diff --git a/src/core/packages/saved-objects/api-server-internal/src/lib/apis/bulk_get.ts b/src/core/packages/saved-objects/api-server-internal/src/lib/apis/bulk_get.ts index 8d0dce9b1139f..b45a058c56d78 100644 --- a/src/core/packages/saved-objects/api-server-internal/src/lib/apis/bulk_get.ts +++ b/src/core/packages/saved-objects/api-server-internal/src/lib/apis/bulk_get.ts @@ -8,7 +8,6 @@ */ import type { Payload } from '@hapi/boom'; -import Boom from '@hapi/boom'; import { isNotFoundFromUnsupportedServer } from '@kbn/core-elasticsearch-server-internal'; import type { DecoratedError, @@ -32,6 +31,7 @@ import { left, right, rawDocExistsInNamespaces, + isForbiddenSpacesError, } from './utils'; import type { ApiExecutionContext } from './types'; @@ -69,7 +69,7 @@ export const performBulkGet = async ( availableSpacesPromise = spacesExtension! .getSearchableNamespaces([ALL_NAMESPACES_STRING]) .catch((err) => { - if (Boom.isBoom(err) && err.output.payload.statusCode === 403) { + if (isForbiddenSpacesError(err)) { // the user doesn't have access to any spaces; return the current space ID and allow the SOR authZ check to fail return [SavedObjectsUtils.namespaceIdToString(namespace)]; } else { diff --git a/src/core/packages/saved-objects/api-server-internal/src/lib/apis/find.ts b/src/core/packages/saved-objects/api-server-internal/src/lib/apis/find.ts index 942aed6691480..60a2bbc249754 100644 --- a/src/core/packages/saved-objects/api-server-internal/src/lib/apis/find.ts +++ b/src/core/packages/saved-objects/api-server-internal/src/lib/apis/find.ts @@ -7,7 +7,6 @@ * License v3.0 only", or the "Server Side Public License, v 1". */ -import Boom from '@hapi/boom'; import type { estypes } from '@elastic/elasticsearch'; import { isSupportedEsServer } from '@kbn/core-elasticsearch-server-internal'; import type { @@ -36,6 +35,7 @@ import { validateAndConvertAggregations, } from '../search'; import { includedFields } from '../utils'; +import { isForbiddenSpacesError } from './utils'; export interface PerformFindParams { options: SavedObjectsFindOptions; @@ -144,7 +144,7 @@ export const performFind = async ( try { namespaces = await spacesExtension.getSearchableNamespaces(options.namespaces); } catch (err) { - if (Boom.isBoom(err) && err.output.payload.statusCode === 403) { + if (isForbiddenSpacesError(err)) { // The user is not authorized to access any space, return an empty response. return SavedObjectsUtils.createEmptyFindResponse(options); } diff --git a/src/core/packages/saved-objects/api-server-internal/src/lib/apis/open_point_in_time.ts b/src/core/packages/saved-objects/api-server-internal/src/lib/apis/open_point_in_time.ts index 58682337bf777..997785eec7437 100644 --- a/src/core/packages/saved-objects/api-server-internal/src/lib/apis/open_point_in_time.ts +++ b/src/core/packages/saved-objects/api-server-internal/src/lib/apis/open_point_in_time.ts @@ -7,7 +7,6 @@ * License v3.0 only", or the "Server Side Public License, v 1". */ -import Boom from '@hapi/boom'; import { isSupportedEsServer } from '@kbn/core-elasticsearch-server-internal'; import { SavedObjectsErrorHelpers } from '@kbn/core-saved-objects-server'; import { DEFAULT_NAMESPACE_STRING } from '@kbn/core-saved-objects-utils-server'; @@ -17,6 +16,7 @@ import type { SavedObjectsOpenPointInTimeResponse, } from '@kbn/core-saved-objects-api-server'; import type { ApiExecutionContext } from './types'; +import { isForbiddenSpacesError } from './utils'; export interface PerforOpenPointInTimeParams { type: string | string[]; @@ -52,7 +52,7 @@ export const performOpenPointInTime = async ( try { namespaces = await spacesExtension.getSearchableNamespaces(options.namespaces); } catch (err) { - if (Boom.isBoom(err) && err.output.payload.statusCode === 403) { + if (isForbiddenSpacesError(err)) { // The user is not authorized to access any space, throw a bad request error. throw SavedObjectsErrorHelpers.createBadRequestError(); } diff --git a/src/core/packages/saved-objects/api-server-internal/src/lib/apis/search.ts b/src/core/packages/saved-objects/api-server-internal/src/lib/apis/search.ts index 00f208bac1fe7..ed59cbb37d0d4 100644 --- a/src/core/packages/saved-objects/api-server-internal/src/lib/apis/search.ts +++ b/src/core/packages/saved-objects/api-server-internal/src/lib/apis/search.ts @@ -7,7 +7,6 @@ * License v3.0 only", or the "Server Side Public License, v 1". */ import { castArray } from 'lodash'; -import Boom from '@hapi/boom'; import type { estypes } from '@elastic/elasticsearch'; import { isSupportedEsServer } from '@kbn/core-elasticsearch-server-internal'; import { @@ -23,6 +22,7 @@ import type { import type { ApiExecutionContext } from './types'; import { getNamespacesBoolFilter } from '../search'; import type { NamespacesBoolFilter } from '../search/search_dsl/query_params'; +import { isForbiddenSpacesError } from './utils'; export interface PerformSearchParams { options: SavedObjectsSearchOptions; @@ -73,7 +73,7 @@ export async function performSearch error.output.payload; export function isMgetDoc(doc?: estypes.MgetResponseItem): doc is estypes.GetGetResult { return Boolean(doc && 'found' in doc); } + +export function isForbiddenSpacesError(error: unknown): boolean { + return Boom.isBoom(error) && error.output.payload.statusCode === 403; +}