empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 08:55:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fleet UI: Observer+ can run policies in the UI, update docs accordingly (#14796)

Browse Source
This commit is contained in:
RachelElysia 2023-11-03 07:42:11 -04:00 committed by GitHub
parent 2a22c40345
commit bdb2c4c5b7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 31 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
changes/14577-observer-plus-run-policies Normal file
View File

@ -0,0 +1 @@
- Bug fix: Allow Observer+ ability to run all existing policies in the UI

16
docs/Using Fleet/manage-access.md
View File

@ -50,10 +50,11 @@ GitOps is an API-only and write-only role that can be used on CI/CD pipelines.
| Run queries designated "**observer can run**" as live queries against all hosts | ✅ | ✅ | ✅ | ✅ | |
| Run any query as [live query](https://fleetdm.com/docs/using-fleet/fleet-ui#run-a-query) against all hosts | | ✅ | ✅ | ✅ | |
| Create, edit, and delete queries | | | ✅ | ✅ | ✅ |
| View all queries and their reports\** | ✅ | ✅ | ✅ | ✅ | |
| Manage [query automations](https://fleetdm.com/docs/using-fleet/fleet-ui#schedule-a-query) | | | | ✅ | |
| View all queries and their reports\** | ✅ | ✅ | ✅ | ✅ | |
| Manage [query automations](https://fleetdm.com/docs/using-fleet/fleet-ui#schedule-a-query) | | | | ✅ | |
| Create, edit, view, and delete packs | | | ✅ | ✅ | ✅ |
| View all policies | ✅ | ✅ | ✅ | ✅ | |
| Run all policies | | ✅ | ✅ | ✅ | |
| Filter hosts using policies | ✅ | ✅ | ✅ | ✅ | |
| Create, edit, and delete policies for all hosts | | | ✅ | ✅ | ✅ |
| Create, edit, and delete policies for all hosts assigned to team\* | | | ✅ | ✅ | ✅ |
@ -75,7 +76,7 @@ GitOps is an API-only and write-only role that can be used on CI/CD pipelines.
| View Apple mobile device management (MDM) certificate information | | | | ✅ | |
| View Apple business manager (BM) information | | | | ✅ | |
| Generate Apple mobile device management (MDM) certificate signing request (CSR) | | | | ✅ | |
| View disk encryption key for macOS and Windows hosts | ✅ | ✅ | ✅ | ✅ | |
| View disk encryption key for macOS and Windows hosts | ✅ | ✅ | ✅ | ✅ | |
| Create edit and delete configuration profiles for macOS hosts | | | ✅ | ✅ | ✅ |
| Execute MDM commands on macOS and Windows hosts*** | | | ✅ | ✅ | |
| View results of MDM commands executed on macOS and Windows hosts*** | ✅ | ✅ | ✅ | ✅ | |
@ -127,11 +128,12 @@ Users that are members of multiple teams can be assigned different roles for eac
| Run queries designated "**observer can run**" as live queries against hosts | ✅ | ✅ | ✅ | ✅ | |
| Run any query as [live query](https://fleetdm.com/docs/using-fleet/fleet-ui#run-a-query) | | ✅ | ✅ | ✅ | |
| Create, edit, and delete only **self authored** queries | | | ✅ | ✅ | ✅ |
| View all queries and their reports\** | ✅ | ✅ | ✅ | ✅ | |
| Manage [query automations](https://fleetdm.com/docs/using-fleet/fleet-ui#schedule-a-query) | | | ✅ | ✅ | ✅ |
| View policies | ✅ | ✅ | ✅ | ✅ | |
| View all queries and their reports\** | ✅ | ✅ | ✅ | ✅ | |
| Manage [query automations](https://fleetdm.com/docs/using-fleet/fleet-ui#schedule-a-query) | | | ✅ | ✅ | ✅ |
| View team policies | ✅ | ✅ | ✅ | ✅ | |
| Run team policies as a live policy | | ✅ | ✅ | ✅ | |
| View global (inherited) policies | ✅ | ✅ | ✅ | ✅ | |
| Run global (inherited) policies as a live policy | | | ✅ | ✅ | |
| Run global (inherited) policies as a live policy | | | ✅ | ✅ | |
| Filter hosts using policies | ✅ | ✅ | ✅ | ✅ | |
| Create, edit, and delete team policies | | | ✅ | ✅ | ✅ |
| Manage [policy automations](https://fleetdm.com/docs/using-fleet/automations#policy-automations) | | | | ✅ | ✅ |

4
frontend/hooks/useTeamIdParam.ts
View File

@ -343,6 +343,10 @@ export const useTeamIdParam = ({
isTeamObserver:
!!currentTeam?.id &&
permissions.isTeamObserver(currentUser, currentTeam.id),
isObserverPlus:
!!currentTeam?.id &&
!!currentUser &&
permissions.isObserverPlus(currentUser, currentTeam.id),
teamIdForApi: getTeamIdForApi({ currentTeam, includeNoTeam }),
userTeams,
handleTeamChange,

2
frontend/pages/policies/PolicyPage/PolicyPage.tsx
View File

@ -78,6 +78,7 @@ const PolicyPage = ({
isTeamMaintainer,
isTeamObserver,
teamIdForApi,
isObserverPlus,
} = useTeamIdParam({
location,
router,
@ -258,6 +259,7 @@ const PolicyPage = ({
isTeamAdmin,
isTeamMaintainer,
isTeamObserver,
isObserverPlus,
storedPolicyError,
createPolicy,
onOsqueryTableSelect,

16
frontend/pages/policies/PolicyPage/components/PolicyForm/PolicyForm.tsx
View File

@ -115,6 +115,7 @@ const PolicyForm = ({
isGlobalObserver,
isGlobalAdmin,
isGlobalMaintainer,
isObserverPlus,
isOnGlobalTeam,
isPremiumTier,
isSandboxMode,
@ -470,7 +471,8 @@ const PolicyForm = ({
);
};
// Observers and observer+ of existing query, team role viewing inherited policy
// Non-editable form used for Team Observers and Observer+ of their team policy and inherited policies
// And Global Observers and Observer+ of all policies
const renderNonEditableForm = (
<form className={`${baseClass}__wrapper`}>
<div className={`${baseClass}__title-bar`}>
@ -507,6 +509,18 @@ const PolicyForm = ({
/>
)}
{renderLiveQueryWarning()}
{isObserverPlus && ( // Observer+ can run existing policies
<div className={`${baseClass}__button-wrap`}>
<Button
className={`${baseClass}__run`}
variant="blue-green"
onClick={goToSelectTargets}
disabled={isEditMode && !isAnyPlatformSelected}
>
Run
</Button>
</div>
)}
</form>
);