Improve home screen for limited-access users

src/plugins/home/public/application/components/home.js

@@ -163,7 +163,10 @@ export class Home extends Component {
  </EuiFlexItem>
 
  {stackManagement ? (
- <EuiFlexItem className="homHeader__actionItem">
+ <EuiFlexItem
+ className="homHeader__actionItem"
+ data-test-subj="homManagementActionItem"
+ >
  <EuiButtonEmpty
  onClick={createAppNavigationHandler(stackManagement.path)}
  iconType="gear"

src/plugins/home/public/application/components/manage_data/manage_data.test.tsx

@@ -88,4 +88,9 @@ describe('ManageData', () => {
  );
  expect(component).toMatchSnapshot();
  });
+
+ test('render empty without any features', () => {
+ const component = shallowWithIntl(<ManageData addBasePath={addBasePathMock} features={[]} />);
+ expect(component).toMatchSnapshot();
+ });
 });

src/plugins/home/public/application/components/manage_data/manage_data.tsx

@@ -36,31 +36,37 @@ export const ManageData: FC<Props> = ({ addBasePath, features }) => (
  <>
  {features.length > 1 && <EuiHorizontalRule margin="xl" aria-hidden="true" />}
 
- <section className="homDataManage" aria-labelledby="homDataManage__title">
- <EuiTitle size="s">
- <h2 id="homDataManage__title">
- <FormattedMessage id="home.manageData.sectionTitle" defaultMessage="Manage your data" />
- </h2>
- </EuiTitle>
+ {features.length > 0 && (
+ <section
+ className="homDataManage"
+ aria-labelledby="homDataManage__title"
+ data-test-subj="homDataManage"
+ >
+ <EuiTitle size="s">
+ <h2 id="homDataManage__title">
+ <FormattedMessage id="home.manageData.sectionTitle" defaultMessage="Manage your data" />
+ </h2>
+ </EuiTitle>
 
- <EuiSpacer size="m" />
+  <EuiSpacer size="m" />
 
- <EuiFlexGroup className="homDataManage__content">
- {features.map((feature) => (
- <EuiFlexItem key={feature.id}>
- <Synopsis
- id={feature.id}
- onClick={createAppNavigationHandler(feature.path)}
- description={feature.description}
- iconType={feature.icon}
- title={feature.title}
- url={addBasePath(feature.path)}
- wrapInPanel
- />
- </EuiFlexItem>
- ))}
- </EuiFlexGroup>
- </section>
+ <EuiFlexGroup className="homDataManage__content">
+ {features.map((feature) => (
+ <EuiFlexItem key={feature.id}>
+ <Synopsis
+ id={feature.id}
+ onClick={createAppNavigationHandler(feature.path)}
+ description={feature.description}
+ iconType={feature.icon}
+ title={feature.title}
+ url={addBasePath(feature.path)}
+ wrapInPanel
+ />
+ </EuiFlexItem>
+ ))}
+ </EuiFlexGroup>
+ </section>
+ )}
  </>
 );
 

src/plugins/home/public/application/components/solutions_section/solution_panel.tsx

@@ -53,6 +53,7 @@ interface Props {
 export const SolutionPanel: FC<Props> = ({ addBasePath, solution }) => (
  <EuiFlexItem
  key={solution.id}
+ data-test-subj={`homSolutionPanel homSolutionPanel_${solution.id}`}
  className={`${
  solution.id === 'kibana' ? 'homSolutions__group homSolutions__group--single' : ''
  } homSolutions__item`}

src/plugins/home/public/services/feature_catalogue/feature_catalogue_registry.test.ts

@@ -88,6 +88,40 @@ describe('FeatureCatalogueRegistry', () => {
  expect(service.get()).toEqual([]);
  });
  });
+
+ describe('visibility filtering', () => {
+ test('retains items with no "visible" callback', () => {
+ const service = new FeatureCatalogueRegistry();
+ service.setup().register(DASHBOARD_FEATURE);
+ const capabilities = { catalogue: {} } as any;
+ service.start({ capabilities });
+ expect(service.get()).toEqual([DASHBOARD_FEATURE]);
+ });
+
+ test('retains items with a "visible" callback which returns "true"', () => {
+ const service = new FeatureCatalogueRegistry();
+ const feature = {
+ ...DASHBOARD_FEATURE,
+ visible: () => true,
+ };
+ service.setup().register(feature);
+ const capabilities = { catalogue: {} } as any;
+ service.start({ capabilities });
+ expect(service.get()).toEqual([feature]);
+ });
+
+ test('removes items with a "visible" callback which returns "false"', () => {
+ const service = new FeatureCatalogueRegistry();
+ const feature = {
+ ...DASHBOARD_FEATURE,
+ visible: () => false,
+ };
+ service.setup().register(feature);
+ const capabilities = { catalogue: {} } as any;
+ service.start({ capabilities });
+ expect(service.get()).toEqual([]);
+ });
+ });
  });
 
  describe('title sorting', () => {

src/plugins/home/public/services/feature_catalogue/feature_catalogue_registry.ts

@@ -45,6 +45,8 @@ export interface FeatureCatalogueEntry {
  readonly showOnHomePage: boolean;
  /** An ordinal used to sort features relative to one another for display on the home page */
  readonly order?: number;
+ /** Optional function to control visibility of this feature. */
+ readonly visible?: () => boolean;
 }
 
 /** @public */
@@ -103,7 +105,10 @@ export class FeatureCatalogueRegistry {
  }
  const capabilities = this.capabilities;
  return [...this.features.values()]
- .filter((entry) => capabilities.catalogue[entry.id] !== false)
+ .filter(
+ (entry) =>
+ capabilities.catalogue[entry.id] !== false && (entry.visible ? entry.visible() : true)
+ )
  .sort(compareByKey('title'));
  }
 

src/plugins/management/public/plugin.ts

@@ -47,6 +47,8 @@ export class ManagementPlugin implements Plugin<ManagementSetup, ManagementStart
 
  private readonly appUpdater = new BehaviorSubject<AppUpdater>(() => ({}));
 
+ private hasAnyEnabledApps = true;
+
  constructor(private initializerContext: PluginInitializerContext) {}
 
  public setup(core: CoreSetup, { home }: ManagementSetupDependencies) {
@@ -65,6 +67,7 @@ export class ManagementPlugin implements Plugin<ManagementSetup, ManagementStart
  path: '/app/management',
  showOnHomePage: false,
  category: FeatureCatalogueCategory.ADMIN,
+ visible: () => this.hasAnyEnabledApps,
  });
  }
 
@@ -96,11 +99,11 @@ export class ManagementPlugin implements Plugin<ManagementSetup, ManagementStart
 
  public start(core: CoreStart) {
  this.managementSections.start({ capabilities: core.application.capabilities });
- const hasAnyEnabledApps = getSectionsServiceStartPrivate()
+ this.hasAnyEnabledApps = getSectionsServiceStartPrivate()
  .getSectionsEnabled()
  .some((section) => section.getAppsEnabled().length > 0);
 
- if (!hasAnyEnabledApps) {
+ if (!this.hasAnyEnabledApps) {
  this.appUpdater.next(() => {
  return {
  status: AppStatus.inaccessible,

test/functional/page_objects/home_page.ts

@@ -43,6 +43,14 @@ export function HomePageProvider({ getService, getPageObjects }: FtrProviderCont
  return !(await testSubjects.exists(`addSampleDataSet${id}`));
  }
 
+ async getVisibileSolutions() {
+ const solutionPanels = await testSubjects.findAll('~homSolutionPanel', 2000);
+ const panelAttributes = await Promise.all(
+ solutionPanels.map((panel) => panel.getAttribute('data-test-subj'))
+ );
+ return panelAttributes.map((attributeValue) => attributeValue.split('homSolutionPanel_')[1]);
+ }
+
  async addSampleDataSet(id: string) {
  const isInstalled = await this.isSampleDataSetInstalled(id);
  if (!isInstalled) {

x-pack/plugins/index_lifecycle_management/server/plugin.ts

@@ -82,10 +82,11 @@ export class IndexLifecycleManagementServerPlugin implements Plugin<void, void,
  );
 
  features.registerElasticsearchFeature({
- id: 'index_lifecycle_management',
+ id: PLUGIN.ID,
  management: {
- data: ['index_lifecycle_management'],
+ data: [PLUGIN.ID],
  },
+ catalogue: [PLUGIN.ID],
  privileges: [
  {
  requiredClusterPrivileges: ['manage_ilm'],

x-pack/plugins/snapshot_restore/server/plugin.ts

@@ -86,6 +86,7 @@ export class SnapshotRestoreServerPlugin implements Plugin<void, void, any, any>
  management: {
  data: [PLUGIN.id],
  },
+ catalogue: [PLUGIN.id],
  privileges: [
  {
  requiredClusterPrivileges: [...APP_REQUIRED_CLUSTER_PRIVILEGES],

x-pack/test/functional/apps/home/feature_controls/home_security.ts

@@ -0,0 +1,130 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+import expect from '@kbn/expect';
+import { FtrProviderContext } from '../../../ftr_provider_context';
+
+export default function ({ getPageObjects, getService }: FtrProviderContext) {
+ const esArchiver = getService('esArchiver');
+ const security = getService('security');
+ const PageObjects = getPageObjects(['security', 'home']);
+ const testSubjects = getService('testSubjects');
+
+ describe('security', () => {
+ before(async () => {
+ await esArchiver.load('dashboard/feature_controls/security');
+ await esArchiver.loadIfNeeded('logstash_functional');
+
+ // ensure we're logged out so we can login as the appropriate users
+ await PageObjects.security.forceLogout();
+ });
+
+ after(async () => {
+ await esArchiver.unload('dashboard/feature_controls/security');
+
+ // logout, so the other tests don't accidentally run as the custom users we're testing below
+ await PageObjects.security.forceLogout();
+ });
+
+ describe('global all privileges', () => {
+ before(async () => {
+ await security.role.create('global_all_role', {
+ elasticsearch: {},
+ kibana: [
+ {
+ base: ['all'],
+ spaces: ['*'],
+ },
+ ],
+ });
+
+ await security.user.create('global_all_user', {
+ password: 'global_all_user-password',
+ roles: ['global_all_role'],
+ full_name: 'test user',
+ });
+
+ await PageObjects.security.login('global_all_user', 'global_all_user-password', {
+ expectSpaceSelector: false,
+ });
+ });
+
+ after(async () => {
+ await security.role.delete('global_all_role');
+ await security.user.delete('global_all_user');
+ });
+
+ it('shows all available solutions', async () => {
+ const solutions = await PageObjects.home.getVisibileSolutions();
+ expect(solutions).to.eql([
+ 'enterpriseSearch',
+ 'observability',
+ 'securitySolution',
+ 'kibana',
+ ]);
+ });
+
+ it('shows the management section', async () => {
+ await testSubjects.existOrFail('homDataManage', { timeout: 2000 });
+ });
+
+ it('shows the "Manage" action item', async () => {
+ await testSubjects.existOrFail('homManagementActionItem', {
+ timeout: 2000,
+ });
+ });
+ });
+
+ describe('global dashboard all privileges', () => {
+ before(async () => {
+ await security.role.create('global_dashboard_all_role', {
+ elasticsearch: {},
+ kibana: [
+ {
+ feature: {
+ dashboard: ['all'],
+ },
+ spaces: ['*'],
+ },
+ ],
+ });
+
+ await security.user.create('global_dashboard_all_user', {
+ password: 'global_dashboard_all_user-password',
+ roles: ['global_dashboard_all_role'],
+ full_name: 'test user',
+ });
+
+ await PageObjects.security.login(
+ 'global_dashboard_all_user',
+ 'global_dashboard_all_user-password',
+ {
+ expectSpaceSelector: false,
+ }
+ );
+ });
+
+ after(async () => {
+ await security.role.delete('global_dashboard_all_role');
+ await security.user.delete('global_dashboard_all_user');
+ });
+
+ it('shows only the kibana solution', async () => {
+ const solutions = await PageObjects.home.getVisibileSolutions();
+ expect(solutions).to.eql(['kibana']);
+ });
+
+ it('does not show the management section', async () => {
+ await testSubjects.missingOrFail('homDataManage', { timeout: 2000 });
+ });
+
+ it('does not show the "Manage" action item', async () => {
+ await testSubjects.missingOrFail('homManagementActionItem', {
+ timeout: 2000,
+ });
+ });
+ });
+ });
+}