Need Help with kibana Plugin development

vehere-ccu3 · December 3, 2020, 6:22am

Hi,

I am using kibana 7.9.1 OSS as base and developing my custom app plugins, and I would be implementing a basic app level RBAC, by hiding the navlinks as per privileges stored in an index for each role/users.
I need to make a privilege settings page where the app or navlinks id would be selected from a list of apps including the Dashboard, Visualizations and assign to any particular role.

I had figured out the process to hide the navlink for any app through updater$ & navLinkStatus, in 7.9.1.

Now i need help to list all app links for the priviledge settings page and to migrate the logic that i used in my legacy plugin similar to the hacks script in my security plugin, example below.

I cannot use xpack as I have to use only OSS.

    import _ from 'lodash';
    import { parse } from 'url';
    import { uiModules } from 'ui/modules';
    import uiRoutes from 'ui/routes';
    import 'plugins/security/services/access_control';
    import 'plugins/security/services/users';

    uiModules
      .get('kibana', [
        'ngRoute'
      ])
      .run((chrome, $q, $route, $rootScope, $window, kbnUrl, SecurityUsers, Notifier) => {
        const defaultAppId = chrome.getInjected('kbnDefaultAppId');
        const { query, hash, path } = parse($window.location.href, true);
        let nextUrl;
        if (query.nextUrl) {
          nextUrl = query.nextUrl;
        } else {
          nextUrl = path + (hash || '');
        }
        const notify = new Notifier({ location: 'Security' });
        const restrictAccess = (currentuser, next) => {
          if(currentuser.username === 'superadmin') {
            return true;
          }
          const privurls = _.pluck(currentuser.privileges, 'url');
          privurls.push('/account');
          let authorised = false;
          privurls.map(privurl => {
            if((next.originalPath && (next.originalPath.startsWith(privurl)) ||
              (next.redirectTo && (next.redirectTo.startsWith(privurl)) ||
              (next.data && privurl.startsWith(next.data.parenturl))))) authorised = true;
          });
          return authorised;
        };
        let promise;
        if($rootScope.currentuser) {
          promise = $q.when($rootScope.currentuser);
        } else {
          promise = SecurityUsers.getLoggedInUser().$promise;
        }
        $rootScope.$on('$routeChangeStart', function (event, next) {
          const { hash } = parse($window.location.href);
          const prevUrl = hash ? hash.split('?')[0].slice(1) : `/${defaultAppId}`;

          promise.then(function (currentuser) {
            if (currentuser) {
              $rootScope.currentuser = currentuser;
              if (!restrictAccess($rootScope.currentuser, next)) {
                notify.error('Unauthorised access');
                event.preventDefault();
                if (prevUrl === next.originalPath) {
                  kbnUrl.redirect(`/${defaultAppId}`);
                }
              }
            }
          });
        });

        promise
          .then(
            (currentuser) => {
              if (currentuser) {
                $rootScope.currentuser = currentuser;
                const appPriv = _.pluck(_.filter(currentuser.privileges, { 'type': 'app', }), 'id');
                chrome.getNavLinks().map(navlink => {
                  if(appPriv.indexOf(navlink.id) >=0) {
                    chrome.getNavLinkById(navlink.id).hidden = false;
                  } else {
                    chrome.getNavLinkById(navlink.id).hidden = true;
                  }
                });
              }

            }, (error) => {
            });
      });

dosant · December 3, 2020, 1:05pm

Hi @vehere-ccu3,

To get a list of all registered apps you can use applications$ observables exposed by CoreStart core.application.applications$ https://github.com/elastic/kibana/blob/master/docs/development/core/public/kibana-plugin-core-public.applicationstart.applications_.md
To subscribe to an app change you can use core.application.currentAppId$ https://github.com/elastic/kibana/blob/master/docs/development/core/public/kibana-plugin-core-public.applicationstart.currentappid_.md . You can check if user has access to that app and if not, then navigate him away using core.application.navigateToApp() https://github.com/elastic/kibana/blob/master/docs/development/core/public/kibana-plugin-core-public.applicationstart.navigatetoapp.md

system · December 31, 2020, 1:05pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.