diff --git a/docs/user/security/audit-logging.asciidoc b/docs/user/security/audit-logging.asciidoc index 5f6fe746814e5..c6a3929130073 100644 --- a/docs/user/security/audit-logging.asciidoc +++ b/docs/user/security/audit-logging.asciidoc @@ -248,6 +248,10 @@ Refer to the corresponding {es} logs for potential write errors. | `success` | User has accessed an alert as part of a search operation. | `failure` | User is not authorized to access alerts. +.2+| `case_bulk_get` +| `success` | User has accessed multiple case. +| `failure` | User is not authorized to access multiple case. + 3+a| ===== Category: web diff --git a/x-pack/plugins/cases/server/authorization/authorization.ts b/x-pack/plugins/cases/server/authorization/authorization.ts index 26f81c736580c..e777ac21cbb22 100644 --- a/x-pack/plugins/cases/server/authorization/authorization.ts +++ b/x-pack/plugins/cases/server/authorization/authorization.ts @@ -122,7 +122,7 @@ export class Authorization { /** * - * Returns all authorized entities for an operation. It throws if the user is not authorized + * Returns all authorized entities for an operation. It throws error if the user is not authorized * to any of the owners * * @param entities an array of entities describing the case owners in conjunction with the saved object ID attempting diff --git a/x-pack/plugins/cases/server/authorization/utils.test.ts b/x-pack/plugins/cases/server/authorization/utils.test.ts index 4be644be6b974..d48d2331c3b06 100644 --- a/x-pack/plugins/cases/server/authorization/utils.test.ts +++ b/x-pack/plugins/cases/server/authorization/utils.test.ts @@ -287,5 +287,18 @@ describe('utils', () => { const res = getAuthorizedAndUnauthorizedSavedObjects(cases, authorizedEntities); expect(res).toEqual([[{ id: '1' }], [{ id: '2' }, { id: '3' }]]); }); + + it('partitions authorized and unauthorized cases correctly when there are not authorized entities', () => { + const cases = [{ id: '1' }, { id: '2' }, { id: '3' }] as unknown as SavedObject[]; + + const res = getAuthorizedAndUnauthorizedSavedObjects(cases, []); + expect(res).toEqual([[], cases]); + }); + + it('partitions authorized and unauthorized cases correctly when there are no saved objects', () => { + const authorizedEntities = [{ id: '1', owner: 'cases' }]; + const res = getAuthorizedAndUnauthorizedSavedObjects([], authorizedEntities); + expect(res).toEqual([[], []]); + }); }); }); diff --git a/x-pack/plugins/cases/server/client/cases/bulk_get.ts b/x-pack/plugins/cases/server/client/cases/bulk_get.ts index 02ec8320901ee..4132386b97391 100644 --- a/x-pack/plugins/cases/server/client/cases/bulk_get.ts +++ b/x-pack/plugins/cases/server/client/cases/bulk_get.ts @@ -59,8 +59,8 @@ export const bulkGet = async ( fold(throwErrors(Boom.badRequest), identity) ); - throwIfCaseIdsReachTheLimit(request.ids); - throwIfFieldsAreInvalid(fields); + throwErrorIfCaseIdsReachTheLimit(request.ids); + throwErrorIfFieldsAreInvalid(fields); const finalFields = fields?.length ? [...fields, 'id', 'version'] : fields; const cases = await caseService.getCases({ caseIds: request.ids, fields: finalFields }); @@ -134,7 +134,7 @@ export const bulkGet = async ( } }; -const throwIfFieldsAreInvalid = (fields?: string[]) => { +const throwErrorIfFieldsAreInvalid = (fields?: string[]) => { if (!fields || fields.length === 0) { return; } @@ -149,7 +149,7 @@ const throwIfFieldsAreInvalid = (fields?: string[]) => { } }; -const throwIfCaseIdsReachTheLimit = (ids: string[]) => { +const throwErrorIfCaseIdsReachTheLimit = (ids: string[]) => { if (ids.length > MAX_BULK_GET_CASES) { throw Boom.badRequest(`Maximum request limit of ${MAX_BULK_GET_CASES} cases reached`); } diff --git a/x-pack/plugins/cases/server/client/cases/client.ts b/x-pack/plugins/cases/server/client/cases/client.ts index 03cb39ce57697..8ce855d07f6e8 100644 --- a/x-pack/plugins/cases/server/client/cases/client.ts +++ b/x-pack/plugins/cases/server/client/cases/client.ts @@ -62,7 +62,7 @@ export interface CasesSubClient { */ resolve(params: GetParams): Promise; /** - * Retrieves a single case with the specified ID. + * Retrieves multiple cases with the specified IDs. */ bulkGet(params: CasesBulkGetRequest): Promise; /**