From 47e10e4d81ca193028297868beb9eaaced1c00dc Mon Sep 17 00:00:00 2001 From: Yulong Ruan Date: Fri, 15 Sep 2023 13:06:41 +0800 Subject: [PATCH] refactor: remove dashboard admin implementation (#159) Signed-off-by: Yulong Ruan --- config/opensearch_dashboards.yml | 4 --- src/plugins/workspace/config.ts | 12 ------- .../workspace_saved_objects_client_wrapper.ts | 35 +------------------ 3 files changed, 1 insertion(+), 50 deletions(-) diff --git a/config/opensearch_dashboards.yml b/config/opensearch_dashboards.yml index 7513dd51a484..9c6c040433b4 100644 --- a/config/opensearch_dashboards.yml +++ b/config/opensearch_dashboards.yml @@ -273,7 +273,3 @@ # Set the value of this setting to true to enable plugin augmentation on Dashboard # vis_augmenter.pluginAugmentationEnabled: true - -# Set the backend roles, whoever has the backend roles defined in this config will be regard as dashboard admin. -# Dashboard admin will have the access to all the workspaces and objects inside OpenSearch Dashboards. -# workspace.dashboardAdmin.backendRoles: ["dashboard_admin"] diff --git a/src/plugins/workspace/config.ts b/src/plugins/workspace/config.ts index 6fc163b67e45..79412f5c02ee 100644 --- a/src/plugins/workspace/config.ts +++ b/src/plugins/workspace/config.ts @@ -7,18 +7,6 @@ import { schema, TypeOf } from '@osd/config-schema'; export const configSchema = schema.object({ enabled: schema.boolean({ defaultValue: false }), - dashboardAdmin: schema.object( - { - backendRoles: schema.arrayOf(schema.string(), { - defaultValue: ['dashboard_admin'], - }), - }, - { - defaultValue: { - backendRoles: ['dashboard_admin'], - }, - } - ), }); export type ConfigSchema = TypeOf; diff --git a/src/plugins/workspace/server/saved_objects/workspace_saved_objects_client_wrapper.ts b/src/plugins/workspace/server/saved_objects/workspace_saved_objects_client_wrapper.ts index 7da3e7977c8a..eb255eb72771 100644 --- a/src/plugins/workspace/server/saved_objects/workspace_saved_objects_client_wrapper.ts +++ b/src/plugins/workspace/server/saved_objects/workspace_saved_objects_client_wrapper.ts @@ -4,8 +4,6 @@ */ import { i18n } from '@osd/i18n'; -import { Observable } from 'rxjs'; -import { first } from 'rxjs/operators'; import { OpenSearchDashboardsRequest, @@ -31,7 +29,6 @@ import { SavedObjectsDeleteByWorkspaceOptions, SavedObjectsErrorHelpers, } from '../../../../core/server'; -import { ConfigSchema } from '../../config'; import { WorkspaceFindOptions } from '../types'; // Can't throw unauthorized for now, the page will be refreshed if unauthorized @@ -55,7 +52,6 @@ const generateSavedObjectsPermissionError = () => ); export class WorkspaceSavedObjectsClientWrapper { - private config?: ConfigSchema; private formatWorkspacePermissionModeToStringArray( permission: WorkspacePermissionMode | WorkspacePermissionMode[] ): string[] { @@ -128,14 +124,6 @@ export class WorkspaceSavedObjectsClientWrapper { return false; } - private isDashboardAdmin(request: OpenSearchDashboardsRequest): boolean { - const config = this.config || ({} as ConfigSchema); - const principals = this.permissionControl.getPrincipalsFromRequest(request); - const adminBackendRoles = config?.dashboardAdmin?.backendRoles || []; - const matchAny = principals?.groups?.some((item) => adminBackendRoles.includes(item)) || false; - return matchAny; - } - /** * check if the type include workspace * Workspace permission check is totally different from object permission check. @@ -463,12 +451,6 @@ export class WorkspaceSavedObjectsClientWrapper { return await wrapperOptions.client.deleteByWorkspace(workspace, options); }; - const isDashboardAdmin = this.isDashboardAdmin(wrapperOptions.request); - - if (isDashboardAdmin) { - return wrapperOptions.client; - } - return { ...wrapperOptions.client, get: getWithWorkspacePermissionControl, @@ -488,20 +470,5 @@ export class WorkspaceSavedObjectsClientWrapper { }; }; - constructor( - private readonly permissionControl: SavedObjectsPermissionControlContract, - private readonly options: { - config$: Observable; - } - ) { - this.options.config$.subscribe((config) => { - this.config = config; - }); - this.options.config$ - .pipe(first()) - .toPromise() - .then((config) => { - this.config = config; - }); - } + constructor(private readonly permissionControl: SavedObjectsPermissionControlContract) {} }