Add PLI authorisation for Cases Connectors

x-pack/plugins/cases/common/constants/index.ts

@@ -152,6 +152,7 @@ export const READ_CASES_CAPABILITY = 'read_cases' as const;
 export const UPDATE_CASES_CAPABILITY = 'update_cases' as const;
 export const DELETE_CASES_CAPABILITY = 'delete_cases' as const;
 export const PUSH_CASES_CAPABILITY = 'push_cases' as const;
+export const CASES_CONNECTOR_CAPABILITY = 'cases_connector' as const;
 
 /**
  * Cases API Tags

x-pack/plugins/cases/common/ui/types.ts

@@ -286,6 +286,7 @@ export interface CasesPermissions {
   update: boolean;
   delete: boolean;
   push: boolean;
+  connectors: boolean;
 }
 
 export interface CasesCapabilities {

x-pack/plugins/cases/common/utils/capabilities.ts

@@ -6,6 +6,7 @@
  */
 
 import {
+  CASES_CONNECTOR_CAPABILITY,
   CREATE_CASES_CAPABILITY,
   DELETE_CASES_CAPABILITY,
   PUSH_CASES_CAPABILITY,
@@ -23,7 +24,8 @@ export const createUICapabilities = () => ({
     READ_CASES_CAPABILITY,
     UPDATE_CASES_CAPABILITY,
     PUSH_CASES_CAPABILITY,
+    CASES_CONNECTOR_CAPABILITY,
   ] as const,
-  read: [READ_CASES_CAPABILITY] as const,
+  read: [READ_CASES_CAPABILITY, CASES_CONNECTOR_CAPABILITY] as const,
   delete: [DELETE_CASES_CAPABILITY] as const,
 });

x-pack/plugins/cases/public/client/helpers/can_use_cases.ts

@@ -40,8 +40,10 @@ export const canUseCases =
         acc.update = acc.update || userCapabilitiesForOwner.update;
         acc.delete = acc.delete || userCapabilitiesForOwner.delete;
         acc.push = acc.push || userCapabilitiesForOwner.push;
-        const allFromAcc = acc.create && acc.read && acc.update && acc.delete && acc.push;
+        const allFromAcc =
+          acc.create && acc.read && acc.update && acc.delete && acc.push && acc.connectors;
         acc.all = acc.all || userCapabilitiesForOwner.all || allFromAcc;
+        acc.connectors = acc.connectors || userCapabilitiesForOwner.connectors;
 
         return acc;
       },
@@ -52,6 +54,7 @@ export const canUseCases =
         update: false,
         delete: false,
         push: false,
+        connectors: false,
       }
     );
 

x-pack/plugins/cases/public/client/helpers/capabilities.ts

@@ -7,6 +7,7 @@
 
 import type { CasesPermissions } from '../../../common';
 import {
+  CASES_CONNECTOR_CAPABILITY,
   CREATE_CASES_CAPABILITY,
   DELETE_CASES_CAPABILITY,
   PUSH_CASES_CAPABILITY,
@@ -22,7 +23,8 @@ export const getUICapabilities = (
   const update = !!featureCapabilities?.[UPDATE_CASES_CAPABILITY];
   const deletePriv = !!featureCapabilities?.[DELETE_CASES_CAPABILITY];
   const push = !!featureCapabilities?.[PUSH_CASES_CAPABILITY];
-  const all = create && read && update && deletePriv && push;
+  const connectors = !!featureCapabilities?.[CASES_CONNECTOR_CAPABILITY];
+  const all = create && read && update && deletePriv && push && connectors;
 
   return {
     all,
@@ -31,5 +33,6 @@ export const getUICapabilities = (
     update,
     delete: deletePriv,
     push,
+    connectors,
   };
 };

x-pack/plugins/cases/public/common/lib/kibana/hooks.ts

@@ -193,6 +193,7 @@ export const useApplicationCapabilities = (): UseApplicationCapabilities => {
         update: permissions.update,
         delete: permissions.delete,
         push: permissions.push,
+        connectors: permissions.connectors,
       },
       visualize: { crud: !!capabilities.visualize?.save, read: !!capabilities.visualize?.show },
       dashboard: {
@@ -213,6 +214,7 @@ export const useApplicationCapabilities = (): UseApplicationCapabilities => {
       permissions.update,
       permissions.delete,
       permissions.push,
+      permissions.connectors,
     ]
   );
 };

x-pack/plugins/cases/public/common/mock/permissions.ts

@@ -26,6 +26,7 @@ export const buildCasesPermissions = (overrides: Partial<Omit<CasesPermissions,
   const update = overrides.update ?? true;
   const deletePermissions = overrides.delete ?? true;
   const push = overrides.push ?? true;
+  const connectors = overrides.connectors ?? true;
   const all = create && read && update && deletePermissions && push;
 
   return {
@@ -35,6 +36,7 @@ export const buildCasesPermissions = (overrides: Partial<Omit<CasesPermissions,
     update,
     delete: deletePermissions,
     push,
+    connectors,
   };
 };
 

x-pack/plugins/cases/public/components/configure_cases/connectors.tsx

@@ -27,6 +27,7 @@ import { ConnectorTypes } from '../../../common/api';
 import { DeprecatedCallout } from '../connectors/deprecated_callout';
 import { isDeprecatedConnector } from '../utils';
 import { useApplicationCapabilities } from '../../common/lib/kibana';
+import { useCasesContext } from '../cases_context/use_cases_context';
 
 const EuiFormRowExtended = styled(EuiFormRow)`
   .euiFormRow__labelWrapper {
@@ -63,6 +64,8 @@ const ConnectorsComponent: React.FC<Props> = ({
     () => connectors.find((c) => c.id === selectedConnector.id),
     [connectors, selectedConnector.id]
   );
+  const { permissions } = useCasesContext();
+  const hasReadPermissions = permissions.connectors && actions.read;
 
   const connectorsName = connector?.name ?? 'none';
 
@@ -105,7 +108,7 @@ const ConnectorsComponent: React.FC<Props> = ({
         >
           <EuiFlexGroup direction="column">
             <EuiFlexItem grow={false}>
-              {actions.read ? (
+              {hasReadPermissions ? (
                 <ConnectorsDropdown
                   connectors={connectors}
                   disabled={disabled}

x-pack/plugins/cases/public/components/create/connector.tsx

@@ -18,6 +18,7 @@ import { useCaseConfigure } from '../../containers/configure/use_configure';
 import { getConnectorById, getConnectorsFormValidators } from '../utils';
 import { useApplicationCapabilities } from '../../common/lib/kibana';
 import * as i18n from '../../common/translations';
+import { useCasesContext } from '../cases_context/use_cases_context';
 
 interface Props {
   connectors: ActionConnector[];
@@ -30,6 +31,8 @@ const ConnectorComponent: React.FC<Props> = ({ connectors, isLoading, isLoadingC
   const connector = getConnectorById(connectorId, connectors) ?? null;
   const { connector: configurationConnector } = useCaseConfigure();
   const { actions } = useApplicationCapabilities();
+  const { permissions } = useCasesContext();
+  const hasReadPermissions = permissions.connectors && actions.read;
 
   const defaultConnectorId = useMemo(() => {
     return connectors.some((c) => c.id === configurationConnector.id)
@@ -42,7 +45,7 @@ const ConnectorComponent: React.FC<Props> = ({ connectors, isLoading, isLoadingC
     connectors,
   });
 
-  if (!actions.read) {
+  if (!hasReadPermissions) {
     return (
       <EuiText data-test-subj="create-case-connector-permissions-error-msg" size="s">
         <span>{i18n.READ_ACTIONS_PERMISSIONS_ERROR_MSG}</span>

x-pack/plugins/cases/public/components/edit_connector/index.tsx

@@ -21,6 +21,7 @@ import { PushButton } from './push_button';
 import { PushCallouts } from './push_callouts';
 import { ConnectorsForm } from './connectors_form';
 import { ConnectorFieldsPreviewForm } from '../connectors/fields_preview_form';
+import { useCasesContext } from '../cases_context/use_cases_context';
 
 export interface EditConnectorProps {
   caseData: CaseUI;
@@ -45,7 +46,8 @@ export const EditConnector = React.memo(
     const [isEdit, setIsEdit] = useState(false);
 
     const { actions } = useApplicationCapabilities();
-    const hasActionsReadPermissions = actions.read;
+    const { permissions } = useCasesContext();
+    const hasReadPermissions = permissions.connectors && actions.read;
 
     const onEditClick = useCallback(() => setIsEdit(true), []);
     const onCancelConnector = useCallback(() => setIsEdit(false), []);
@@ -102,7 +104,7 @@ export const EditConnector = React.memo(
             <EuiFlexItem grow={false} data-test-subj="connector-edit-header">
               <h4>{i18n.CONNECTORS}</h4>
             </EuiFlexItem>
-            {!isLoading && !isEdit && hasPushPermissions && hasActionsReadPermissions ? (
+            {!isLoading && !isEdit && hasPushPermissions && hasReadPermissions ? (
               <EuiFlexItem data-test-subj="connector-edit" grow={false}>
                 <EuiButtonIcon
                   data-test-subj="connector-edit-button"
@@ -115,7 +117,7 @@ export const EditConnector = React.memo(
           </EuiFlexGroup>
           <EuiHorizontalRule margin="xs" />
           <EuiFlexGroup data-test-subj="edit-connectors" direction="column" alignItems="stretch">
-            {!isLoading && !isEdit && hasErrorMessages && hasActionsReadPermissions && (
+            {!isLoading && !isEdit && hasErrorMessages && hasReadPermissions && (
               <EuiFlexItem data-test-subj="push-callouts">
                 <PushCallouts
                   errorsMsg={errorsMsg}
@@ -125,18 +127,18 @@ export const EditConnector = React.memo(
                 />
               </EuiFlexItem>
             )}
-            {!hasActionsReadPermissions && (
+            {!hasReadPermissions && (
               <EuiText data-test-subj="edit-connector-permissions-error-msg" size="s">
                 <span>{i18n.READ_ACTIONS_PERMISSIONS_ERROR_MSG}</span>
               </EuiText>
             )}
-            {hasActionsReadPermissions && !isEdit && (
+            {hasReadPermissions && !isEdit && (
               <ConnectorFieldsPreviewForm
                 connector={caseActionConnector}
                 fields={caseConnectorFields}
               />
             )}
-            {hasActionsReadPermissions && isEdit && (
+            {hasReadPermissions && isEdit && (
               <ConnectorsForm
                 caseData={caseData}
                 caseConnectors={caseConnectors}
@@ -150,7 +152,7 @@ export const EditConnector = React.memo(
               !isLoading &&
               !isEdit &&
               hasPushPermissions &&
-              hasActionsReadPermissions && (
+              hasReadPermissions && (
                 <EuiFlexItem grow={false}>
                   <span>
                     <PushButton

x-pack/plugins/observability_shared/public/hooks/use_get_user_cases_permissions.tsx

@@ -19,6 +19,7 @@ export function useGetUserCasesPermissions() {
     update: false,
     delete: false,
     push: false,
+    connectors: false,
   });
   const uiCapabilities = useKibana().services.application!.capabilities;
 
@@ -35,6 +36,7 @@ export function useGetUserCasesPermissions() {
       update: casesCapabilities.update,
       delete: casesCapabilities.delete,
       push: casesCapabilities.push,
+      connectors: casesCapabilities.connectors,
     });
   }, [
     casesCapabilities.all,
@@ -43,6 +45,7 @@ export function useGetUserCasesPermissions() {
     casesCapabilities.update,
     casesCapabilities.delete,
     casesCapabilities.push,
+    casesCapabilities.connectors,
   ]);
 
   return casesPermissions;

x-pack/plugins/security_solution/public/cases_test_utils.ts

@@ -63,4 +63,5 @@ export const allCasesPermissions = () => ({
   update: true,
   delete: true,
   push: true,
+  connectors: true,
 });

x-pack/plugins/security_solution/public/common/lib/kibana/hooks.ts

@@ -155,6 +155,7 @@ export const useGetUserCasesPermissions = () => {
     update: false,
     delete: false,
     push: false,
+    connectors: false,
   });
   const uiCapabilities = useKibana().services.application.capabilities;
   const casesCapabilities = useKibana().services.cases.helpers.getUICapabilities(
@@ -169,6 +170,7 @@ export const useGetUserCasesPermissions = () => {
       update: casesCapabilities.update,
       delete: casesCapabilities.delete,
       push: casesCapabilities.push,
+      connectors: casesCapabilities.connectors,
     });
   }, [
     casesCapabilities.all,
@@ -177,6 +179,7 @@ export const useGetUserCasesPermissions = () => {
     casesCapabilities.update,
     casesCapabilities.delete,
     casesCapabilities.push,
+    casesCapabilities.connectors,
   ]);
 
   return casesPermissions;