('Not authorized for this owner'); } - } else if (!isScopeAvailable) { + } else if (!isOwnerAvailable) { // TODO: throw an error - throw Boom.forbidden('Security is disabled but no scope was found'); + throw Boom.forbidden('Security is disabled but no owner was found'); } // else security is disabled so let the operation proceed @@ -143,46 +143,46 @@ export class Authorization { savedObjectType: string ): Promise<{ filter?: KueryNode; - ensureSavedObjectIsAuthorized: (scope: string) => void; + ensureSavedObjectIsAuthorized: (owner: string) => void; }> { const { securityAuth } = this; if (securityAuth && this.shouldCheckAuthorization()) { - const { authorizedScopes } = await this.getAuthorizedScopes([ReadOperations.Find]); + const { authorizedOwners } = await this.getAuthorizedOwners([ReadOperations.Find]); - if (!authorizedScopes.length) { + if (!authorizedOwners.length) { // TODO: Better error message, log error - throw Boom.forbidden('Not authorized for this scope'); + throw Boom.forbidden('Not authorized for this owner'); } return { - filter: getScopesFilter(savedObjectType, authorizedScopes), - ensureSavedObjectIsAuthorized: (scope: string) => { - if (!authorizedScopes.includes(scope)) { + filter: getOwnersFilter(savedObjectType, authorizedOwners), + ensureSavedObjectIsAuthorized: (owner: string) => { + if (!authorizedOwners.includes(owner)) { // TODO: log error - throw Boom.forbidden('Not authorized for this scope'); + throw Boom.forbidden('Not authorized for this owner'); } }, }; } - return { ensureSavedObjectIsAuthorized: (scope: string) => {} }; + return { ensureSavedObjectIsAuthorized: (owner: string) => {} }; } - private async getAuthorizedScopes( + private async getAuthorizedOwners( operations: Array ): Promise<{ username?: string; hasAllRequested: boolean; - authorizedScopes: string[]; + authorizedOwners: string[]; }> { - const { securityAuth, featureCaseScopes } = this; + const { securityAuth, featureCaseOwners } = this; if (securityAuth && this.shouldCheckAuthorization()) { const checkPrivileges = securityAuth.checkPrivilegesDynamicallyWithRequest(this.request); const requiredPrivileges = new Map(); - for (const scope of featureCaseScopes) { + for (const owner of featureCaseOwners) { for (const operation of operations) { - requiredPrivileges.set(securityAuth.actions.cases.get(scope, operation), [scope]); + requiredPrivileges.set(securityAuth.actions.cases.get(owner, operation), [owner]); } } @@ -193,21 +193,21 @@ export class Authorization { return { hasAllRequested, username, - authorizedScopes: hasAllRequested - ? Array.from(featureCaseScopes) - : privileges.kibana.reduce((authorizedScopes, { authorized, privilege }) => { + authorizedOwners: hasAllRequested + ? Array.from(featureCaseOwners) + : privileges.kibana.reduce((authorizedOwners, { authorized, privilege }) => { if (authorized && requiredPrivileges.has(privilege)) { - const [scope] = requiredPrivileges.get(privilege)!; - authorizedScopes.push(scope); + const [owner] = requiredPrivileges.get(privilege)!; + authorizedOwners.push(owner); } - return authorizedScopes; + return authorizedOwners; }, []), }; } else { return { hasAllRequested: true, - authorizedScopes: Array.from(featureCaseScopes), + authorizedOwners: Array.from(featureCaseOwners), }; } } diff --git a/x-pack/plugins/cases/server/authorization/utils.ts b/x-pack/plugins/cases/server/authorization/utils.ts index e06556326e98b2..b44c94d21fb5ba 100644 --- a/x-pack/plugins/cases/server/authorization/utils.ts +++ b/x-pack/plugins/cases/server/authorization/utils.ts @@ -9,11 +9,11 @@ import { remove, uniq } from 'lodash'; import { nodeBuilder } from '../../../../../src/plugins/data/common'; import { KueryNode } from '../../../../../src/plugins/data/server'; -export const getScopesFilter = (savedObjectType: string, scopes: string[]): KueryNode => { +export const getOwnersFilter = (savedObjectType: string, owners: string[]): KueryNode => { return nodeBuilder.or( - scopes.reduce((query, scope) => { - ensureFieldIsSafeForQuery('scope', scope); - query.push(nodeBuilder.is(`${savedObjectType}.attributes.scope`, scope)); + owners.reduce((query, owner) => { + ensureFieldIsSafeForQuery('owner', owner); + query.push(nodeBuilder.is(`${savedObjectType}.attributes.owner`, owner)); return query; }, []) ); @@ -43,4 +43,4 @@ export const ensureFieldIsSafeForQuery = (field: string, value: string): boolean }; export const includeFieldsRequiredForAuthentication = (fields: string[]): string[] => - uniq([...fields, 'scope']); + uniq([...fields, 'owner']); diff --git a/x-pack/plugins/cases/server/client/cases/create.test.ts b/x-pack/plugins/cases/server/client/cases/create.test.ts index 9ad755725bdb79..bd9f4da2b0131c 100644 --- a/x-pack/plugins/cases/server/client/cases/create.test.ts +++ b/x-pack/plugins/cases/server/client/cases/create.test.ts @@ -45,7 +45,7 @@ describe('create', () => { settings: { syncAlerts: true, }, - scope: 'awesome', + owner: 'awesome', }; const savedObjectsClient = createMockSavedObjectsRepository({ @@ -57,7 +57,7 @@ describe('create', () => { expect(res).toMatchInlineSnapshot(` Object { - "scope": "awesome", + "owner": "awesome", "closed_at": null, "closed_by": null, "comments": Array [], @@ -121,7 +121,7 @@ describe('create', () => { "connector", "settings", ], - "new_value": "{\\"type\\":\\"individual\\",\\"description\\":\\"This is a brand new case of a bad meanie defacing data\\",\\"title\\":\\"Super Bad Security Issue\\",\\"tags\\":[\\"defacement\\"],\\"connector\\":{\\"id\\":\\"123\\",\\"name\\":\\"Jira\\",\\"type\\":\\".jira\\",\\"fields\\":{\\"issueType\\":\\"Task\\",\\"priority\\":\\"High\\",\\"parent\\":null}},\\"settings\\":{\\"syncAlerts\\":true},\\"scope\\":\\"awesome\\"}", + "new_value": "{\\"type\\":\\"individual\\",\\"description\\":\\"This is a brand new case of a bad meanie defacing data\\",\\"title\\":\\"Super Bad Security Issue\\",\\"tags\\":[\\"defacement\\"],\\"connector\\":{\\"id\\":\\"123\\",\\"name\\":\\"Jira\\",\\"type\\":\\".jira\\",\\"fields\\":{\\"issueType\\":\\"Task\\",\\"priority\\":\\"High\\",\\"parent\\":null}},\\"settings\\":{\\"syncAlerts\\":true},\\"owner\\":\\"awesome\\"}", "old_value": null, }, "references": Array [ @@ -151,7 +151,7 @@ describe('create', () => { settings: { syncAlerts: true, }, - scope: 'awesome', + owner: 'awesome', }; const savedObjectsClient = createMockSavedObjectsRepository({ @@ -162,7 +162,7 @@ describe('create', () => { expect(res).toMatchInlineSnapshot(` Object { - "scope": "awesome", + "owner": "awesome", "closed_at": null, "closed_by": null, "comments": Array [], @@ -216,7 +216,7 @@ describe('create', () => { settings: { syncAlerts: true, }, - scope: 'awesome', + owner: 'awesome', }; const savedObjectsClient = createMockSavedObjectsRepository({ @@ -230,7 +230,7 @@ describe('create', () => { expect(res).toMatchInlineSnapshot(` Object { - "scope": "awesome", + "owner": "awesome", "closed_at": null, "closed_by": null, "comments": Array [], @@ -429,7 +429,7 @@ describe('create', () => { settings: { syncAlerts: true, }, - scope: 'awesome', + owner: 'awesome', }; const savedObjectsClient = createMockSavedObjectsRepository({ @@ -458,7 +458,7 @@ describe('create', () => { settings: { syncAlerts: true, }, - scope: 'awesome', + owner: 'awesome', }; const savedObjectsClient = createMockSavedObjectsRepository({ caseSavedObject: mockCases, diff --git a/x-pack/plugins/cases/server/client/cases/create.ts b/x-pack/plugins/cases/server/client/cases/create.ts index 32384227a6f6f9..a03bef06ddb1ad 100644 --- a/x-pack/plugins/cases/server/client/cases/create.ts +++ b/x-pack/plugins/cases/server/client/cases/create.ts @@ -83,7 +83,7 @@ export const create = async ({ try { try { - await auth.ensureAuthorized(query.scope, WriteOperations.Create); + await auth.ensureAuthorized(query.owner, WriteOperations.Create); } catch (error) { // TODO: log error using audit logger throw error; diff --git a/x-pack/plugins/cases/server/client/cases/find.ts b/x-pack/plugins/cases/server/client/cases/find.ts index 97461a40d90f65..8907a7f2dacf1f 100644 --- a/x-pack/plugins/cases/server/client/cases/find.ts +++ b/x-pack/plugins/cases/server/client/cases/find.ts @@ -80,7 +80,7 @@ export const find = async ({ }); for (const theCase of cases.casesMap.values()) { - ensureSavedObjectIsAuthorized(theCase.scope); + ensureSavedObjectIsAuthorized(theCase.owner); } // TODO: Make sure we do not leak information when authorization is on diff --git a/x-pack/plugins/cases/server/routes/api/cases/post_case.test.ts b/x-pack/plugins/cases/server/routes/api/cases/post_case.test.ts index 7c11a15b6a836f..d75dcada0a9638 100644 --- a/x-pack/plugins/cases/server/routes/api/cases/post_case.test.ts +++ b/x-pack/plugins/cases/server/routes/api/cases/post_case.test.ts @@ -46,7 +46,7 @@ describe('POST cases', () => { settings: { syncAlerts: true, }, - scope: 'awesome', + owner: 'awesome', }, }); @@ -86,7 +86,7 @@ describe('POST cases', () => { settings: { syncAlerts: true, }, - scope: 'awesome', + owner: 'awesome', }, }); @@ -120,7 +120,7 @@ describe('POST cases', () => { settings: { syncAlerts: true, }, - scope: 'awesome', + owner: 'awesome', }, }); @@ -146,7 +146,7 @@ describe('POST cases', () => { settings: { syncAlerts: true, }, - scope: 'awesome', + owner: 'awesome', }, }); @@ -180,7 +180,7 @@ describe('POST cases', () => { settings: { syncAlerts: true, }, - scope: 'awesome', + owner: 'awesome', }, }); @@ -196,7 +196,7 @@ describe('POST cases', () => { expect(response.status).toEqual(200); expect(response.payload).toMatchInlineSnapshot(` Object { - "scope": "awesome", + "owner": "awesome", "closed_at": null, "closed_by": null, "comments": Array [], diff --git a/x-pack/plugins/cases/server/saved_object_types/cases.ts b/x-pack/plugins/cases/server/saved_object_types/cases.ts index 02708b80587687..2a260a9bcf2ae4 100644 --- a/x-pack/plugins/cases/server/saved_object_types/cases.ts +++ b/x-pack/plugins/cases/server/saved_object_types/cases.ts @@ -108,10 +108,10 @@ export const caseSavedObjectType: SavedObjectsType = { }, }, }, - title: { + owner: { type: 'keyword', }, - scope: { + title: { type: 'keyword', }, status: { diff --git a/x-pack/plugins/cases/server/saved_object_types/comments.ts b/x-pack/plugins/cases/server/saved_object_types/comments.ts index bba7e6fc524d99..2ba6e2562a5495 100644 --- a/x-pack/plugins/cases/server/saved_object_types/comments.ts +++ b/x-pack/plugins/cases/server/saved_object_types/comments.ts @@ -21,7 +21,7 @@ export const caseCommentSavedObjectType: SavedObjectsType = { comment: { type: 'text', }, - scope: { + owner: { type: 'keyword', }, type: { diff --git a/x-pack/plugins/cases/server/saved_object_types/configure.ts b/x-pack/plugins/cases/server/saved_object_types/configure.ts index 1d525b2a4a7349..98a60ac3959874 100644 --- a/x-pack/plugins/cases/server/saved_object_types/configure.ts +++ b/x-pack/plugins/cases/server/saved_object_types/configure.ts @@ -57,7 +57,7 @@ export const caseConfigureSavedObjectType: SavedObjectsType = { closure_type: { type: 'keyword', }, - scope: { + owner: { type: 'keyword', }, updated_at: { diff --git a/x-pack/plugins/cases/server/saved_object_types/connector_mappings.ts b/x-pack/plugins/cases/server/saved_object_types/connector_mappings.ts index 5ac333c7e9fb7d..16aba01616c3dd 100644 --- a/x-pack/plugins/cases/server/saved_object_types/connector_mappings.ts +++ b/x-pack/plugins/cases/server/saved_object_types/connector_mappings.ts @@ -28,7 +28,7 @@ export const caseConnectorMappingsSavedObjectType: SavedObjectsType = { }, }, }, - scope: { + owner: { type: 'keyword', }, }, diff --git a/x-pack/plugins/cases/server/saved_object_types/migrations.ts b/x-pack/plugins/cases/server/saved_object_types/migrations.ts index b7ba955e295ac8..20a9ed79e1c0e1 100644 --- a/x-pack/plugins/cases/server/saved_object_types/migrations.ts +++ b/x-pack/plugins/cases/server/saved_object_types/migrations.ts @@ -15,7 +15,7 @@ import { AssociationType, ESConnectorFields, } from '../../common/api'; -import { SECURITY_SOLUTION_SCOPE } from '../../common/constants'; +import { SECURITY_SOLUTION_OWNER } from '../../common/constants'; interface UnsanitizedCaseConnector { connector_id: string; @@ -60,17 +60,17 @@ interface SanitizedCaseType { type: string; } -interface SanitizedCaseClass { - scope: string; +interface SanitizedCaseOwner { + owner: string; } -const addScopeToSO = >( +const addOwnerToSO = >( doc: SavedObjectUnsanitizedDoc -): SavedObjectSanitizedDoc => ({ +): SavedObjectSanitizedDoc => ({ ...doc, attributes: { ...doc.attributes, - scope: SECURITY_SOLUTION_SCOPE, + owner: SECURITY_SOLUTION_OWNER, }, references: doc.references || [], }); @@ -131,8 +131,8 @@ export const caseMigrations = { }, '7.13.0': ( doc: SavedObjectUnsanitizedDoc> - ): SavedObjectSanitizedDoc => { - return addScopeToSO(doc); + ): SavedObjectSanitizedDoc => { + return addOwnerToSO(doc); }, }; @@ -158,8 +158,8 @@ export const configureMigrations = { }, '7.13.0': ( doc: SavedObjectUnsanitizedDoc> - ): SavedObjectSanitizedDoc => { - return addScopeToSO(doc); + ): SavedObjectSanitizedDoc => { + return addOwnerToSO(doc); }, }; @@ -204,8 +204,8 @@ export const userActionsMigrations = { }, '7.13.0': ( doc: SavedObjectUnsanitizedDoc> - ): SavedObjectSanitizedDoc => { - return addScopeToSO(doc); + ): SavedObjectSanitizedDoc => { + return addOwnerToSO(doc); }, }; @@ -259,23 +259,23 @@ export const commentsMigrations = { }, '7.13.0': ( doc: SavedObjectUnsanitizedDoc> - ): SavedObjectSanitizedDoc => { - return addScopeToSO(doc); + ): SavedObjectSanitizedDoc => { + return addOwnerToSO(doc); }, }; export const connectorMappingsMigrations = { '7.13.0': ( doc: SavedObjectUnsanitizedDoc> - ): SavedObjectSanitizedDoc => { - return addScopeToSO(doc); + ): SavedObjectSanitizedDoc => { + return addOwnerToSO(doc); }, }; export const subCasesMigrations = { '7.13.0': ( doc: SavedObjectUnsanitizedDoc> - ): SavedObjectSanitizedDoc => { - return addScopeToSO(doc); + ): SavedObjectSanitizedDoc => { + return addOwnerToSO(doc); }, }; diff --git a/x-pack/plugins/cases/server/saved_object_types/sub_case.ts b/x-pack/plugins/cases/server/saved_object_types/sub_case.ts index f7d3264ddd8974..471dfebe74ae1d 100644 --- a/x-pack/plugins/cases/server/saved_object_types/sub_case.ts +++ b/x-pack/plugins/cases/server/saved_object_types/sub_case.ts @@ -47,7 +47,7 @@ export const subCaseSavedObjectType: SavedObjectsType = { }, }, }, - scope: { + owner: { type: 'keyword', }, status: { diff --git a/x-pack/plugins/cases/server/saved_object_types/user_actions.ts b/x-pack/plugins/cases/server/saved_object_types/user_actions.ts index 44c3029bbff1cf..55a79f56f84da9 100644 --- a/x-pack/plugins/cases/server/saved_object_types/user_actions.ts +++ b/x-pack/plugins/cases/server/saved_object_types/user_actions.ts @@ -43,7 +43,7 @@ export const caseUserActionSavedObjectType: SavedObjectsType = { old_value: { type: 'text', }, - scope: { + owner: { type: 'keyword', }, }, diff --git a/x-pack/plugins/security/server/authorization/actions/cases.test.ts b/x-pack/plugins/security/server/authorization/actions/cases.test.ts index 877f59112fd348..3981f49a4fe11d 100644 --- a/x-pack/plugins/security/server/authorization/actions/cases.test.ts +++ b/x-pack/plugins/security/server/authorization/actions/cases.test.ts @@ -20,23 +20,23 @@ describe('#get', () => { ${{}} `(`operation of ${JSON.stringify('$operation')}`, ({ operation }) => { const actions = new CasesActions(version); - expect(() => actions.get('scope', operation)).toThrowErrorMatchingSnapshot(); + expect(() => actions.get('owner', operation)).toThrowErrorMatchingSnapshot(); }); it.each` - scope + owner ${null} ${undefined} ${''} ${1} ${true} ${{}} - `(`scope of ${JSON.stringify('$scope')}`, ({ scope }) => { + `(`owner of ${JSON.stringify('$owner')}`, ({ owner }) => { const actions = new CasesActions(version); - expect(() => actions.get(scope, 'operation')).toThrowErrorMatchingSnapshot(); + expect(() => actions.get(owner, 'operation')).toThrowErrorMatchingSnapshot(); }); - it('returns `cases:${scope}/${operation}`', () => { + it('returns `cases:${owner}/${operation}`', () => { const alertingActions = new CasesActions(version); expect(alertingActions.get('security', 'bar-operation')).toBe( 'cases:1.0.0-zeta1:security/bar-operation' diff --git a/x-pack/plugins/security/server/authorization/actions/cases.ts b/x-pack/plugins/security/server/authorization/actions/cases.ts index 622c732513e031..63955ea9023ed2 100644 --- a/x-pack/plugins/security/server/authorization/actions/cases.ts +++ b/x-pack/plugins/security/server/authorization/actions/cases.ts @@ -14,15 +14,15 @@ export class CasesActions { this.prefix = `cases:${versionNumber}:`; } - public get(scope: string, operation: string): string { + public get(owner: string, operation: string): string { if (!operation || !isString(operation)) { throw new Error('operation is required and must be a string'); } - if (!scope || !isString(scope)) { - throw new Error('scope is required and must be a string'); + if (!owner || !isString(owner)) { + throw new Error('owner is required and must be a string'); } - return `${this.prefix}${scope}/${operation}`; + return `${this.prefix}${owner}/${operation}`; } } diff --git a/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/cases.ts b/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/cases.ts index 3cdbc8278ac719..aacff3082fbca2 100644 --- a/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/cases.ts +++ b/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/cases.ts @@ -19,9 +19,9 @@ export class FeaturePrivilegeCasesBuilder extends BaseFeaturePrivilegeBuilder { privilegeDefinition: FeatureKibanaPrivileges, feature: KibanaFeature ): string[] { - const getCasesPrivilege = (operations: string[], scopes: readonly string[]) => { - return scopes.flatMap((scope) => - operations.map((operation) => this.actions.cases.get(scope, operation)) + const getCasesPrivilege = (operations: string[], owners: readonly string[]) => { + return owners.flatMap((owner) => + operations.map((operation) => this.actions.cases.get(owner, operation)) ); }; diff --git a/x-pack/plugins/security_solution/public/cases/components/create/form_context.tsx b/x-pack/plugins/security_solution/public/cases/components/create/form_context.tsx index e098321829d8aa..6c1abb516dd49c 100644 --- a/x-pack/plugins/security_solution/public/cases/components/create/form_context.tsx +++ b/x-pack/plugins/security_solution/public/cases/components/create/form_context.tsx @@ -84,7 +84,7 @@ export const FormContext: React.FC = ({ connector: connectorToUpdate, settings: { syncAlerts }, // TODO: need to replace this with the value that the plugin registers in the feature registration - scope: 'securitySolution', + owner: 'securitySolution', }); if (afterCaseCreated && updatedCase) { diff --git a/x-pack/plugins/security_solution/public/cases/components/create/schema.tsx b/x-pack/plugins/security_solution/public/cases/components/create/schema.tsx index da475e7046bf25..f5b7d38acde842 100644 --- a/x-pack/plugins/security_solution/public/cases/components/create/schema.tsx +++ b/x-pack/plugins/security_solution/public/cases/components/create/schema.tsx @@ -19,8 +19,8 @@ export const schemaTags = { labelAppend: OptionalFieldLabel, }; -// TODO: remove scope from here? -export type FormProps = Omit & { +// TODO: remove owner from here? +export type FormProps = Omit & { connectorId: string; fields: ConnectorTypeFields['fields']; syncAlerts: boolean;