feat: remove unnecessary saved object get call

[wanglam]

Description

1. Add in memory validate in permission control
2. Use in memory validate for object ACL validate

Issues Resolved

Screenshot

Testing the changes

Check List

• All tests pass
  • yarn test:jest
  • yarn test:jest_integration
  • yarn test:ftr
• New functionality includes testing.
• New functionality has been documented.
• Update CHANGELOG.md
• Commits are signed per the DCO using --signoff

[codecov-commenter]

Codecov Report

Merging #214 (c25a13d) into workspace (8505341) will increase coverage by 0.00%.
Report is 1 commits behind head on workspace.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           workspace     #214   +/-   ##
==========================================
  Coverage      66.21%   66.22%           
==========================================
  Files           3420     3420           
  Lines          65755    65755           
  Branches       10589    10589           
==========================================
+ Hits           43541    43543    +2     
+ Misses         19577    19570    -7     
- Partials        2637     2642    +5     

Flag	Coverage Δ
Linux_1	30.42% <ø> (ø)
Linux_2	55.38% <ø> (ø)
Linux_3	42.76% <ø> (+<0.01%)	⬆️
Linux_4	34.51% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

see 6 files with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[ruanyl]

Suggested change

	const hasAllPermission = savedObjectsGet.every((savedObject) => {
	const hasPermission = this.inMemoryValidate({
	savedObject,
	permissionModes,
	principals,
	shouldLogNotPermitted: false,
	});
	const hasAllPermission = savedObjectsGet.every((savedObject) => {
	const hasPermission = this.inMemoryValidate({
	savedObject,
	permissionModes,
	principals,
	});
	if (!hasPermission) {
	// do log here
	this.logNotPermitted(...)
	notPermittedSavedObjects.push(savedObject);
	}

I tend to make inMemoryValidate a pure util function so it doesn't care about logging, what do you think?

[wanglam]

I think we need to log the not permitted validation when call inMemoryValidate directly. Is that means we need to call the logNotPermitted manually after inMemoryValidate call?

[ruanyl]

Is that means we need to call the logNotPermitted manually after inMemoryValidate call?
Yes, just feel passing shouldLogNotPermitted to inMemoryValidate makes the function a bit overwhelming.

[wanglam]

What do you think about change inMemoryValidate accept multi saved objects? So we don't need add shouldLogNotPermitted parameter.

[ruanyl]

Sounds good to me

[ruanyl]

Can you put some comment on this function?

[ruanyl]

To be more specific, can we call it validateObjectACL?

[ruanyl]

Suggested change

	savedObjectsOrSavedObject:
	| Array<Pick<SavedObject<unknown>, 'id' | 'type' | 'workspaces' | 'permissions'>>
	| Pick<SavedObject<unknown>, 'id' | 'type' | 'workspaces' | 'permissions'>,
	savedObjects: Array<Pick<SavedObject<unknown>, 'id' | 'type' | 'workspaces' | 'permissions'>>,

Can we simplify it like this?

[wanglam]

Is that means we only accept array as paramenter?

[ruanyl]

Yeah, but not a big issue, just think this might make it looks simpler.