fix: hiddenType side effect

Signed-off-by: SuZhou-Joe <suzhou@amazon.com>
ruanyl · Feb 27, 2024 · c2e9435 · c2e9435
1 parent 4094681
commit c2e9435
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 8 deletions.
diff --git a/src/plugins/workspace/server/plugin.ts b/src/plugins/workspace/server/plugin.ts
@@ -31,6 +31,7 @@ export class WorkspacePlugin implements Plugin<{}, {}> {
   private client?: IWorkspaceClientImpl;
   private permissionControl?: SavedObjectsPermissionControlContract;
   private readonly config$: Observable<ConfigSchema>;
+  private workspaceSavedObjectsClientWrapper?: WorkspaceSavedObjectsClientWrapper;
 
   private proxyWorkspaceTrafficToRealHandler(setupDeps: CoreSetup) {
     /**
@@ -72,14 +73,14 @@ export class WorkspacePlugin implements Plugin<{}, {}> {
         permissionControl: this.permissionControl,
       });
 
-      const workspaceSavedObjectsClientWrapper = new WorkspaceSavedObjectsClientWrapper(
+      this.workspaceSavedObjectsClientWrapper = new WorkspaceSavedObjectsClientWrapper(
         this.permissionControl
       );
 
       core.savedObjects.addClientWrapper(
         0,
         WORKSPACE_SAVED_OBJECTS_CLIENT_WRAPPER_ID,
-        workspaceSavedObjectsClientWrapper.wrapperFactory
+        this.workspaceSavedObjectsClientWrapper.wrapperFactory
       );
     }
 
@@ -93,11 +94,7 @@ export class WorkspacePlugin implements Plugin<{}, {}> {
 
     core.savedObjects.setClientFactoryProvider(
       (repositoryFactory) => ({ includedHiddenTypes }: { includedHiddenTypes?: string[] }) =>
-        new SavedObjectsClient(
-          repositoryFactory.createInternalRepository([
-            ...new Set([WORKSPACE_TYPE, ...(includedHiddenTypes || [])]),
-          ])
-        )
+        new SavedObjectsClient(repositoryFactory.createInternalRepository(includedHiddenTypes))
     );
 
     core.capabilities.registerProvider(() => ({
@@ -116,6 +113,7 @@ export class WorkspacePlugin implements Plugin<{}, {}> {
     this.logger.debug('Starting SavedObjects service');
     this.permissionControl?.setup(core.savedObjects.getScopedClient);
     this.client?.setSavedObjects(core.savedObjects);
+    this.workspaceSavedObjectsClientWrapper?.setScopedClient(core.savedObjects.getScopedClient);
 
     return {
       client: this.client as IWorkspaceClientImpl,

diff --git a/src/plugins/workspace/server/saved_objects/workspace_saved_objects_client_wrapper.ts b/src/plugins/workspace/server/saved_objects/workspace_saved_objects_client_wrapper.ts
@@ -28,9 +28,12 @@ import {
   WorkspacePermissionMode,
   SavedObjectsDeleteByWorkspaceOptions,
   SavedObjectsErrorHelpers,
+  SavedObjectsServiceStart,
+  SavedObjectsClientContract,
 } from '../../../../core/server';
 import { SavedObjectsPermissionControlContract } from '../permission_control/client';
 import { getPrincipalsFromRequest } from '../utils';
+import { WORKSPACE_SAVED_OBJECTS_CLIENT_WRAPPER_ID } from '../../common/constants';
 
 // Can't throw unauthorized for now, the page will be refreshed if unauthorized
 const generateWorkspacePermissionError = () =>
@@ -52,6 +55,7 @@ const generateSavedObjectsPermissionError = () =>
   );
 
 export class WorkspaceSavedObjectsClientWrapper {
+  private getScopedClient?: SavedObjectsServiceStart['getScopedClient'];
   private formatWorkspacePermissionModeToStringArray(
     permission: WorkspacePermissionMode | WorkspacePermissionMode[]
   ): string[] {
@@ -175,6 +179,17 @@ export class WorkspaceSavedObjectsClientWrapper {
     return hasPermission;
   }
 
+  private getWorkspaceTypeEnabledClient(request: OpenSearchDashboardsRequest) {
+    return this.getScopedClient?.(request, {
+      includedHiddenTypes: [WORKSPACE_TYPE],
+      excludedWrappers: [WORKSPACE_SAVED_OBJECTS_CLIENT_WRAPPER_ID],
+    }) as SavedObjectsClientContract;
+  }
+
+  public setScopedClient(getScopedClient: SavedObjectsServiceStart['getScopedClient']) {
+    this.getScopedClient = getScopedClient;
+  }
+
   public wrapperFactory: SavedObjectsClientWrapperFactory = (wrapperOptions) => {
     const deleteWithWorkspacePermissionControl = async (
       type: string,
@@ -398,8 +413,12 @@ export class WorkspaceSavedObjectsClientWrapper {
         ];
         options.ACLSearchParams.principals = principals;
       } else {
+        /**
+         * Workspace is a hidden type so that we need to
+         * initialize a new saved objects client with workspace enabled to retrieve all the workspaces with permission.
+         */
         const permittedWorkspaceIds = (
-          await wrapperOptions.client.find({
+          await this.getWorkspaceTypeEnabledClient(wrapperOptions.request).find({
             type: WORKSPACE_TYPE,
             perPage: 999,
             ACLSearchParams: {