Hi,
I am using kibana 7.9.1 OSS as base and developing my custom app plugins, and I would be implementing a basic app level RBAC, by hiding the navlinks as per privileges stored in an index for each role/users.
I need to make a privilege settings page where the app or navlinks id would be selected from a list of apps including the Dashboard, Visualizations and assign to any particular role.
I had figured out the process to hide the navlink for any app through updater$ & navLinkStatus, in 7.9.1.
Now i need help to list all app links for the priviledge settings page and to migrate the logic that i used in my legacy plugin similar to the hacks script in my security plugin, example below.
I cannot use xpack as I have to use only OSS.
import _ from 'lodash';
import { parse } from 'url';
import { uiModules } from 'ui/modules';
import uiRoutes from 'ui/routes';
import 'plugins/security/services/access_control';
import 'plugins/security/services/users';
uiModules
.get('kibana', [
'ngRoute'
])
.run((chrome, $q, $route, $rootScope, $window, kbnUrl, SecurityUsers, Notifier) => {
const defaultAppId = chrome.getInjected('kbnDefaultAppId');
const { query, hash, path } = parse($window.location.href, true);
let nextUrl;
if (query.nextUrl) {
nextUrl = query.nextUrl;
} else {
nextUrl = path + (hash || '');
}
const notify = new Notifier({ location: 'Security' });
const restrictAccess = (currentuser, next) => {
if(currentuser.username === 'superadmin') {
return true;
}
const privurls = _.pluck(currentuser.privileges, 'url');
privurls.push('/account');
let authorised = false;
privurls.map(privurl => {
if((next.originalPath && (next.originalPath.startsWith(privurl)) ||
(next.redirectTo && (next.redirectTo.startsWith(privurl)) ||
(next.data && privurl.startsWith(next.data.parenturl))))) authorised = true;
});
return authorised;
};
let promise;
if($rootScope.currentuser) {
promise = $q.when($rootScope.currentuser);
} else {
promise = SecurityUsers.getLoggedInUser().$promise;
}
$rootScope.$on('$routeChangeStart', function (event, next) {
const { hash } = parse($window.location.href);
const prevUrl = hash ? hash.split('?')[0].slice(1) : `/${defaultAppId}`;
promise.then(function (currentuser) {
if (currentuser) {
$rootScope.currentuser = currentuser;
if (!restrictAccess($rootScope.currentuser, next)) {
notify.error('Unauthorised access');
event.preventDefault();
if (prevUrl === next.originalPath) {
kbnUrl.redirect(`/${defaultAppId}`);
}
}
}
});
});
promise
.then(
(currentuser) => {
if (currentuser) {
$rootScope.currentuser = currentuser;
const appPriv = _.pluck(_.filter(currentuser.privileges, { 'type': 'app', }), 'id');
chrome.getNavLinks().map(navlink => {
if(appPriv.indexOf(navlink.id) >=0) {
chrome.getNavLinkById(navlink.id).hidden = false;
} else {
chrome.getNavLinkById(navlink.id).hidden = true;
}
});
}
}, (error) => {
});
});