Expose anonymous access through a switch in sharing menu#86965
Expose anonymous access through a switch in sharing menu#86965streamich merged 31 commits intoelastic:masterfrom streamich:anon-access-switch
Conversation
|
ACK: reviewing... |
azasypkin
left a comment
There was a problem hiding this comment.
Did initial review pass, looks great! Left a few nits and questions.
|
Pinging @elastic/kibana-app-services (Team:AppServices) |
azasypkin
left a comment
There was a problem hiding this comment.
LGTM from the security perspective, tested locally and everything seems to be working as expected, thanks!
I'm only not sure about the text for Public URL and hint, @arisonl is going to confirm that for us. But we can tune it at any time anyway.
src/plugins/discover/public/application/components/top_nav/get_top_nav_links.ts
Outdated
Show resolved
Hide resolved
|
@elasticmachine merge upstream |
clintandrewhall
left a comment
There was a problem hiding this comment.
Just a few nits. Thanks @streamich !
src/plugins/dashboard/public/application/top_nav/show_share_modal.tsx
Outdated
Show resolved
Hide resolved
src/plugins/visualize/public/application/utils/get_top_nav_config.tsx
Outdated
Show resolved
Hide resolved
src/plugins/visualize/public/application/utils/get_top_nav_config.tsx
Outdated
Show resolved
Hide resolved
|
@elasticmachine merge upstream |
|
@azasypkin @streamich Looks great, we should turn the hint message into something more generic than just dashboards. E.g.: |
|
Another idea would be to make this toggle available but disabled when anonymous access is not set up, so that we create awareness about the feature. The hint should be different in that case. By talking to @azasypkin this sounds like it is not of trivial effort, hence we can consider it later, if the need comes up. @streamich |
There was a problem hiding this comment.
Kibana app changes LGTM - tested the feature and everything behaves as expected.
One nit:
The tooltip in the share menu talks about "the dashboard" - this is a bit confusing in discover and visualize. Can we change the wording to be more generic or pass in a configuration for this?
|
@arisonl @flash1293 I've adjusted the tooltip copy as suggested. |
💚 Build SucceededMetrics [docs]Async chunks
Page load bundle
History
To update your PR or re-run it, just comment with: |
|
Based on what @arisonl said, my recommendation is:
I noticed that the tooltips for the Permalink link items are widely inconsistent. I'll file an issue with suggestions for improvements. |
…9610) * feat: 🎸 add "Public URL" switch * feat: 🎸 add url subtitle * feat: 🎸 add public URL toggle state * feat: 🎸 allow to dynamically enable anonymous access switch * feat: 🎸 add anon access url parameters to share url * fix: 🐛 correctly add params to url * fix: 🐛 correctly add anon access to saved object URL * fix: 🐛 don't generate anon access urls twice * feat: 🎸 add ability to check anonymous user capabilities * feat: 🎸 add capability checks to Discover and Visualize apps * refactor: 💡 use early return * test: 💍 use security_oss mocks * feat: 🎸 add anon access url params to short url * test: 💍 fix jest snapshots * perf: ⚡️ make capabilities check synchronous * style: 💄 add stylistic review changes * perf: ⚡️ don't fetch anon user capabilities if anon not enabled * fix: 🐛 in discover app check if discover exists in capabilities * test: 💍 add tests for discover sharing check * test: 💍 add tests for showPublicUrlSwitch checks * feat: 🎸 make visualize capabilities props required * style: 💄 remove unused import * feat: 🎸 improve tooltip copy Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Summary
Closes #83650
See "Release note" below for more info.
How to test
To test this feature, you should add the following to your
kibana.yml:Then you will need to create a Kibana user with username
anonymousand passwordanonymous. You can also create a dedicated Kibana role for the anonymous user, in that role you need to give "read" access to anonymous user for Dashboard, Discover and Visualize apps; and you need to give that user also access to Kibana Index Patterns. And you should be able to create URLs that can be accessed anonymously.Checklist
Delete any items that are not applicable to this PR.
For maintainers
Release note
Anonymous authentication feature is now exposed in Dashboard, Discover and Visualize apps in the sharing menu. If you enable an anonymous user with read access for Dashboard, Discover or Visualize apps you can create a sharing link which allows unauthenticated anonymous user to view those apps if you check "Public URL" switch in the sharing menu.