delete useless code

Signed-off-by: yubonluo <yubonluo@amazon.com>
yubonluo · Apr 3, 2024 · 74d9a26 · 74d9a26
1 parent c8bb0b5
commit 74d9a26
Show file tree

Hide file tree

Showing 4 changed files with 132 additions and 509 deletions.
diff --git a/src/plugins/workspace/server/plugin.ts b/src/plugins/workspace/server/plugin.ts
@@ -11,6 +11,7 @@ import {
   Plugin,
   Logger,
   CoreStart,
+  OpenSearchDashboardsRequest,
 } from '../../../core/server';
 import {
   WORKSPACE_SAVED_OBJECTS_CLIENT_WRAPPER_ID,
@@ -31,7 +32,6 @@ import {
   SavedObjectsPermissionControlContract,
 } from './permission_control/client';
 import { WorkspacePluginConfigType } from '../config';
-import { isRequestByDashboardAdmin } from './saved_objects/workspace_saved_objects_client_wrapper';
 
 export class WorkspacePlugin implements Plugin<{}, {}> {
   private readonly logger: Logger;
@@ -60,6 +60,26 @@ export class WorkspacePlugin implements Plugin<{}, {}> {
     });
   }
 
+  private isRequestByDashboardAdmin(
+    request: OpenSearchDashboardsRequest,
+    groups: string[],
+    users: string[],
+    configGroups: string[],
+    configUsers: string[]
+  ) {
+    if (configGroups.length === 0 && configUsers.length === 0) {
+      updateWorkspaceState(request, {
+        isDashboardAdmin: false,
+      });
+      return;
+    }
+    const groupMatchAny = groups.some((group) => configGroups.includes(group)) || false;
+    const userMatchAny = users.some((user) => configUsers.includes(user)) || false;
+    updateWorkspaceState(request, {
+      isDashboardAdmin: groupMatchAny || userMatchAny,
+    });
+  }
+
   constructor(initializerContext: PluginInitializerContext) {
     this.logger = initializerContext.logger.get('plugins', 'workspace');
     this.config$ = initializerContext.config.create<WorkspacePluginConfigType>();
@@ -88,35 +108,56 @@ export class WorkspacePlugin implements Plugin<{}, {}> {
     if (isPermissionControlEnabled) {
       this.permissionControl = new SavedObjectsPermissionControl(this.logger);
 
-      this.logger.info('Dynamic application configuration enabled:' + !!applicationConfig);
-      if (!!applicationConfig) {
-        core.http.registerOnPostAuth(async (request, response, toolkit) => {
+      core.http.registerOnPostAuth(async (request, response, toolkit) => {
+        let groups: string[];
+        let users: string[];
+
+        // There may be calls to saved objects client before user get authenticated, need to add a try catch here as `getPrincipalsFromRequest` will throw error when user is not authenticated.
+        try {
+          ({ groups = [], users = [] } = this.permissionControl!.getPrincipalsFromRequest(request));
+        } catch (e) {
+          return toolkit.next();
+        }
+        if (groups.length === 0 && users.length === 0) {
+          updateWorkspaceState(request, {
+            isDashboardAdmin: false,
+          });
+          return toolkit.next();
+        }
+
+        if (!!applicationConfig) {
+          this.logger.info('Dynamic application configuration enabled:' + !!applicationConfig);
           const [coreStart] = await core.getStartServices();
           const scopeClient = coreStart.opensearch.client.asScoped(request);
-          const configClient = applicationConfig.getConfigurationClient(scopeClient);
-
-          const [adminGroups, adminUsers] = await Promise.all([
-            configClient.getEntityConfig('workspace.dashboardAdmin.groups').catch(() => undefined),
-            configClient.getEntityConfig('workspace.dashboardAdmin.users').catch(() => undefined),
+          const applicationConfigClient = applicationConfig.getConfigurationClient(scopeClient);
+
+          const [configGroups, configUsers] = await Promise.all([
+            applicationConfigClient
+              .getEntityConfig('workspace.dashboardAdmin.groups')
+              .catch(() => undefined),
+            applicationConfigClient
+              .getEntityConfig('workspace.dashboardAdmin.users')
+              .catch(() => undefined),
           ]);
 
-          const isDashboardAdmin = isRequestByDashboardAdmin(
+          this.isRequestByDashboardAdmin(
             request,
-            adminGroups ? [adminGroups] : [],
-            adminUsers ? [adminUsers] : [],
-            this.permissionControl!
+            groups,
+            users,
+            configGroups ? [configGroups] : [],
+            configUsers ? [configUsers] : []
           );
-          updateWorkspaceState(request, {
-            isDashboardAdmin,
-          });
           return toolkit.next();
-        });
-      }
+        }
+
+        const configGroups = config.dashboardAdmin.groups || [];
+        const configUsers = config.dashboardAdmin.users || [];
+        this.isRequestByDashboardAdmin(request, groups, users, configGroups, configUsers);
+        return toolkit.next();
+      });
 
       this.workspaceSavedObjectsClientWrapper = new WorkspaceSavedObjectsClientWrapper(
-        this.permissionControl,
-        { config$: this.config$ },
-        !!applicationConfig
+        this.permissionControl
       );
 
       core.savedObjects.addClientWrapper(