From 0351155af9646d2d75a49394db0c3f36d5cac538 Mon Sep 17 00:00:00 2001
From: Sriram <59816283+skkosuri-amzn@users.noreply.github.com>
Date: Fri, 14 Jan 2022 18:36:51 -0800
Subject: [PATCH] Bug fix for  : Admin Users must be able to access all
 monitors #139 (#280)

Signed-off-by: skkosuri-amzn <skkosuri@amazon.com>
---
 .../transport/SecureTransportAction.kt        |  4 +++-
 .../resthandler/SecureMonitorRestApiIT.kt     | 19 +++++++++++++++++++
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/alerting/src/main/kotlin/org/opensearch/alerting/transport/SecureTransportAction.kt b/alerting/src/main/kotlin/org/opensearch/alerting/transport/SecureTransportAction.kt
index 555245b45..d5303fc18 100644
--- a/alerting/src/main/kotlin/org/opensearch/alerting/transport/SecureTransportAction.kt
+++ b/alerting/src/main/kotlin/org/opensearch/alerting/transport/SecureTransportAction.kt
@@ -86,6 +86,8 @@ interface SecureTransportAction {
                     )
                 )
                 return false
+            } else if (isAdmin(user)) {
+                return true
             } else if (user.backendRoles.isNullOrEmpty()) {
                 actionListener.onFailure(
                     AlertingException.wrap(
@@ -112,7 +114,7 @@ interface SecureTransportAction {
         resourceId: String
     ): Boolean {
 
-        if (!filterByEnabled) return true
+        if (!doFilterForUser(requesterUser)) return true
 
         val resourceBackendRoles = resourceUser?.backendRoles
         val requesterBackendRoles = requesterUser?.backendRoles
diff --git a/alerting/src/test/kotlin/org/opensearch/alerting/resthandler/SecureMonitorRestApiIT.kt b/alerting/src/test/kotlin/org/opensearch/alerting/resthandler/SecureMonitorRestApiIT.kt
index 44b1617d3..cc46caa71 100644
--- a/alerting/src/test/kotlin/org/opensearch/alerting/resthandler/SecureMonitorRestApiIT.kt
+++ b/alerting/src/test/kotlin/org/opensearch/alerting/resthandler/SecureMonitorRestApiIT.kt
@@ -509,6 +509,25 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() {
             )
             assertEquals("Search monitor failed", RestStatus.OK, adminSearchResponse.restStatus())
             assertEquals("Monitor not found during search", 1, getDocs(adminSearchResponse))
+
+            // get as "admin" - must get 1 docs
+            val id: String = monitorJson["_id"] as String
+            val adminGetResponse = client().makeRequest(
+                "GET",
+                "$ALERTING_BASE_URI/$id",
+                emptyMap(),
+                NStringEntity(search, ContentType.APPLICATION_JSON)
+            )
+            assertEquals("Get monitor failed", RestStatus.OK, adminGetResponse.restStatus())
+
+            // delete as "admin"
+            val adminDeleteResponse = client().makeRequest(
+                "DELETE",
+                "$ALERTING_BASE_URI/$id",
+                emptyMap(),
+                NStringEntity(search, ContentType.APPLICATION_JSON)
+            )
+            assertEquals("Delete monitor failed", RestStatus.OK, adminGetResponse.restStatus())
         } finally {
             deleteRoleMapping("hr_role")
             deleteRole("hr_role")