From cd35a9dca76c8dbe90018bf4efa0a92823f9258f Mon Sep 17 00:00:00 2001 From: Nicolas Chaulet Date: Wed, 6 Mar 2024 09:08:00 -0500 Subject: [PATCH 1/2] [Fleet] Allow to upload package for non superuser --- x-pack/plugins/fleet/common/authz.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/plugins/fleet/common/authz.ts b/x-pack/plugins/fleet/common/authz.ts index 97918648db25b..e47234730e84d 100644 --- a/x-pack/plugins/fleet/common/authz.ts +++ b/x-pack/plugins/fleet/common/authz.ts @@ -94,7 +94,7 @@ export const calculateAuthz = ({ installPackages: fleet.all && integrations.all, upgradePackages: fleet.all && integrations.all, removePackages: fleet.all && integrations.all, - uploadPackages: isSuperuser, + uploadPackages: fleet.all && integrations.all, readPackageSettings: fleet.all && integrations.all, writePackageSettings: fleet.all && integrations.all, From f549f8d40a7835fc7ed9e9078af9d79f1eb19710 Mon Sep 17 00:00:00 2001 From: Nicolas Chaulet Date: Wed, 6 Mar 2024 09:12:57 -0500 Subject: [PATCH 2/2] fix tests --- .../test/fleet_api_integration/apis/epm/install_by_upload.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/x-pack/test/fleet_api_integration/apis/epm/install_by_upload.ts b/x-pack/test/fleet_api_integration/apis/epm/install_by_upload.ts index ac741e10db1e1..f086ad8785d8d 100644 --- a/x-pack/test/fleet_api_integration/apis/epm/install_by_upload.ts +++ b/x-pack/test/fleet_api_integration/apis/epm/install_by_upload.ts @@ -261,7 +261,7 @@ export default function (providerContext: FtrProviderContext) { .expect(403); }); - it('should not allow non superusers', async () => { + it('should allow user with all access', async () => { const buf = fs.readFileSync(testPkgArchiveTgz); await supertestWithoutAuth .post(`/api/fleet/epm/packages`) @@ -269,7 +269,7 @@ export default function (providerContext: FtrProviderContext) { .set('kbn-xsrf', 'xxxx') .type('application/gzip') .send(buf) - .expect(403); + .expect(200); }); }); }