[7.x] Feature Controls: addressing bugs for enterprise search (#70538) (#70808)

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>

Author: legrego

x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.test.tsx

@@ -846,4 +846,43 @@ describe('FeatureTable', () => {
       },
     });
   });
+
+  it('does not render features which lack privileges', () => {
+    const role = createRole([
+      {
+        spaces: ['foo'],
+        base: [],
+        feature: {},
+      },
+    ]);
+
+    const featureWithoutPrivileges = createFeature({
+      id: 'no_privs',
+      name: 'No Privileges Feature',
+      privileges: null,
+    });
+
+    const { displayedPrivileges } = setup({
+      role,
+      features: [...kibanaFeatures, featureWithoutPrivileges],
+      privilegeIndex: 0,
+      calculateDisplayedPrivileges: true,
+      canCustomizeSubFeaturePrivileges: false,
+    });
+
+    expect(displayedPrivileges).toEqual({
+      excluded_from_base: {
+        primaryFeaturePrivilege: 'none',
+      },
+      no_sub_features: {
+        primaryFeaturePrivilege: 'none',
+      },
+      with_excluded_sub_features: {
+        primaryFeaturePrivilege: 'none',
+      },
+      with_sub_features: {
+        primaryFeaturePrivilege: 'none',
+      },
+    });
+  });
 });

x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.tsx

@@ -63,7 +63,9 @@ export class FeatureTable extends Component<Props, State> {
   public render() {
     const { role, kibanaPrivileges } = this.props;
 
-    const featurePrivileges = kibanaPrivileges.getSecuredFeatures();
+    const featurePrivileges = kibanaPrivileges
+      .getSecuredFeatures()
+      .filter((feature) => feature.privileges != null || feature.reserved != null);
 
     const items: TableRow[] = featurePrivileges
       .sort((feature1, feature2) => {

x-pack/plugins/security/server/authorization/disable_ui_capabilities.test.ts

@@ -50,7 +50,7 @@ describe('usingPrivileges', () => {
           new Feature({
             id: 'fooFeature',
             name: 'Foo Feature',
-            app: [],
+            app: ['fooApp'],
             navLinkId: 'foo',
             privileges: null,
           }),
@@ -63,6 +63,7 @@ describe('usingPrivileges', () => {
         Object.freeze({
           navLinks: {
             foo: true,
+            fooApp: true,
             bar: true,
           },
           management: {
@@ -85,6 +86,7 @@ describe('usingPrivileges', () => {
       expect(result).toEqual({
         navLinks: {
           foo: false,
+          fooApp: false,
           bar: true,
         },
         management: {

x-pack/plugins/security/server/authorization/disable_ui_capabilities.ts

@@ -18,8 +18,12 @@ export function disableUICapabilitiesFactory(
   logger: Logger,
   authz: AuthorizationServiceSetup
 ) {
+  // nav links are sourced from two places:
+  // 1) The `navLinkId` property. This is deprecated and will be removed (https://github.com/elastic/kibana/issues/66217)
+  // 2) The apps property. The Kibana Platform associates nav links to the app which registers it, in a 1:1 relationship.
+  //    This behavior is replacing the `navLinkId` property above.
   const featureNavLinkIds = features
-    .map((feature) => feature.navLinkId)
+    .flatMap((feature) => [feature.navLinkId, ...feature.app])
     .filter((navLinkId) => navLinkId != null);
 
   const shouldDisableFeatureUICapability = (

x-pack/plugins/spaces/server/capabilities/capabilities_switcher.test.ts

@@ -43,7 +43,7 @@ const features = ([
     id: 'feature_3',
     name: 'Feature 3',
     navLinkId: 'feature3',
-    app: [],
+    app: ['feature3_app'],
     catalogue: ['feature3Entry'],
     management: {
       kibana: ['indices'],
@@ -67,6 +67,7 @@ const buildCapabilities = () =>
       feature1: true,
       feature2: true,
       feature3: true,
+      feature3_app: true,
       unknownFeature: true,
     },
     catalogue: {
@@ -241,6 +242,7 @@ describe('capabilitiesSwitcher', () => {
     expectedCapabilities.feature_2.foo = false;
 
     expectedCapabilities.navLinks.feature3 = false;
+    expectedCapabilities.navLinks.feature3_app = false;
     expectedCapabilities.catalogue.feature3Entry = false;
     expectedCapabilities.management.kibana.indices = false;
     expectedCapabilities.feature_3.bar = false;

x-pack/plugins/spaces/server/capabilities/capabilities_switcher.ts

@@ -68,6 +68,12 @@ function toggleDisabledFeatures(
       navLinks[feature.navLinkId] = false;
     }
 
+    feature.app.forEach((app) => {
+      if (navLinks.hasOwnProperty(app)) {
+        navLinks[app] = false;
+      }
+    });
+
     // Disable associated catalogue entries
     const privilegeCatalogueEntries = feature.catalogue || [];
     privilegeCatalogueEntries.forEach((catalogueEntryId) => {