elastic · szwarckonrad · Sep 23, 2024 · Sep 11, 2024 · Sep 11, 2024 · Sep 11, 2024
diff --git a/..._solution/public/management/hooks/artifacts/use_host_isolation_exceptions_access.test.tsx b/..._solution/public/management/hooks/artifacts/use_host_isolation_exceptions_access.test.tsx
@@ -0,0 +1,84 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { renderHook } from '@testing-library/react-hooks';
+import { useHostIsolationExceptionsAccess } from './use_host_isolation_exceptions_access';
+import { checkArtifactHasData } from '../../services/exceptions_list/check_artifact_has_data';
+
+jest.mock('../../services/exceptions_list/check_artifact_has_data', () => ({
+  checkArtifactHasData: jest.fn(),
+}));
+
+const mockArtifactHasData = (hasData = true) => {
+  (checkArtifactHasData as jest.Mock).mockResolvedValueOnce(hasData);
+};
+
+describe('useHostIsolationExceptionsAccess', () => {
+  const mockApiClient = jest.fn();
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  const setupHook = (canAccess: boolean, canRead: boolean) => {
+    return renderHook(() => useHostIsolationExceptionsAccess(canAccess, canRead, mockApiClient));
+  };
+
+  test('should set access to true if canAccessHostIsolationExceptions is true', async () => {
+    const { result, waitFor } = setupHook(true, false);
+
+    await waitFor(() => expect(result.current.hasAccessToHostIsolationExceptions).toBe(true));
+  });
+
+  test('should check for artifact data if canReadHostIsolationExceptions is true and canAccessHostIsolationExceptions is false', async () => {
+    mockArtifactHasData();
+
+    const { result, waitFor } = setupHook(false, true);
+
+    await waitFor(() => {
+      expect(checkArtifactHasData).toHaveBeenCalledWith(mockApiClient());
+      expect(result.current.hasAccessToHostIsolationExceptions).toBe(true);
+    });
+  });
+
+  test('should set access to false if canReadHostIsolationExceptions is true but no artifact data exists', async () => {
+    mockArtifactHasData(false);
+
+    const { result, waitFor } = setupHook(false, true);
+
+    await waitFor(() => {
+      expect(checkArtifactHasData).toHaveBeenCalledWith(mockApiClient());
+      expect(result.current.hasAccessToHostIsolationExceptions).toBe(false);
+    });
+  });
+
+  test('should set access to false if neither canAccessHostIsolationExceptions nor canReadHostIsolationExceptions is true', async () => {
+    const { result, waitFor } = setupHook(false, false);
+    await waitFor(() => {
+      expect(result.current.hasAccessToHostIsolationExceptions).toBe(false);
+    });
+  });
+
+  test('should not call checkArtifactHasData if canAccessHostIsolationExceptions is true', async () => {
+    const { result, waitFor } = setupHook(true, true);
+
+    await waitFor(() => {
+      expect(checkArtifactHasData).not.toHaveBeenCalled();
+      expect(result.current.hasAccessToHostIsolationExceptions).toBe(true);
+    });
+  });
+
+  test('should set loading state correctly while checking access', async () => {
+    const { result, waitFor } = setupHook(false, true);
+
+    expect(result.current.isHostIsolationExceptionsAccessLoading).toBe(true);
+
+    await waitFor(() => {
+      expect(result.current.isHostIsolationExceptionsAccessLoading).toBe(false);
+    });
+  });
+});
diff --git a/...urity_solution/public/management/hooks/artifacts/use_host_isolation_exceptions_access.tsx b/...urity_solution/public/management/hooks/artifacts/use_host_isolation_exceptions_access.tsx
@@ -0,0 +1,43 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { useEffect, useState } from 'react';
+import { checkArtifactHasData } from '../../services/exceptions_list/check_artifact_has_data';
+import type { ExceptionsListApiClient } from '../../services/exceptions_list/exceptions_list_api_client';
+
+export const useHostIsolationExceptionsAccess = (
+  canAccessHostIsolationExceptions: boolean,
+  canReadHostIsolationExceptions: boolean,
+  getApiClient: () => ExceptionsListApiClient
+): {
+  hasAccessToHostIsolationExceptions: boolean;
+  isHostIsolationExceptionsAccessLoading: boolean;
+} => {
+  const [hasAccess, setHasAccess] = useState<boolean | null>(null);
+
+  useEffect(() => {
+    (async () => {
+      // Host isolation exceptions is a paid feature and therefore:
+      // canAccessHostIsolationExceptions signifies if the user has required license to access the feature.
+      // canReadHostIsolationExceptions, however, is a privilege that allows the user to read and delete the data even if the license is not sufficient (downgrade scenario).
+      // In such cases, the tab should be visible only if there is existing data.
+      if (canAccessHostIsolationExceptions) {
+        setHasAccess(true);
+      } else if (canReadHostIsolationExceptions) {
+        const result = await checkArtifactHasData(getApiClient());
+        setHasAccess(result);
+      } else {
+        setHasAccess(false);
+      }
+    })();
+  }, [canAccessHostIsolationExceptions, canReadHostIsolationExceptions, getApiClient]);
+
+  return {
+    hasAccessToHostIsolationExceptions: !!hasAccess,
+    isHostIsolationExceptionsAccessLoading: hasAccess === null,
+  };
+};
diff --git a/...ins/security_solution/public/management/pages/blocklist/services/blocklists_api_client.ts b/...ins/security_solution/public/management/pages/blocklist/services/blocklists_api_client.ts
@@ -10,7 +10,7 @@ import type {
   ExceptionListItemSchema,
   UpdateExceptionListItemSchema,
 } from '@kbn/securitysolution-io-ts-list-types';
-import { ENDPOINT_BLOCKLISTS_LIST_ID } from '@kbn/securitysolution-list-constants';
+import { ENDPOINT_ARTIFACT_LISTS } from '@kbn/securitysolution-list-constants';
 
 import type { HttpStart } from '@kbn/core/public';
 import type { ConditionEntry } from '../../../../../common/endpoint/types';
@@ -46,7 +46,7 @@ export class BlocklistsApiClient extends ExceptionsListApiClient {
   constructor(http: HttpStart) {
     super(
       http,
-      ENDPOINT_BLOCKLISTS_LIST_ID,
+      ENDPOINT_ARTIFACT_LISTS.blocklists.id,
       BLOCKLISTS_LIST_DEFINITION,
       readTransform,
       writeTransform
@@ -56,7 +56,7 @@ export class BlocklistsApiClient extends ExceptionsListApiClient {
   public static getInstance(http: HttpStart): ExceptionsListApiClient {
     return super.getInstance(
       http,
-      ENDPOINT_BLOCKLISTS_LIST_ID,
+      ENDPOINT_ARTIFACT_LISTS.blocklists.id,
       BLOCKLISTS_LIST_DEFINITION,
       readTransform,
       writeTransform

diff --git a/x-pack/plugins/security_solution/public/management/pages/event_filters/service/api_client.ts b/x-pack/plugins/security_solution/public/management/pages/event_filters/service/api_client.ts
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { ENDPOINT_EVENT_FILTERS_LIST_ID } from '@kbn/securitysolution-list-constants';
+import { ENDPOINT_ARTIFACT_LISTS } from '@kbn/securitysolution-list-constants';
 import type { HttpStart } from '@kbn/core/public';
 import type {
   CreateExceptionListItemSchema,
@@ -33,7 +33,7 @@ export class EventFiltersApiClient extends ExceptionsListApiClient {
   constructor(http: HttpStart) {
     super(
       http,
-      ENDPOINT_EVENT_FILTERS_LIST_ID,
+      ENDPOINT_ARTIFACT_LISTS.eventFilters.id,
       EVENT_FILTER_LIST_DEFINITION,
       undefined,
       writeTransform
@@ -43,7 +43,7 @@ export class EventFiltersApiClient extends ExceptionsListApiClient {
   public static getInstance(http: HttpStart): ExceptionsListApiClient {
     return super.getInstance(
       http,
-      ENDPOINT_EVENT_FILTERS_LIST_ID,
+      ENDPOINT_ARTIFACT_LISTS.eventFilters.id,
       EVENT_FILTER_LIST_DEFINITION,
       undefined,
       writeTransform

diff --git a/...public/management/pages/host_isolation_exceptions/host_isolation_exceptions_api_client.ts b/...public/management/pages/host_isolation_exceptions/host_isolation_exceptions_api_client.ts
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { ENDPOINT_HOST_ISOLATION_EXCEPTIONS_LIST_ID } from '@kbn/securitysolution-list-constants';
+import { ENDPOINT_ARTIFACT_LISTS } from '@kbn/securitysolution-list-constants';
 import type { HttpStart } from '@kbn/core/public';
 import { ExceptionsListApiClient } from '../../services/exceptions_list/exceptions_list_api_client';
 import { HOST_ISOLATION_EXCEPTIONS_LIST_DEFINITION } from './constants';
@@ -19,15 +19,15 @@ export class HostIsolationExceptionsApiClient extends ExceptionsListApiClient {
   constructor(http: HttpStart) {
     super(
       http,
-      ENDPOINT_HOST_ISOLATION_EXCEPTIONS_LIST_ID,
+      ENDPOINT_ARTIFACT_LISTS.hostIsolationExceptions.id,
       HOST_ISOLATION_EXCEPTIONS_LIST_DEFINITION
     );
   }
 
   public static getInstance(http: HttpStart): ExceptionsListApiClient {
     return super.getInstance(
       http,
-      ENDPOINT_HOST_ISOLATION_EXCEPTIONS_LIST_ID,
+      ENDPOINT_ARTIFACT_LISTS.hostIsolationExceptions.id,
       HOST_ISOLATION_EXCEPTIONS_LIST_DEFINITION
     );
   }