Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Lens "Add to dashboard" is appearing for underprivileged users #88719

Closed
legrego opened this issue Jan 19, 2021 · 8 comments
Closed

Lens "Add to dashboard" is appearing for underprivileged users #88719

legrego opened this issue Jan 19, 2021 · 8 comments
Assignees
Labels
bug Fixes for quality problems that affect the customer experience Team:Presentation Presentation Team for Dashboard, Input Controls, and Canvas

Comments

@legrego
Copy link
Member

legrego commented Jan 19, 2021

Kibana version: 7.11

Describe the bug:

Lens has a new "Save to dashboard" feature, which allows a Lens user to save their visualization within either a new or existing dashboard.

This display of this feature is not respecting the current user's privileges, so it give users an option that will ultimately fail.

Steps to reproduce:

  1. Create a role which grants All access to Visualize, but no access to Dashboards
  2. Create a user, and assign this role to them.
  3. Login as the user created in step 2, and navigate to Lens
  4. Create a new Lens visualization, and click Save.

Expected behavior:

A user without write access to Dashboards should not be given the option to create/modify them via this save dialog

Screenshots (if relevant):

CleanShot 2021-01-19 at 12 48 05

@legrego legrego added bug Fixes for quality problems that affect the customer experience Team:Presentation Presentation Team for Dashboard, Input Controls, and Canvas Feature:Lens labels Jan 19, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-presentation (Team:Presentation)

@poffdeluxe poffdeluxe self-assigned this Jan 19, 2021
@poffdeluxe
Copy link
Contributor

I spoke with @ryankeairns today about what the fix for this should look like. If the user is missing create new dashboard privileges, don't show the add to new dashboard option. If the user is missing edit privileges, don't show the add to existing dashboard option. If the user is neither or doesn't not have any dashboard access, then don't show the "add to dashboard" options and default to add to library.

I'm going to wait to fix this until @clintandrewhall's PR here is merged: #88112
The reason being is so it'll be easy to grab capabilities of the logged in user from within the plugin rather than having the consuming application be responsible for passing in the user's capabilities.

@nreese
Copy link
Contributor

nreese commented Jan 20, 2021

@poffdeluxe will maps be impacted by this once #88759 is merged? Will maps have to do anything or will SavedObjectSaveModalDashboard handle the details internally?

@flash1293
Copy link
Contributor

Removing Lens tag as this looks like a general issue. Please add back if I'm mistaken

@poffdeluxe
Copy link
Contributor

@nreese Apologies for the late reply here but the modal will handle it internally. @clintandrewhall's PR here includes a first pass at handling some of the privileges. So, all that being said, no changes will have to be made specifically to maps.

@poffdeluxe
Copy link
Contributor

Fixed as a small part of #88112

@poffdeluxe
Copy link
Contributor

With a test for it here: #89245

@legrego
Copy link
Member Author

legrego commented Feb 10, 2021

🎉 Thanks, team!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Fixes for quality problems that affect the customer experience Team:Presentation Presentation Team for Dashboard, Input Controls, and Canvas
Projects
None yet
Development

No branches or pull requests

5 participants