[Dashboards] Write-restricted dashboards UI

[kowalczyk-krzysztof]

Summary

This PR adds the ability to set and change editing permission on dashboards. This action can be performed when creating a new dashboard or when changing an existing one.

Saved objects have a new optional property accessControl which has owner and accessMode properties. accessMode can either be default or write_restricted.
To enable this feature, a saved object needs to pass supportsAccessControl: true during registration.

Only admins and dashboard owner (the author, unless changed) are able to change access mode. Existing dashboards won't have accessControl until you change it.
For new dashboards accessControl is added during creation. owner is inferred from createdBy and accessMode depends on the option you select in save dashboard modal.

Dashboards existing prior to this feature being added will behave as if they are fully editable (accessMode: default).

The only way in the UI to change accessMode is in the share modal.

Closes: https://github.com/elastic/kibana-team/issues/1582

Testing

This PR has a dependency on another PR, which is not yet merged in. You need to pull in branch from this PR to test the changes locally.

Feature flag

The feature is behind a feature flag, disabled by default. To enable, add this to your config file:

savedObjects.enableAccessControl: true

[nreese]

I don't think the changes in a017792 are needed. In src/platform/plugins/shared/dashboard/server/api/create/create.ts, you can just call core.savedObjects.isAccessControlEnabled() directly.

[kowalczyk-krzysztof]

I don't think the changes in a017792 are needed. In src/platform/plugins/shared/dashboard/server/api/create/create.ts, you can just call core.savedObjects.isAccessControlEnabled() directly.

Unfortunately not. The method doesn't exist on CoreRequestHandlerContext['savedObjects']. It exists only on CoreSetup['savedObjects'] so I have to pass it down as an argument.

Flag implementation details PR: #235659

[nreese]

Unfortunately not. The method doesn't exist on CoreRequestHandlerContext['savedObjects']. It exists only on CoreSetup['savedObjects'] so I have to pass it down as an argument.

Could isAccessControlEnabled be added to CoreRequestHandlerContext['savedObjects']? That seems like a cleaner solution then prop drilling.

[kowalczyk-krzysztof]

Could isAccessControlEnabled be added to CoreRequestHandlerContext['savedObjects']? That seems like a cleaner solution then prop drilling.

@jeramysoucy @SiddharthMantri Could you answer this? Would it be possible to implement this?

[SiddharthMantri]

CoreRequestHandlerContext['savedObjects']?

Although not directly available on the savedObjects request context, you should be able to call it via the type registry (which is available) as follows:

cost coreContext = await context.core;
const isAccessControlEnabled = coreContext.savedObjects.typeRegistry.isAccessControlEnabled();

Does that work for this use case?

[kowalczyk-krzysztof]

CoreRequestHandlerContext['savedObjects']?

Although not directly available on the savedObjects request context, you should be able to call it via the type registry (which is available) as follows:

cost coreContext = await context.core;
const isAccessControlEnabled = coreContext.savedObjects.typeRegistry.isAccessControlEnabled();

Does that work for this use case?

Yes this works here. Thanks.

@nreese I updated the implementation.

[elasticmachine]

💔 Build Failed

• Buildkite Build
• Commit: 53013c0

Failed CI Steps

• Serverless AI4DSOC - Security Solution Cypress Tests #1

Test Failures

• [job] [logs] Serverless AI4DSOC - Security Solution Cypress Tests / AI4dSoC Navigation renders pages within links correctly should show the correct page for visible links when navigating should show the correct page for visible links when navigating

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id	before	after	diff
dashboard	776	784	+8

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id	before	after	diff
@kbn/content-management-access-control-public	-	42	+42
@kbn/content-management-access-control-server	-	6	+6
navigation	58	59	+1
total			+49

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
dashboard	663.3KB	674.5KB	+11.2KB
eventAnnotationListing	205.9KB	205.5KB	-452.0B
filesManagement	103.0KB	102.6KB	-452.0B
graph	372.5KB	372.0KB	-452.0B
maps	3.1MB	3.1MB	-452.0B
visualizations	343.2KB	342.8KB	-452.0B
total			+9.0KB

Public APIs missing exports

Total count of every type that is part of your API that should be exported but is not. This will cause broken links in the API documentation system. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats exports for more detailed information.

id	before	after	diff
dashboard	10	11	+1

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
navigation	11.5KB	11.5KB	+36.0B
share	53.8KB	54.1KB	+248.0B
total			+284.0B

Unknown metric groups

API count

id	before	after	diff
@kbn/content-management-access-control-public	-	42	+42
@kbn/content-management-access-control-server	-	6	+6
navigation	61	62	+1
total			+49

History

• 💔 Build #342523 failed 2062000
• 💔 Build #342284 failed 4dab837
• 💔 Build #341708 failed 6b19752
• 💔 Build #341674 failed 374652d
• 💔 Build #341207 failed 1095946

cc @kowalczyk-krzysztof