[Synthetics] Improve reading user permissions (#169601)

## Summary The PR improves the way to determine what permissions user has.
elastic · Oct 31, 2023 · fce380d · fce380d
1 parent a509a3a
commit fce380d
Show file tree

Hide file tree

Showing 4 changed files with 71 additions and 4 deletions.
diff --git a/x-pack/plugins/synthetics/public/apps/synthetics/hooks/use_synthetics_priviliges.tsx b/x-pack/plugins/synthetics/public/apps/synthetics/hooks/use_synthetics_priviliges.tsx
@@ -19,6 +19,7 @@ import { FormattedMessage } from '@kbn/i18n-react';
 import { css } from '@emotion/react';
 import { i18n } from '@kbn/i18n';
 import { selectOverviewStatus } from '../state/overview_status';
+import { useCanReadSyntheticsIndex } from '../../../hooks/use_capabilities';
 import {
   LICENSE_MISSING_ERROR,
   LICENSE_NOT_ACTIVE_ERROR,
@@ -28,9 +29,11 @@ import {
 import { useSyntheticsSettingsContext } from '../contexts';
 
 export const useSyntheticsPrivileges = () => {
+  const { canRead: canReadSyntheticsIndex, loading: isCanReadLoading } =
+    useCanReadSyntheticsIndex();
   const { error } = useSelector(selectOverviewStatus);
 
-  if (error?.body?.message?.startsWith('MissingIndicesPrivileges:')) {
+  if (!isCanReadLoading && !canReadSyntheticsIndex) {
     return (
       <EuiFlexGroup
         alignItems="center"

diff --git a/x-pack/plugins/synthetics/public/hooks/use_capabilities.ts b/x-pack/plugins/synthetics/public/hooks/use_capabilities.ts
@@ -5,7 +5,10 @@
  * 2.0.
  */
 
+import { DataPublicPluginStart } from '@kbn/data-plugin/public';
 import { useKibana } from '@kbn/kibana-react-plugin/public';
+import { useFetcher } from '@kbn/observability-shared-plugin/public';
+import { SYNTHETICS_INDEX_PATTERN } from '../../common/constants';
 import { MonitorLocations } from '../../common/runtime_types';
 
 export const useCanEditSynthetics = () => {
@@ -23,3 +26,48 @@ export const useCanUsePublicLocations = (monLocations?: MonitorLocations) => {
 
   return !!canUsePublicLocations;
 };
+
+export const useCanReadSyntheticsIndex = () => {
+  const {
+    services: { data: dataPublicPluginStart },
+  } = useKibana<{ data: DataPublicPluginStart }>();
+
+  const { data, loading, status } = useFetcher<
+    Promise<{ canRead: boolean; error: undefined | unknown }>
+  >(() => {
+    return new Promise((resolve) => {
+      dataPublicPluginStart.search
+        .search(
+          {
+            terminate_after: 1,
+            params: {
+              index: SYNTHETICS_INDEX_PATTERN,
+              size: 0,
+            },
+          },
+          {
+            legacyHitsTotal: false,
+          }
+        )
+        .subscribe({
+          next: (_) => {
+            resolve({ canRead: true, error: undefined });
+          },
+          error: (error: { err: { statusCode: number } }) => {
+            if (error.err?.statusCode >= 400 && error.err?.statusCode < 500) {
+              resolve({ canRead: false, error });
+            } else {
+              resolve({ canRead: true, error });
+            }
+          },
+        });
+    });
+  }, []);
+
+  return {
+    canRead: data?.canRead,
+    error: data?.error,
+    loading,
+    status,
+  };
+};
diff --git a/...plugins/uptime/public/legacy_uptime/components/overview/empty_state/empty_state_error.tsx b/...plugins/uptime/public/legacy_uptime/components/overview/empty_state/empty_state_error.tsx
@@ -16,7 +16,9 @@ interface EmptyStateErrorProps {
 
 export const EmptyStateError = ({ errors }: EmptyStateErrorProps) => {
   const unauthorized = errors.find(
-    (error) => error.message && error.message.includes('unauthorized')
+    (error) =>
+      (error.message && error.message.includes('unauthorized')) ||
+      (error.body?.message && error.body.message.includes('unauthorized'))
   );
 
   return (

diff --git a/x-pack/plugins/uptime/server/legacy_uptime/routes/index_state/get_index_status.ts b/x-pack/plugins/uptime/server/legacy_uptime/routes/index_state/get_index_status.ts
@@ -19,8 +19,22 @@ export const createGetIndexStatusRoute: UMRestApiRouteFactory = (libs: UMServerL
       to: schema.maybe(schema.string()),
     }),
   },
-  handler: async ({ uptimeEsClient, request }): Promise<any> => {
+  handler: async ({ uptimeEsClient, request, response }): Promise<any> => {
     const { from, to } = request.query;
-    return await libs.requests.getIndexStatus({ uptimeEsClient, range: { from, to } });
+    try {
+      return await libs.requests.getIndexStatus({ uptimeEsClient, range: { from, to } });
+    } catch (e) {
+      if (e.meta?.statusCode === 403) {
+        return response.customError({
+          statusCode: 403,
+          body: {
+            message:
+              'unauthorized: You do not have the required permissions to read uptime indices',
+          },
+        });
+      }
+
+      throw e;
+    }
   },
 });