refactor: remove dashboard admin implementation (opensearch-project#159)

Signed-off-by: Yulong Ruan <[email protected]>
yubonluo · Sep 15, 2023 · 47e10e4 · 47e10e4
1 parent bd68902
commit 47e10e4
Show file tree

Hide file tree

Showing 3 changed files with 1 addition and 50 deletions.
diff --git a/config/opensearch_dashboards.yml b/config/opensearch_dashboards.yml
@@ -273,7 +273,3 @@
 
 # Set the value of this setting to true to enable plugin augmentation on Dashboard
 # vis_augmenter.pluginAugmentationEnabled: true
-
-# Set the backend roles, whoever has the backend roles defined in this config will be regard as dashboard admin.
-# Dashboard admin will have the access to all the workspaces and objects inside OpenSearch Dashboards.
-# workspace.dashboardAdmin.backendRoles: ["dashboard_admin"]
diff --git a/src/plugins/workspace/config.ts b/src/plugins/workspace/config.ts
@@ -7,18 +7,6 @@ import { schema, TypeOf } from '@osd/config-schema';
 
 export const configSchema = schema.object({
   enabled: schema.boolean({ defaultValue: false }),
-  dashboardAdmin: schema.object(
-    {
-      backendRoles: schema.arrayOf(schema.string(), {
-        defaultValue: ['dashboard_admin'],
-      }),
-    },
-    {
-      defaultValue: {
-        backendRoles: ['dashboard_admin'],
-      },
-    }
-  ),
 });
 
 export type ConfigSchema = TypeOf<typeof configSchema>;
diff --git a/src/plugins/workspace/server/saved_objects/workspace_saved_objects_client_wrapper.ts b/src/plugins/workspace/server/saved_objects/workspace_saved_objects_client_wrapper.ts
@@ -4,8 +4,6 @@
  */
 
 import { i18n } from '@osd/i18n';
-import { Observable } from 'rxjs';
-import { first } from 'rxjs/operators';
 
 import {
   OpenSearchDashboardsRequest,
@@ -31,7 +29,6 @@ import {
   SavedObjectsDeleteByWorkspaceOptions,
   SavedObjectsErrorHelpers,
 } from '../../../../core/server';
-import { ConfigSchema } from '../../config';
 import { WorkspaceFindOptions } from '../types';
 
 // Can't throw unauthorized for now, the page will be refreshed if unauthorized
@@ -55,7 +52,6 @@ const generateSavedObjectsPermissionError = () =>
   );
 
 export class WorkspaceSavedObjectsClientWrapper {
-  private config?: ConfigSchema;
   private formatWorkspacePermissionModeToStringArray(
     permission: WorkspacePermissionMode | WorkspacePermissionMode[]
   ): string[] {
@@ -128,14 +124,6 @@ export class WorkspaceSavedObjectsClientWrapper {
     return false;
   }
 
-  private isDashboardAdmin(request: OpenSearchDashboardsRequest): boolean {
-    const config = this.config || ({} as ConfigSchema);
-    const principals = this.permissionControl.getPrincipalsFromRequest(request);
-    const adminBackendRoles = config?.dashboardAdmin?.backendRoles || [];
-    const matchAny = principals?.groups?.some((item) => adminBackendRoles.includes(item)) || false;
-    return matchAny;
-  }
-
   /**
    * check if the type include workspace
    * Workspace permission check is totally different from object permission check.
@@ -463,12 +451,6 @@ export class WorkspaceSavedObjectsClientWrapper {
       return await wrapperOptions.client.deleteByWorkspace(workspace, options);
     };
 
-    const isDashboardAdmin = this.isDashboardAdmin(wrapperOptions.request);
-
-    if (isDashboardAdmin) {
-      return wrapperOptions.client;
-    }
-
     return {
       ...wrapperOptions.client,
       get: getWithWorkspacePermissionControl,
@@ -488,20 +470,5 @@ export class WorkspaceSavedObjectsClientWrapper {
     };
   };
 
-  constructor(
-    private readonly permissionControl: SavedObjectsPermissionControlContract,
-    private readonly options: {
-      config$: Observable<ConfigSchema>;
-    }
-  ) {
-    this.options.config$.subscribe((config) => {
-      this.config = config;
-    });
-    this.options.config$
-      .pipe(first())
-      .toPromise()
-      .then((config) => {
-        this.config = config;
-      });
-  }
+  constructor(private readonly permissionControl: SavedObjectsPermissionControlContract) {}
 }