[Fleet] Do not enable uninstall command link without Agents:All (#195185

)
elastic · Oct 7, 2024 · 3c1c646 · 3c1c646
1 parent 95d01cd
commit 3c1c646
Show file tree

Hide file tree

Showing 2 changed files with 66 additions and 12 deletions.
diff --git a/...pplications/fleet/sections/agent_policy/components/agent_policy_advanced_fields/index.tsx b/...pplications/fleet/sections/agent_policy/components/agent_policy_advanced_fields/index.tsx
@@ -28,6 +28,8 @@ import {
 import { FormattedMessage } from '@kbn/i18n-react';
 import { i18n } from '@kbn/i18n';
 
+import { MissingPrivilegesToolTip } from '../../../../../../components/missing_privileges_tooltip';
+
 import {
   LEGACY_AGENT_POLICY_SAVED_OBJECT_TYPE,
   dataTypes,
@@ -42,6 +44,7 @@ import {
   useUIExtension,
   useLink,
   useFleetStatus,
+  useAuthz,
 } from '../../../../hooks';
 
 import { AgentPolicyPackageBadge } from '../../../../components';
@@ -59,7 +62,6 @@ import {
   DEFAULT_SELECT_VALUE,
   useFleetServerHostsOptions,
 } from './hooks';
-
 import { CustomFields } from './custom_fields';
 import { SpaceSelector } from './space_selector';
 import { AgentPolicyAdvancedMonitoringOptions } from './advanced_monitoring';
@@ -87,6 +89,7 @@ export const AgentPolicyAdvancedOptionsContent: React.FunctionComponent<Props> =
     'endpoint-agent-tamper-protection'
   );
   const config = useConfig();
+  const authz = useAuthz();
   const maxAgentPoliciesWithInactivityTimeout =
     config.developer?.maxAgentPoliciesWithInactivityTimeout ??
     DEFAULT_MAX_AGENT_POLICIES_WITH_INACTIVITY_TIMEOUT;
@@ -179,22 +182,40 @@ export const AgentPolicyAdvancedOptionsContent: React.FunctionComponent<Props> =
         {agentPolicy.id && (
           <>
             <EuiSpacer size="s" />
-            <EuiLink
-              onClick={() => {
-                setIsUninstallCommandFlyoutOpen(true);
-              }}
-              disabled={!agentPolicy.is_protected || !policyHasElasticDefend}
-              data-test-subj="uninstallCommandLink"
+            <MissingPrivilegesToolTip
+              missingPrivilege={
+                policyHasElasticDefend && agentPolicy.is_protected && !authz.fleet.allAgents
+                  ? 'Agents All'
+                  : undefined
+              }
+              position="left"
             >
-              {i18n.translate('xpack.fleet.agentPolicyForm.tamperingUninstallLink', {
-                defaultMessage: 'Get uninstall command',
-              })}
-            </EuiLink>
+              <EuiLink
+                onClick={() => {
+                  setIsUninstallCommandFlyoutOpen(true);
+                }}
+                disabled={
+                  !agentPolicy.is_protected || !policyHasElasticDefend || !authz.fleet.allAgents
+                }
+                data-test-subj="uninstallCommandLink"
+              >
+                {i18n.translate('xpack.fleet.agentPolicyForm.tamperingUninstallLink', {
+                  defaultMessage: 'Get uninstall command',
+                })}
+              </EuiLink>
+            </MissingPrivilegesToolTip>
           </>
         )}
       </EuiDescribedFormGroup>
     ),
-    [agentPolicy.id, agentPolicy.is_protected, policyHasElasticDefend, updateAgentPolicy, disabled]
+    [
+      agentPolicy.id,
+      agentPolicy.is_protected,
+      policyHasElasticDefend,
+      updateAgentPolicy,
+      disabled,
+      authz.fleet.allAgents,
+    ]
   );
 
   const AgentTamperProtectionSection = useMemo(() => {

diff --git a/x-pack/plugins/fleet/public/components/missing_privileges_tooltip.tsx b/x-pack/plugins/fleet/public/components/missing_privileges_tooltip.tsx
@@ -0,0 +1,33 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import React from 'react';
+import { EuiToolTip, type EuiToolTipProps } from '@elastic/eui';
+import { i18n } from '@kbn/i18n';
+
+export const MissingPrivilegesToolTip: React.FC<{
+  children: React.ReactElement;
+  missingPrivilege?: string;
+  position?: EuiToolTipProps['position'];
+}> = ({ children, missingPrivilege, position }) => {
+  if (!missingPrivilege) {
+    return children;
+  }
+  return (
+    <EuiToolTip
+      content={i18n.translate('xpack.fleet.missingPrivilegesToolTip', {
+        defaultMessage:
+          'You are not authorized to perform that action. It requires the {missingPrivilege} Kibana privilege for Fleet.',
+        values: {
+          missingPrivilege,
+        },
+      })}
+      position={position}
+    >
+      {children}
+    </EuiToolTip>
+  );
+};