[Security Solution] UI Blocklist RBAC

[gergoabraham]

Summary

Similarly to #145593 and #146111, this PR handles the None and Read privileges for the Blocklist sub-feature. The All privilege should not need any UI modification, but will need API modification.

The modification should:

• hide Blocklist from Manage navigation items if privilege is NONE,
• disable add/edit/delete for Blocklist if privilege is READ.
• disable opening Policies from Blocklist (and any other ArtifactListPage) by disabling the links in the 'Applied for N policies' context menu

For testing the last part:

• add Read privilege for Blocklist (or any other artifact using ArtifactListPage), and None to Policies
• for now, it has to be tested with Fleet:All and Integrations:Read privileges

With Policies:Read privilege, hovering on the last item:

With Policies:None privilege, hovering on the last item:

Checklist

Delete any items that are not applicable to this PR.

• Unit or functional tests were updated or added to match the most common scenarios

[elasticmachine]

Pinging @elastic/security-onboarding-and-lifecycle-mgt (Team:Onboarding and Lifecycle Mgt)

[dasansol92]

LGTM! Left minor suggestions on test cases but other than that, it looks great!

[dasansol92]

Should we add a test case for the case it has right privileges and Blocklist is shown?

[gergoabraham]

There is a test case for showing all links, I believe that should be enough. What was missing is the correct name, so I renamed it: 00e8553

[dasansol92]

Should we add a NONE privileges case?

[gergoabraham]

This page is never displayed with NONE privilege - instead the NoPrivileges page is displayed, so I think there is no need for that test case.

[paul-tavares]

Left some feedback. Let me know your thoughts on my suggestion for the policy names in the card's popover

[paul-tavares]

I don't think its a good idea to display this with a disabled Button. When the user is not allowed to Read policies, then we should just display the policy name using regular text (<EuiText />). It looks strange (to me) for those entries to be displayed grey'ed out in the UI.

Thoughts?

[gergoabraham]

I agree, so with some more effort, here is a new version: babbcf2

(I've added screenshots to the description)

[paul-tavares]

Can you use getEndpointAuthzInitialStateMock() here to instead of setting this to a partial object? it will be easier to maintain in the future, especially if we start to check other RBAC properties for whatever reason - they will be already set.

[gergoabraham]

Good point, thanks!
b53c545

[paul-tavares]

can you use Eui Style props here instead of hard coding it?

Should be able to use one of the "size" props in the theme - https://gist.github.com/paul-tavares/303d718ac7f514d6ee681a3851407a7e#file-eui_theme_style_props-js-L576-L579

(FYI: that's my own gist that I keep as a reference to what's available in the theme)

[gergoabraham]

Thanks a lot for this suggestion! Unfortunately, I forgot about using theme constants, so I'm glad it came up.

1057e99

[paul-tavares]

Why did you change this test from Event filters to Blocklist?

[gergoabraham]

It must be some merge/diff magic. 🤷

Originally I had should show and should hide tests for Trusted Apps, but then figured that there's only need for one should show all test, and individual should hide tests for all artefacts. So I renamed the should show Trusted Apps test and moved it up in this commit: 00e8553

Then got some merge conflicts and stuff, so here we are, with a messed up diff, where should show Trusted Apps became should hide Event filters, and should hide Event filters became should hide Blocklists. So I think all should be fine, every test is here.

[paul-tavares]

👍

[gergoabraham]

@elasticmachine merge upstream

[gergoabraham]

@elasticmachine merge upstream

[kibana-ci]

💚 Build Succeeded

• Buildkite Build
• Commit: 03b67c9

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
securitySolution	10.1MB	10.1MB	+1.7KB

Unknown metric groups

ESLint disabled in files

id	before	after	diff
osquery	1	2	+1

ESLint disabled line counts

id	before	after	diff
enterpriseSearch	19	21	+2
fleet	60	66	+6
osquery	109	115	+6
securitySolution	445	451	+6
total			+20

Total ESLint disabled count

id	before	after	diff
enterpriseSearch	20	22	+2
fleet	69	75	+6
osquery	110	117	+7
securitySolution	521	527	+6
total			+21

History

• 💔 Build #93699 failed f99ac76
• 💔 Build #93560 failed 0544715
• 💔 Build #93037 failed babbcf2
• 💔 Build #92675 failed 00e8553
• 💛 Build #92556 was flaky 9ce2e0f

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @gergoabraham