[Cases] Attachments RBAC

x-pack/plugins/cases/common/api/cases/comment.ts

@@ -6,6 +6,7 @@
  */
 
 import * as rt from 'io-ts';
+import { SavedObjectFindOptionsRt } from '../saved_object';
 
 import { UserRT } from '../user';
 
@@ -27,6 +28,7 @@ export const CommentAttributesBasicRt = rt.type({
   ]),
   created_at: rt.string,
   created_by: UserRT,
+  owner: rt.string,
   pushed_at: rt.union([rt.string, rt.null]),
   pushed_by: rt.union([UserRT, rt.null]),
   updated_at: rt.union([rt.string, rt.null]),
@@ -42,6 +44,7 @@ export enum CommentType {
 export const ContextTypeUserRt = rt.type({
   comment: rt.string,
   type: rt.literal(CommentType.user),
+  owner: rt.string,
 });
 
 /**
@@ -57,6 +60,7 @@ export const AlertCommentRequestRt = rt.type({
     id: rt.union([rt.string, rt.null]),
     name: rt.union([rt.string, rt.null]),
   }),
+  owner: rt.string,
 });
 
 const AttributesTypeUserRt = rt.intersection([ContextTypeUserRt, CommentAttributesBasicRt]);
@@ -112,6 +116,12 @@ export const CommentsResponseRt = rt.type({
 
 export const AllCommentsResponseRt = rt.array(CommentResponseRt);
 
+export const FindQueryParamsRt = rt.partial({
+  ...SavedObjectFindOptionsRt.props,
+  subCaseId: rt.string,
+});
+
+export type FindQueryParams = rt.TypeOf<typeof FindQueryParamsRt>;
 export type AttributesTypeAlerts = rt.TypeOf<typeof AttributesTypeAlertsRt>;
 export type AttributesTypeUser = rt.TypeOf<typeof AttributesTypeUserRt>;
 export type CommentAttributes = rt.TypeOf<typeof CommentAttributesRt>;

x-pack/plugins/cases/common/api/cases/user_actions.ts

@@ -22,6 +22,7 @@ const UserActionFieldTypeRt = rt.union([
   rt.literal('status'),
   rt.literal('settings'),
   rt.literal('sub_case'),
+  rt.literal('owner'),
 ]);
 const UserActionFieldRt = rt.array(UserActionFieldTypeRt);
 const UserActionRt = rt.union([

x-pack/plugins/cases/common/api/helpers.ts

@@ -14,6 +14,7 @@ import {
   SUB_CASES_URL,
   CASE_PUSH_URL,
   SUB_CASE_USER_ACTIONS_URL,
+  CASE_CONFIGURE_DETAILS_URL,
 } from '../constants';
 
 export const getCaseDetailsUrl = (id: string): string => {
@@ -47,3 +48,7 @@ export const getSubCaseUserActionUrl = (caseID: string, subCaseId: string): stri
 export const getCasePushUrl = (caseId: string, connectorId: string): string => {
   return CASE_PUSH_URL.replace('{case_id}', caseId).replace('{connector_id}', connectorId);
 };
+
+export const getCaseConfigurationDetailsUrl = (configureID: string): string => {
+  return CASE_CONFIGURE_DETAILS_URL.replace('{configuration_id}', configureID);
+};

x-pack/plugins/cases/server/authorization/audit_logger.ts

@@ -5,8 +5,8 @@
  * 2.0.
  */
 
-import { OperationDetails } from '.';
-import { AuditLogger, EventCategory, EventOutcome } from '../../../security/server';
+import { DATABASE_CATEGORY, ECS_OUTCOMES, OperationDetails } from '.';
+import { AuditLogger } from '../../../security/server';
 
 enum AuthorizationResult {
   Unauthorized = 'Unauthorized',
@@ -51,9 +51,9 @@ export class AuthorizationAuditLogger {
       message: `${username ?? 'unknown user'} ${message}`,
       event: {
         action: operation.action,
-        category: EventCategory.DATABASE,
-        type: operation.type,
-        outcome: EventOutcome.SUCCESS,
+        category: DATABASE_CATEGORY,
+        type: [operation.type],
+        outcome: ECS_OUTCOMES.success,
       },
       ...(username != null && {
         user: {
@@ -81,9 +81,9 @@ export class AuthorizationAuditLogger {
       message: `${username ?? 'unknown user'} ${message}`,
       event: {
         action: operation.action,
-        category: EventCategory.DATABASE,
-        type: operation.type,
-        outcome: EventOutcome.FAILURE,
+        category: DATABASE_CATEGORY,
+        type: [operation.type],
+        outcome: ECS_OUTCOMES.failure,
       },
       // add the user information if we have it
       ...(username != null && {

x-pack/plugins/cases/server/authorization/index.ts

@@ -5,8 +5,12 @@
  * 2.0.
  */
 
-import { EventType } from '../../../security/server';
-import { CASE_CONFIGURE_SAVED_OBJECT, CASE_SAVED_OBJECT } from '../../common/constants';
+import { EcsEventCategory, EcsEventOutcome, EcsEventType } from 'kibana/server';
+import {
+  CASE_COMMENT_SAVED_OBJECT,
+  CASE_CONFIGURE_SAVED_OBJECT,
+  CASE_SAVED_OBJECT,
+} from '../../common/constants';
 import { Verbs, ReadOperations, WriteOperations, OperationDetails } from './types';
 
 export * from './authorization';
@@ -37,89 +41,167 @@ const deleteVerbs: Verbs = {
   past: 'deleted',
 };
 
+const eventTypes: Record<string, EcsEventType> = {
+  creation: 'creation',
+  deletion: 'deletion',
+  change: 'change',
+  access: 'access',
+};
+
+/**
+ * Database constant for ECS category for use for audit logging.
+ */
+export const DATABASE_CATEGORY: EcsEventCategory[] = ['database'];
+
+/**
+ * ECS Outcomes for audit logging.
+ */
+export const ECS_OUTCOMES: Record<string, EcsEventOutcome> = {
+  failure: 'failure',
+  success: 'success',
+  unknown: 'unknown',
+};
+
 /**
  * Definition of all APIs within the cases backend.
  */
 export const Operations: Record<ReadOperations | WriteOperations, OperationDetails> = {
   // case operations
   [WriteOperations.CreateCase]: {
-    type: EventType.CREATION,
+    type: eventTypes.creation,
     name: WriteOperations.CreateCase,
     action: 'create-case',
     verbs: createVerbs,
     docType: 'case',
     savedObjectType: CASE_SAVED_OBJECT,
   },
   [WriteOperations.DeleteCase]: {
-    type: EventType.DELETION,
+    type: eventTypes.deletion,
     name: WriteOperations.DeleteCase,
     action: 'delete-case',
     verbs: deleteVerbs,
     docType: 'case',
     savedObjectType: CASE_SAVED_OBJECT,
   },
   [WriteOperations.UpdateCase]: {
-    type: EventType.CHANGE,
+    type: eventTypes.change,
     name: WriteOperations.UpdateCase,
     action: 'update-case',
     verbs: updateVerbs,
     docType: 'case',
     savedObjectType: CASE_SAVED_OBJECT,
   },
   [WriteOperations.CreateConfiguration]: {
-    type: EventType.CREATION,
+    type: eventTypes.creation,
     name: WriteOperations.CreateConfiguration,
     action: 'create-configuration',
     verbs: createVerbs,
     docType: 'case configuration',
     savedObjectType: CASE_CONFIGURE_SAVED_OBJECT,
   },
   [WriteOperations.UpdateConfiguration]: {
-    type: EventType.CHANGE,
+    type: eventTypes.change,
     name: WriteOperations.UpdateConfiguration,
     action: 'update-configuration',
     verbs: updateVerbs,
     docType: 'case configuration',
     savedObjectType: CASE_CONFIGURE_SAVED_OBJECT,
   },
+  [ReadOperations.FindConfigurations]: {
+    type: eventTypes.access,
+    name: ReadOperations.FindConfigurations,
+    action: 'find-configurations',
+    verbs: accessVerbs,
+    docType: 'case configurations',
+    savedObjectType: CASE_CONFIGURE_SAVED_OBJECT,
+  },
   [ReadOperations.GetCase]: {
-    type: EventType.ACCESS,
+    type: eventTypes.access,
     name: ReadOperations.GetCase,
     action: 'get-case',
     verbs: accessVerbs,
     docType: 'case',
     savedObjectType: CASE_SAVED_OBJECT,
   },
   [ReadOperations.FindCases]: {
-    type: EventType.ACCESS,
+    type: eventTypes.access,
     name: ReadOperations.FindCases,
     action: 'find-cases',
     verbs: accessVerbs,
     docType: 'cases',
     savedObjectType: CASE_SAVED_OBJECT,
   },
   [ReadOperations.GetTags]: {
-    type: EventType.ACCESS,
+    type: eventTypes.access,
     name: ReadOperations.GetCase,
     action: 'get-tags',
     verbs: accessVerbs,
     docType: 'case',
     savedObjectType: CASE_SAVED_OBJECT,
   },
   [ReadOperations.GetReporters]: {
-    type: EventType.ACCESS,
+    type: eventTypes.access,
     name: ReadOperations.GetReporters,
     action: 'get-reporters',
     verbs: accessVerbs,
     docType: 'case',
     savedObjectType: CASE_SAVED_OBJECT,
   },
-  [ReadOperations.FindConfigurations]: {
-    type: EventType.ACCESS,
-    name: ReadOperations.FindConfigurations,
-    action: 'find-configurations',
+  // comments operations
+  [WriteOperations.CreateComment]: {
+    type: eventTypes.creation,
+    name: WriteOperations.CreateComment,
+    action: 'create-comment',
+    verbs: createVerbs,
+    docType: 'comments',
+    savedObjectType: CASE_COMMENT_SAVED_OBJECT,
+  },
+  [WriteOperations.DeleteAllComments]: {
+    type: eventTypes.deletion,
+    name: WriteOperations.DeleteAllComments,
+    action: 'delete-all-comments',
+    verbs: deleteVerbs,
+    docType: 'comments',
+    savedObjectType: CASE_COMMENT_SAVED_OBJECT,
+  },
+  [WriteOperations.DeleteComment]: {
+    type: eventTypes.deletion,
+    name: WriteOperations.DeleteComment,
+    action: 'delete-comment',
+    verbs: deleteVerbs,
+    docType: 'comments',
+    savedObjectType: CASE_COMMENT_SAVED_OBJECT,
+  },
+  [WriteOperations.UpdateComment]: {
+    type: eventTypes.change,
+    name: WriteOperations.UpdateComment,
+    action: 'update-comments',
+    verbs: updateVerbs,
+    docType: 'comments',
+    savedObjectType: CASE_COMMENT_SAVED_OBJECT,
+  },
+  [ReadOperations.GetComment]: {
+    type: eventTypes.access,
+    name: ReadOperations.GetComment,
+    action: 'get-comment',
     verbs: accessVerbs,
-    docType: 'case configurations',
-    savedObjectType: CASE_CONFIGURE_SAVED_OBJECT,
+    docType: 'comments',
+    savedObjectType: CASE_COMMENT_SAVED_OBJECT,
+  },
+  [ReadOperations.GetAllComments]: {
+    type: eventTypes.access,
+    name: ReadOperations.GetAllComments,
+    action: 'get-all-comment',
+    verbs: accessVerbs,
+    docType: 'comments',
+    savedObjectType: CASE_COMMENT_SAVED_OBJECT,
+  },
+  [ReadOperations.FindComments]: {
+    type: eventTypes.access,
+    name: ReadOperations.FindComments,
+    action: 'find-comments',
+    verbs: accessVerbs,
+    docType: 'comments',
+    savedObjectType: CASE_COMMENT_SAVED_OBJECT,
   },
 };

x-pack/plugins/cases/server/authorization/types.ts

@@ -5,9 +5,8 @@
  * 2.0.
  */
 
-import { KibanaRequest } from 'kibana/server';
+import { EcsEventType, KibanaRequest } from 'kibana/server';
 import { KueryNode } from 'src/plugins/data/common';
-import { EventType } from '../../../security/server';
 import { Space } from '../../../spaces/server';
 
 /**
@@ -21,24 +20,37 @@ export interface Verbs {
 
 export type GetSpaceFn = (request: KibanaRequest) => Promise<Space | undefined>;
 
-// TODO: we need to have an operation per entity route so I think we need to create a bunch like
-//  getCase, getComment, getSubCase etc for each, need to think of a clever way of creating them for all the routes easily?
-
-// if you add a value here you'll likely also need to make changes here:
-// x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/cases.ts
+/**
+ * Read operations for the cases APIs.
+ *
+ * NOTE: If you add a value here you'll likely also need to make changes here:
+ * x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/cases.ts
+ */
 export enum ReadOperations {
   GetCase = 'getCase',
   FindCases = 'findCases',
+  GetComment = 'getComment',
+  GetAllComments = 'getAllComments',
+  FindComments = 'findComments',
   GetTags = 'getTags',
   GetReporters = 'getReporters',
   FindConfigurations = 'findConfigurations',
 }
 
-// TODO: comments
+/**
+ * Write operations for the cases APIs.
+ *
+ * NOTE: If you add a value here you'll likely also need to make changes here:
+ * x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/cases.ts
+ */
 export enum WriteOperations {
   CreateCase = 'createCase',
   DeleteCase = 'deleteCase',
   UpdateCase = 'updateCase',
+  CreateComment = 'createComment',
+  DeleteAllComments = 'deleteAllComments',
+  DeleteComment = 'deleteComment',
+  UpdateComment = 'updateComment',
   CreateConfiguration = 'createConfiguration',
   UpdateConfiguration = 'updateConfiguration',
 }
@@ -47,7 +59,7 @@ export enum WriteOperations {
  * Defines the structure for a case API route.
  */
 export interface OperationDetails {
-  type: EventType;
+  type: EcsEventType;
   name: ReadOperations | WriteOperations;
   action: string;
   verbs: Verbs;