From 1c3f161b68d1dc0b092e923ac1132d5bcaeda700 Mon Sep 17 00:00:00 2001 From: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Date: Tue, 10 Dec 2024 02:43:02 +1100 Subject: [PATCH] [8.17] Enhance access query logic to handle user ID and name conditions (#202833) (#202929) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit # Backport This will backport the following commits from `main` to `8.17`: - [Enhance access query logic to handle user ID and name conditions (#202833)](https://github.com/elastic/kibana/pull/202833) ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) Co-authored-by: Arturo Lidueña Co-authored-by: Søren Louv-Jansen --- .../server/service/util/get_access_query.ts | 27 ++++++++++++++----- 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/util/get_access_query.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/util/get_access_query.ts index 6b654731a264..b517273630f5 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/util/get_access_query.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/util/get_access_query.ts @@ -17,12 +17,7 @@ export function getAccessQuery({ filter: [ { bool: { - should: [ - { term: { public: true } }, - ...(user - ? [{ term: user.id ? { 'user.id': user.id } : { 'user.name': user.name } }] - : []), - ], + should: [{ term: { public: true } }, ...getUserAccessFilters(user)], minimum_should_match: 1, }, }, @@ -51,3 +46,23 @@ export function getAccessQuery({ }, ]; } + +function getUserAccessFilters(user?: { name: string; id?: string }) { + if (!user) { + return []; + } + + if (user.id) { + return [ + { term: { 'user.id': user.id } }, + { + bool: { + must_not: { exists: { field: 'user.id' } }, + must: { term: { 'user.name': user.name } }, + }, + }, + ]; + } + + return [{ term: { 'user.name': user.name } }]; +}