PR feedback

docs/user/security/audit-logging.asciidoc

@@ -248,6 +248,10 @@ Refer to the corresponding {es} logs for potential write errors.
 | `success` | User has accessed an alert as part of a search operation.
 | `failure` | User is not authorized to access alerts.
 
+.2+| `case_bulk_get`
+| `success` | User has accessed multiple case.
+| `failure` | User is not authorized to access multiple case.
+
 3+a|
 ===== Category: web
 

x-pack/plugins/cases/server/authorization/authorization.ts

@@ -122,7 +122,7 @@ export class Authorization {
 
   /**
    *
-   * Returns all authorized entities for an operation. It throws if the user is not authorized
+   * Returns all authorized entities for an operation. It throws error if the user is not authorized
    * to any of the owners
    *
    * @param entities an array of entities describing the case owners in conjunction with the saved object ID attempting

x-pack/plugins/cases/server/authorization/utils.test.ts

@@ -287,5 +287,18 @@ describe('utils', () => {
       const res = getAuthorizedAndUnauthorizedSavedObjects(cases, authorizedEntities);
       expect(res).toEqual([[{ id: '1' }], [{ id: '2' }, { id: '3' }]]);
     });
+
+    it('partitions authorized and unauthorized cases correctly when there are not authorized entities', () => {
+      const cases = [{ id: '1' }, { id: '2' }, { id: '3' }] as unknown as SavedObject[];
+
+      const res = getAuthorizedAndUnauthorizedSavedObjects(cases, []);
+      expect(res).toEqual([[], cases]);
+    });
+
+    it('partitions authorized and unauthorized cases correctly when there are no saved objects', () => {
+      const authorizedEntities = [{ id: '1', owner: 'cases' }];
+      const res = getAuthorizedAndUnauthorizedSavedObjects([], authorizedEntities);
+      expect(res).toEqual([[], []]);
+    });
   });
 });

x-pack/plugins/cases/server/client/cases/bulk_get.ts

@@ -59,8 +59,8 @@ export const bulkGet = async (
       fold(throwErrors(Boom.badRequest), identity)
     );
 
-    throwIfCaseIdsReachTheLimit(request.ids);
-    throwIfFieldsAreInvalid(fields);
+    throwErrorIfCaseIdsReachTheLimit(request.ids);
+    throwErrorIfFieldsAreInvalid(fields);
 
     const finalFields = fields?.length ? [...fields, 'id', 'version'] : fields;
     const cases = await caseService.getCases({ caseIds: request.ids, fields: finalFields });
@@ -134,7 +134,7 @@ export const bulkGet = async (
   }
 };
 
-const throwIfFieldsAreInvalid = (fields?: string[]) => {
+const throwErrorIfFieldsAreInvalid = (fields?: string[]) => {
   if (!fields || fields.length === 0) {
     return;
   }
@@ -149,7 +149,7 @@ const throwIfFieldsAreInvalid = (fields?: string[]) => {
   }
 };
 
-const throwIfCaseIdsReachTheLimit = (ids: string[]) => {
+const throwErrorIfCaseIdsReachTheLimit = (ids: string[]) => {
   if (ids.length > MAX_BULK_GET_CASES) {
     throw Boom.badRequest(`Maximum request limit of ${MAX_BULK_GET_CASES} cases reached`);
   }

x-pack/plugins/cases/server/client/cases/client.ts

@@ -62,7 +62,7 @@ export interface CasesSubClient {
    */
   resolve(params: GetParams): Promise<ICaseResolveResponse>;
   /**
-   * Retrieves a single case with the specified ID.
+   * Retrieves multiple cases with the specified IDs.
    */
   bulkGet(params: CasesBulkGetRequest): Promise<ICasesBulkGetResponse>;
   /**