Commit 6ee2bd4d authored by Jochen Kressin's avatar Jochen Kressin
Browse files

#351 SG-460 Global tenant selected as default even if disabled in config

parent 9f98b42a
#!/bin/bash
PLUGIN_NAME=searchguard-kibana
PLUGIN_VERSION=5.3.2-3-RC1
KIBANA_VERSION=5.3.2
PLUGIN_VERSION=5.4.0-3-RC1
KIBANA_VERSION=5.4.0
echo "Building $PLUGIN_NAME-$PLUGIN_VERSION.zip"
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
cd $DIR/..
......
......@@ -43,6 +43,7 @@ export default function (kibana) {
tenants: Joi.object().keys({
enable_private: Joi.boolean().default(true),
enable_global: Joi.boolean().default(true),
preferred: Joi.array(),
}).default(),
}).default(),
jwt: Joi.object().keys({
......
......@@ -64,12 +64,14 @@ module.exports = function (pluginRoot, server, kbnServer, APP_ROOT, API_ROOT) {
// get the preferred tenant of the user
let globalTenantEnabled = server.config().get("searchguard.multitenancy.tenants.enable_global");
let privateTenantEnabled = server.config().get("searchguard.multitenancy.tenants.enable_private");
let preferredTenant = server.plugins.searchguard.getSearchGuardBackend().getTenantByPreference(request, user.username, user.tenants, globalTenantEnabled, privateTenantEnabled);
let preferredTenants = server.config().get("searchguard.multitenancy.tenants.preferred");
let finalTenant = server.plugins.searchguard.getSearchGuardBackend().getTenantByPreference(request, user.username, user.tenants, preferredTenants, globalTenantEnabled, privateTenantEnabled);
return reply({
username: user.username,
tenants: user.tenants
}).state('searchguard_tenant', preferredTenant);
}).state('searchguard_tenant', finalTenant);
} else {
// no MT, nothing more to do
return reply({
......
......@@ -105,7 +105,7 @@ export default class SearchGuardBackend {
return prefs;
}
getTenantByPreference(request, username, tenants, globalEnabled, privateEnabled) {
getTenantByPreference(request, username, tenants, preferredTenants, globalEnabled, privateEnabled) {
// delete user from tenants first to check if we have a tenant to choose from at all
// keep original preferences untouched, we need the original values again
// http://stackoverflow.com/questions/728360/how-do-i-correctly-clone-a-javascript-object
......@@ -118,22 +118,33 @@ export default class SearchGuardBackend {
}
// get users preferred tenant
var prefs = request.state.searchguard_preferences;
if (prefs) {
var preferredTenant = prefs[username];
// user has a preferred tenant, check if it is accessible
if (preferredTenant && tenants[preferredTenant]) {
if (preferredTenant && tenants[preferredTenant] != undefined) {
return preferredTenant;
}
// special case: in tenants returned from SG, the private tenant is
// the username of the logged in user, but the header value is __user__
if (preferredTenant == "__user__" && tenants[username] && privateEnabled) {
if (preferredTenant == "__user__" && tenants[username] != undefined && privateEnabled) {
return "__user__";
}
}
// no preference, or tenant no accessible anymore, choose either global or private
// no preference in cookie, or tenant no accessible anymore, evaluate preferredTenants from kibana config
if (preferredTenants && !_.isEmpty(preferredTenants)) {
for (var i = 0; i < preferredTenants.length; i++) {
var check = preferredTenants[i];
if (tenants[check] != undefined) {
return check;
}
}
}
// no pref in cookie, no preferred tenant in kibana, use GLOBAL, Private or the first tenant in the list
if (globalEnabled) {
return "";
}
......@@ -141,9 +152,15 @@ export default class SearchGuardBackend {
if (privateEnabled) {
return "__user__";
}
// sort tenants by putting the keys in an array first
var tenantkeys = [];
var k;
// this point can be reached if global and private are disabled,
// and the preferred tenant is not accessible anymore.
for (k in tenants) {
tenantkeys.push(k);
}
tenantkeys.sort();
return tenantkeys[0];
}
validateTenant(username, requestedTenant, tenants, globalEnabled, privateEnabled) {
......
......@@ -38,8 +38,9 @@ export default function (pluginRoot, server, APP_ROOT, API_ROOT) {
if(selectedTenant != null) {
// save validated tenant as preference
backend.updateAndGetTenantPreferences(request, response.user_name, selectedTenant);
next.state('searchguard_tenant', selectedTenant);
let prefcookie = backend.updateAndGetTenantPreferences(request, response.user_name, selectedTenant);
next.state('searchguard_tenant', selectedTenant)
next.state('searchguard_preferences', prefcookie);
}
}
......
{
"name": "searchguard",
"version": "5.3.2",
"version": "5.4.0",
"description": "Search Guard features for kibana",
"main": "index.js",
"homepage": "https://floragunn.com",
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment