[Write restricted dashboards] Change AccessMode const (elastic#239973)

Closes elastic#237816

PR changes the `read_only` const we've been using to `write_restricted`.
We've also changed the integration and unit test descriptions to match
this. No functional changes here.

---------

Co-authored-by: Elastic Machine <[email protected]>
Co-authored-by: “jeramysoucy” <[email protected]>
Co-authored-by: kibanamachine <[email protected]>

Author: 4 people

.buildkite/ftr_platform_stateful_configs.yml

@@ -332,7 +332,7 @@ enabled:
   - x-pack/platform/test/spaces_api_integration/security_and_spaces/config_basic.ts
   - x-pack/platform/test/spaces_api_integration/security_and_spaces/config_trial.ts
   - x-pack/platform/test/spaces_api_integration/spaces_only/config.ts
-  - x-pack/platform/test/spaces_api_integration/read_only_objects/config.ts
+  - x-pack/platform/test/spaces_api_integration/access_control_objects/config.ts
   - x-pack/platform/test/task_manager_claimer_update_by_query/config.ts
   - x-pack/platform/test/ui_capabilities/security_and_spaces/config.ts
   - x-pack/platform/test/ui_capabilities/spaces_only/config.ts

package.json

@@ -164,6 +164,7 @@
     "@hapi/wreck": "^18.1.0",
     "@hello-pangea/dnd": "18.0.1",
     "@kbn/aad-fixtures-plugin": "link:x-pack/platform/test/alerting_api_integration/common/plugins/aad",
+    "@kbn/access-control-test-plugin": "link:x-pack/platform/test/spaces_api_integration/common/plugins/access_control_test_plugin",
     "@kbn/actions-plugin": "link:x-pack/platform/plugins/shared/actions",
     "@kbn/actions-simulators-plugin": "link:x-pack/platform/test/alerting_api_integration/common/plugins/actions_simulators",
     "@kbn/actions-types": "link:src/platform/packages/shared/kbn-actions-types",
@@ -824,7 +825,6 @@
     "@kbn/react-kibana-context-theme": "link:src/platform/packages/shared/react/kibana_context/theme",
     "@kbn/react-kibana-mount": "link:src/platform/packages/shared/react/kibana_mount",
     "@kbn/react-mute-legacy-root-warning": "link:src/platform/packages/private/kbn-react-mute-legacy-root-warning",
-    "@kbn/read-only-objects-test-plugin": "link:x-pack/platform/test/spaces_api_integration/common/plugins/read_only_objects_test_plugin",
     "@kbn/recently-accessed": "link:src/platform/packages/shared/kbn-recently-accessed",
     "@kbn/reindex-service-plugin": "link:x-pack/platform/plugins/private/reindex_service",
     "@kbn/remote-clusters-plugin": "link:x-pack/platform/plugins/private/remote_clusters",

src/core/packages/saved-objects/api-server-internal/src/lib/apis/bulk_create.test.ts

@@ -1093,7 +1093,7 @@ describe('#bulkCreate', () => {
 
       describe('access control', () => {
         const CURRENT_USER_PROFILE_ID = 'current_user_profile_id';
-        const READ_ONLY_TYPE = 'read-only-type';
+        const ACCESS_CONTROL_TYPE = 'access-control-type';
 
         beforeEach(() => {
           securityExtension.getCurrentUser.mockReturnValue({
@@ -1116,7 +1116,7 @@ describe('#bulkCreate', () => {
         });
 
         registry.registerType({
-          name: READ_ONLY_TYPE,
+          name: ACCESS_CONTROL_TYPE,
           hidden: false,
           namespaceType: 'multiple-isolated',
           supportsAccessControl: true,
@@ -1143,13 +1143,13 @@ describe('#bulkCreate', () => {
             references: [{ name: 'ref_0', type: 'test', id: '1' }],
           };
           const obj2AccessControl = {
-            type: READ_ONLY_TYPE,
+            type: ACCESS_CONTROL_TYPE,
             id: 'has-read-only-metadata',
             attributes: { title: 'Test Two' },
             references: [{ name: 'ref_0', type: 'test', id: '2' }],
           };
           await bulkCreateSuccess(client, repository, [obj1NoAccessControl, obj2AccessControl], {
-            accessControl: { accessMode: 'read_only' },
+            accessControl: { accessMode: 'write_restricted' },
           });
 
           expect(securityExtension.authorizeBulkCreate).toHaveBeenCalledWith(
@@ -1164,14 +1164,14 @@ describe('#bulkCreate', () => {
                   // explicitly confirm there is no accessControl for non-supporting type
                 },
                 {
-                  type: READ_ONLY_TYPE,
+                  type: ACCESS_CONTROL_TYPE,
                   id: 'has-read-only-metadata',
                   name: 'Test Two',
                   existingNamespaces: [],
                   initialNamespace: undefined,
                   accessControl: {
                     owner: CURRENT_USER_PROFILE_ID,
-                    accessMode: 'read_only',
+                    accessMode: 'write_restricted',
                   },
                 },
               ]),
@@ -1186,11 +1186,11 @@ describe('#bulkCreate', () => {
             attributes: { title: 'Test One' },
             references: [{ name: 'ref_0', type: 'test', id: '1' }],
             accessControl: {
-              accessMode: 'read_only',
+              accessMode: 'write_restricted',
             } as Pick<SavedObjectAccessControl, 'accessMode'>,
           };
           const obj2AccessControl = {
-            type: READ_ONLY_TYPE,
+            type: ACCESS_CONTROL_TYPE,
             id: 'has-read-only-metadata',
             attributes: { title: 'Test Two' },
             references: [{ name: 'ref_0', type: 'test', id: '2' }],
@@ -1199,7 +1199,7 @@ describe('#bulkCreate', () => {
             } as Pick<SavedObjectAccessControl, 'accessMode'>,
           };
           const obj3AccessControl = {
-            type: READ_ONLY_TYPE,
+            type: ACCESS_CONTROL_TYPE,
             id: 'has-read-only-metadata',
             attributes: { title: 'Test Three' },
             references: [{ name: 'ref_0', type: 'test', id: '3' }],
@@ -1209,7 +1209,7 @@ describe('#bulkCreate', () => {
             repository,
             [obj1NoAccessControl, obj2AccessControl, obj3AccessControl],
             {
-              accessControl: { accessMode: 'read_only' },
+              accessControl: { accessMode: 'write_restricted' },
             }
           );
 
@@ -1225,7 +1225,7 @@ describe('#bulkCreate', () => {
                   // explicitly confirm there is no accessControl for non-supporting type
                 },
                 {
-                  type: READ_ONLY_TYPE,
+                  type: ACCESS_CONTROL_TYPE,
                   id: 'has-read-only-metadata',
                   name: 'Test Two',
                   existingNamespaces: [],
@@ -1236,14 +1236,14 @@ describe('#bulkCreate', () => {
                   },
                 },
                 {
-                  type: READ_ONLY_TYPE,
+                  type: ACCESS_CONTROL_TYPE,
                   id: 'has-read-only-metadata',
                   name: 'Test Three',
                   existingNamespaces: [],
                   initialNamespace: undefined,
                   accessControl: {
                     owner: CURRENT_USER_PROFILE_ID,
-                    accessMode: 'read_only', // explicitly confirm the mode is NOT overriden
+                    accessMode: 'write_restricted', // explicitly confirm the mode is NOT overriden
                   },
                 },
               ]),
@@ -1261,13 +1261,13 @@ describe('#bulkCreate', () => {
             references: [{ name: 'ref_0', type: 'test', id: '1' }],
           };
           const obj2AccessControl = {
-            type: READ_ONLY_TYPE,
+            type: ACCESS_CONTROL_TYPE,
             id: 'has-read-only-metadata',
             attributes: { title: 'Test Two' },
             references: [{ name: 'ref_0', type: 'test', id: '2' }],
           };
           await bulkCreateSuccess(client, repository, [obj1NoAccessControl, obj2AccessControl], {
-            accessControl: { accessMode: 'read_only' },
+            accessControl: { accessMode: 'write_restricted' },
           });
 
           expect(securityExtension.authorizeBulkCreate).toHaveBeenCalledWith(
@@ -1297,7 +1297,7 @@ describe('#bulkCreate', () => {
             references: [{ name: 'ref_0', type: 'test', id: '1' }],
           };
           const obj2AccessControl = {
-            type: READ_ONLY_TYPE,
+            type: ACCESS_CONTROL_TYPE,
             id: 'could-have-read-only-metadata',
             attributes: { title: 'Test Two' },
             references: [{ name: 'ref_0', type: 'test', id: '2' }],
@@ -1316,7 +1316,7 @@ describe('#bulkCreate', () => {
                   // explicitly confirm there is no accessControl for non-supporting type
                 },
                 {
-                  type: READ_ONLY_TYPE,
+                  type: ACCESS_CONTROL_TYPE,
                   id: 'could-have-read-only-metadata',
                   name: 'Test Two',
                   existingNamespaces: [],

src/core/packages/saved-objects/api-server-internal/src/lib/apis/create.test.ts

@@ -862,7 +862,7 @@ describe('#create', () => {
             id,
             namespace,
             accessControl: {
-              accessMode: 'read_only',
+              accessMode: 'write_restricted',
             },
           })
         ).rejects.toThrowError(
@@ -878,7 +878,7 @@ describe('#create', () => {
           mockAuthenticatedUser({ profile_uid: 'u_test_user_version' })
         );
         const accessControl = {
-          accessMode: 'read_only' as const,
+          accessMode: 'write_restricted' as const,
         };
 
         const result = await repository.create(ACCESS_CONTROL_TYPE, attributes, {
@@ -901,7 +901,7 @@ describe('#create', () => {
           updated_by: 'u_test_user_version',
           created_by: 'u_test_user_version',
           accessControl: {
-            accessMode: 'read_only',
+            accessMode: 'write_restricted',
             owner: 'u_test_user_version',
           },
         });
@@ -915,12 +915,12 @@ describe('#create', () => {
             namespace,
             references,
             accessControl: {
-              accessMode: 'read_only',
+              accessMode: 'write_restricted',
             },
           })
         ).rejects.toThrowError(
           createBadRequestErrorPayload(
-            `Unable to create \"read_only\" \"accessControlType\" saved object. User profile ID not found.`
+            `Unable to create \"write_restricted\" \"accessControlType\" saved object. User profile ID not found.`
           )
         );
         expect(client.create).not.toHaveBeenCalled();

src/core/packages/saved-objects/api-server-internal/src/lib/apis/create.ts

@@ -113,9 +113,9 @@ export const performCreate = async <T>(
     );
   }
 
-  if (!createdBy && accessMode === 'read_only') {
+  if (!createdBy && accessMode === 'write_restricted') {
     throw SavedObjectsErrorHelpers.createBadRequestError(
-      `Unable to create "read_only" "${type}" saved object. User profile ID not found.`
+      `Unable to create "write_restricted" "${type}" saved object. User profile ID not found.`
     );
   }