[Security Assistant] DocumentsDataWriter user query fix

[stephmilovic]

Add user-specific filtering to DocumentsDataWriter

Summary

Conversation sharing introduced a new concept of users/ownership for conversations. However, the users filter in DocumentsDataWriter is used on more than just the conversations data stream. Therefore, this change broke updates/deletes on other data stream types.

This PR implements proper user-specific filtering in the DocumentsDataWriter class to ensure users can only access and modify documents they have permission to view. The implementation adds different filtering strategies for conversation documents and other (kb, prompt, etc) documents.

• Re-added getFilterByUser method: Implements filtering for non-conversation documents using nested user queries (previous implementation)
• Added getFilterByConversationUser method: Implements filtering for conversation documents using created_by field
• Enhanced bulk operations: Both bulk and delete methods now apply appropriate user filtering based on document type
• Added index type detection: Uses getResourceName('conversation') to determine if operations are on conversation documents

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[spong]

Checked out, tested locally, and confirmed the issues reported in #233523 have been resolved. ++ to the approach taken here to separate out user filters. LGTM! 👍

Thanks for the quick fix here @stephmilovic!

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: b8c8816

Metrics [docs]

Saved Objects .kibana field count

Every field in each saved object type adds overhead to Elasticsearch. Kibana needs to keep the total field count below Elasticsearch's default limit of 1000 fields. Only specify field mappings for the fields you wish to search on or query. See https://www.elastic.co/guide/en/kibana/master/saved-objects-service.html#_mappings

id	before	after	diff
_data_stream_timestamp	1	-	-1
_doc_count	1	-	-1
_ignored_source	1	-	-1
_index_mode	1	-	-1
_inference_fields	1	-	-1
_tier	1	-	-1
apm-custom-dashboards	5	-	-5
apm-server-schema	2	-	-2
apm-service-group	5	-	-5
application_usage_daily	2	-	-2
config	2	-	-2
config-global	2	-	-2
coreMigrationVersion	1	-	-1
created_at	1	-	-1
created_by	1	-	-1
entity-definition	9	-	-9
entity-discovery-api-key	2	-	-2
event_loop_delays_daily	2	-	-2
favorites	4	-	-4
file	11	-	-11
file-upload-usage-collection-telemetry	3	-	-3
fileShare	5	-	-5
infra-custom-dashboards	4	-	-4
infrastructure-monitoring-log-view	2	-	-2
intercept_trigger_record	5	-	-5
legacy-url-alias	7	-	-7
managed	1	-	-1
ml-job	6	-	-6
ml-module	13	-	-13
ml-trained-model	7	-	-7
monitoring-telemetry	2	-	-2
namespace	1	-	-1
namespaces	1	-	-1
observability-onboarding-state	2	-	-2
originId	1	-	-1
product-doc-install-status	7	-	-7
references	4	-	-4
sample-data-telemetry	3	-	-3
security-ai-prompt	8	-	-8
slo	11	-	-11
space	5	-	-5
synthetics-monitor	34	-	-34
synthetics-monitor-multi-space	34	-	-34
tag	4	-	-4
type	1	-	-1
typeMigrationVersion	1	-	-1
ui-metric	2	-	-2
updated_at	1	-	-1
updated_by	1	-	-1
upgrade-assistant-ml-upgrade-operation	3	-	-3
upgrade-assistant-reindex-operation	3	-	-3
uptime-synthetics-api-key	2	-	-2
url	5	-	-5
usage-counters	2	-	-2
total			-246

History

• 💔 Build #334292 failed 1ad1693