Small improvements

elastic · Jul 11, 2023 · 72e9d72 · 72e9d72
1 parent a9e3bd5
commit 72e9d72
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 23 deletions.
diff --git a/x-pack/plugins/actions/server/action_type_registry.test.ts b/x-pack/plugins/actions/server/action_type_registry.test.ts
@@ -754,26 +754,6 @@ describe('actionTypeRegistry', () => {
       expect(result).toEqual([]);
     });
 
-    it('should return an empty array if the action type is not a system action but registers kibana privileges', () => {
-      const registry = new ActionTypeRegistry(actionTypeRegistryParams);
-
-      registry.register({
-        id: 'foo',
-        name: 'Foo',
-        minimumLicenseRequired: 'basic',
-        supportedFeatureIds: ['alerting'],
-        validate: {
-          config: { schema: schema.object({}) },
-          secrets: { schema: schema.object({}) },
-          params: { schema: schema.object({}) },
-        },
-        executor,
-      });
-
-      const result = registry.getSystemActionKibanaPrivileges('foo');
-      expect(result).toEqual([]);
-    });
-
     it('should return an empty array if the action type is not a system action but defines kibana privileges', () => {
       const registry = new ActionTypeRegistry(actionTypeRegistryParams);
       const getKibanaPrivileges = jest.fn().mockReturnValue(['test/create']);

diff --git a/x-pack/plugins/actions/server/action_type_registry.ts b/x-pack/plugins/actions/server/action_type_registry.ts
@@ -101,7 +101,7 @@ export class ActionTypeRegistry {
     Boolean(this.actionTypes.get(actionTypeId)?.isSystemActionType);
 
   /**
-   * Returns the kibana privileges of an action type
+   * Returns the kibana privileges of a system action type
    */
   public getSystemActionKibanaPrivileges(
     actionTypeId: string,

diff --git a/x-pack/plugins/actions/server/lib/action_executor.ts b/x-pack/plugins/actions/server/lib/action_executor.ts
@@ -212,9 +212,9 @@ export class ActionExecutor {
         let rawResult: ActionTypeExecutorRawResult<unknown>;
         try {
           /**
-           * Perform additional authorization checks for system actions.
+           * Ensures correct permissions for execution and
+           * performs authorization checks for system actions.
            * It will thrown an error in case of failure.
-           *
            */
           await ensureAuthorizedToExecute({
             params,

diff --git a/x-pack/test/alerting_api_integration/security_and_spaces/group2/tests/actions/execute.ts b/x-pack/test/alerting_api_integration/security_and_spaces/group2/tests/actions/execute.ts
@@ -516,6 +516,12 @@ export default function ({ getService }: FtrProviderContext) {
             });
 
           switch (scenario.id) {
+            /**
+             * The users in these scenarios may have access
+             * to Actions but do not have access to
+             * the system action. They should not be able to
+             * to execute even if they have access to Actions.
+             */
             case 'no_kibana_privileges at space1':
             case 'space_1_all_alerts_none_actions at space1':
             case 'space_1_all at space2':
@@ -529,6 +535,11 @@ export default function ({ getService }: FtrProviderContext) {
                 message: 'Unauthorized to execute actions',
               });
               break;
+            /**
+             * The users in these scenarios have access
+             * to Actions and to the system action. They should be able to
+             * execute.
+             */
             case 'superuser at space1':
             case 'system_actions at space1':
               expect(response.statusCode).to.eql(200);