-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution] Disable ML rule's edit button link under basic license #143260
[Security Solution] Disable ML rule's edit button link under basic license #143260
Conversation
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
Pinging @elastic/security-solution (Team: SecuritySolution) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall, the changes look good to me. Thanks for fixing this bug, @maximpn 👍
Added some minor suggestions to consider.
...k/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx
Outdated
Show resolved
Hide resolved
...k/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx
Outdated
Show resolved
Hide resolved
...k/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx
Outdated
Show resolved
Hide resolved
...k/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx
Outdated
Show resolved
Hide resolved
8564c29
to
d42c47c
Compare
9ba2931
to
83b355e
Compare
0f94dcc
to
7230f9f
Compare
@elasticmachine merge upstream |
598af98
to
70c3a51
Compare
@elasticmachine merge upstream |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, I had to add a couple more comments 🙂
Thanks for addressing my previous ones, BTW!
@@ -68,7 +68,7 @@ const useEnabledColumn = ({ hasPermissions }: ColumnsProps): TableColumn => { | |||
render: (_, rule: Rule) => ( | |||
<EuiToolTip | |||
position="top" | |||
content={getToolTipContent(rule, hasMlPermissions, hasActionsPrivileges)} | |||
content={getToolTipContent(rule, hasMlPermissions, hasActionsPrivileges, true)} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could we pass an actual canUserCRUD
value here instead of the hardcoded true
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sure
@@ -96,7 +96,7 @@ const RuleActionsOverflowComponent = ({ | |||
> | |||
<EuiToolTip | |||
position="left" | |||
content={getToolTipContent(rule, true, canDuplicateRuleWithActions)} | |||
content={getToolTipContent(rule, true, canDuplicateRuleWithActions, true)} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could we pass an actual canUserCRUD
value here instead of the hardcoded true
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
getToolTipContent()
is used as a utility function here. It can be simplified though full privileges refactoring will be much better.
ev.preventDefault(); | ||
navigateToApp(APP_UI_ID, { | ||
deepLinkId: SecurityPageName.rules, | ||
path: getEditRuleUrl(ruleId ?? ''), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: ruleId
is not nullable.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks
iconType="controlsHorizontal" | ||
isDisabled={disabled} | ||
deepLinkId={SecurityPageName.rules} | ||
path={getEditRuleUrl(ruleId ?? '')} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: ruleId
is not nullable.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks
): string | undefined => { | ||
if (rule == null) { | ||
return undefined; | ||
} else if (isMlRule(rule.type) && !hasMlPermissions) { | ||
return detectionI18n.ML_RULES_DISABLED_MESSAGE; | ||
} else if (!canEditRuleWithActions(rule, hasReadActionsPrivileges)) { | ||
return i18n.EDIT_RULE_SETTINGS_TOOLTIP; | ||
return i18n.LACK_OF_KIBANA_PRIVILEGES; | ||
} else if (canUserCRUD !== null && !canUserCRUD) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's use the userHasPermissions(canUserCRUD)
helper here.
@@ -484,13 +484,20 @@ export const EDIT_RULE_SETTINGS = i18n.translate( | |||
} | |||
); | |||
|
|||
export const EDIT_RULE_SETTINGS_TOOLTIP = i18n.translate( | |||
'xpack.securitySolution.detectionEngine.rules.allRules.actions.editRuleSettingsToolTip', | |||
export const LACK_OF_KIBANA_PRIVILEGES = i18n.translate( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for renaming this constant! For more clarity, I'd propose to name it more specific, like LACK_OF_KIBANA_ACTIONS_FEATURE_PRIVILEGES
, as Kibana privileges is a broader term that includes many different features, including actions, security, etc.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sounds good, thanks
{ | ||
defaultMessage: 'You do not have Kibana Actions privileges', | ||
} | ||
); | ||
|
||
export const LACK_OF_RULE_EDITING_PRIVILEGES = i18n.translate( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LACK_OF_KIBANA_SECURITY_FEATURE_PRIVILEGES
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks
export const LACK_OF_RULE_EDITING_PRIVILEGES = i18n.translate( | ||
'xpack.securitySolution.detectionEngine.rules.allRules.actions.lackOfRuleEditingPrivileges', | ||
{ | ||
defaultMessage: 'You do not have rule editing privileges', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It would be better to rephrase this line like "You do not have Kibana Security privileges" for consistency with the documentation and the Kibana feature privileges UI.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sounds good, thanks
1746361
to
60db907
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks for addressing my comments 👍
527c76f
to
41403c4
Compare
@elasticmachine merge upstream |
💚 Build Succeeded
Metrics [docs]Module Count
Async chunks
History
To update your PR or re-run it, just comment with: cc @maximpn |
@banderror I've created an issue #143812 to address your comment. |
💔 All backports failed
Manual backportTo create the backport manually run:
Questions ?Please refer to the Backport tool documentation |
@maximpn you shouldn't backport it to 8.5, it's too late. |
* main: (57 commits) [Files] Filepicker (elastic#143111) [Infrastructure UI] Replace Lens table with EUI table and own api (elastic#142871) [api-docs] Daily api_docs build (elastic#143829) [api-docs] Daily api_docs build (elastic#143825) [api-docs] Daily api_docs build (elastic#143823) [Security Solution] Restructuring folders of Detection Engine + refactoring Rule Management (elastic#142950) [Dev tools] Fix performance issue with autocomplete suggestions (elastic#143428) [Security Solution] Disable ML rule's edit button link under basic license (elastic#143260) [Lens] Use the language-documentation package for formula (elastic#143649) [api-docs] Daily api_docs build (elastic#143811) [Security Solution] Fix missing title on inspect pop-up (elastic#143601) fix incorrect filters being passed to events table causing duplicate entries in our inpsect tool request tab (elastic#143239) [Security Solution][Endpoint] `get-file` response action kibana download file API (elastic#143708) Rely on refresh context to update stats independently of overview cards. (elastic#143308) [RAM] Rule event log - Fix incorrect results when filtering by message and outcome simultaneously (elastic#143119) [ML] Display link to create data view from error cases in data frame analytics results pages (elastic#143596) Update links in README :) (elastic#143675) Add more tests for ml_inference_logic (elastic#143764) skip failing test suite (elastic#143717) [DOCS] Add assignees to case APIs (elastic#143610) ...
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
…cense (elastic#143260) **Resolves:** [elastic#139796](elastic#139796) ## Summary It disables ML rule's edit button link under the basic license. ## Details ML rules aren't available under the basic license but installable from the prebuilt rules. Having an active edit button makes the UX inconsistent. Disabling such a button under the basic license for ML rules improves UX though doesn't block a user from opening the rule editing page from the address bar. Before: https://user-images.githubusercontent.com/3775283/195552179-525f0423-3a62-4ab5-b1ef-0f5cafe2286e.mov After: https://user-images.githubusercontent.com/3775283/195551540-b95fabeb-4e50-4a26-ae42-1a72f53573dc.mov ### Checklist - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [x] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [x] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) (cherry picked from commit a670c7f) # Conflicts: # x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx
…cense (#143260) (#144723) **Resolves:** [#139796](#139796) ## Summary It disables ML rule's edit button link under the basic license. ## Details ML rules aren't available under the basic license but installable from the prebuilt rules. Having an active edit button makes the UX inconsistent. Disabling such a button under the basic license for ML rules improves UX though doesn't block a user from opening the rule editing page from the address bar. Before: https://user-images.githubusercontent.com/3775283/195552179-525f0423-3a62-4ab5-b1ef-0f5cafe2286e.mov After: https://user-images.githubusercontent.com/3775283/195551540-b95fabeb-4e50-4a26-ae42-1a72f53573dc.mov ### Checklist - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [x] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [x] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) (cherry picked from commit a670c7f) # Conflicts: # x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx
Resolves: #139796
Summary
It disables ML rule's edit button link under the basic license.
Details
ML rules aren't available under the basic license but installable from the prebuilt rules. Having an active edit button makes the UX inconsistent. Disabling such a button under the basic license for ML rules improves UX though doesn't block a user from opening the rule editing page from the address bar.
Before:
Screen.Recording.2022-10-13.at.11.59.02.mov
After:
Screen.Recording.2022-10-13.at.11.56.25.mov
Checklist