[workspace]feat: bypass permission control when construct ui settings client

[SuZhou-Joe]

Description

In 2.16 we refactored the way how we construct the find query based on workspace and permission control, which makes normal user unable to find global objects. And this behavior breaks the upgrade flow of advanced settings as it is using find to list all of the global configs

This PR is to fix this issue by constructing a saved objects client that will bypass workspace permission control wrapper so that the upgrade flow can work as it was.

Issues Resolved

Screenshot

Testing the changes

• Turn on workspace permission control by turning on savedObjects.permission.enabled: true and config a user as the dashboard admin.
• Login with a non-dashboard-admin user
• Create a config whose doc id is config:2.9.0 with some customized attributes and delete the existing config whose doc id is config:3.0.0
• Refresh the page and you should see a new doc with id config:3.0.0 should be created, with the customized attributes upgraded from config:2.9.0

Changelog

• fix: bypass permission control when construct ui settings client

Check List

• All tests pass
  • yarn test:jest
  • yarn test:jest_integration
• New functionality includes testing.
• New functionality has been documented.
• Update CHANGELOG.md
• Commits are signed per the DCO using --signoff

[github-actions]

❌ Empty Changelog Section

The Changelog section in your PR description is empty. Please add a valid changelog entry or entries. If you did add a changelog entry, check to make sure that it was not accidentally included inside the comment block in the Changelog section.

[codecov]

Codecov Report

Attention: Patch coverage is 75.00000% with 1 line in your changes missing coverage. Please review.

Project coverage is 60.58%. Comparing base (5aaa00c) to head (4f5e0f3).
Report is 17 commits behind head on main.

Files with missing lines	Patch %	Lines
src/core/server/core_route_handler_context.ts	50.00%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #8053      +/-   ##
==========================================
- Coverage   60.59%   60.58%   -0.01%     
==========================================
  Files        3738     3738              
  Lines       88678    88680       +2     
  Branches    13787    13788       +1     
==========================================
- Hits        53732    53731       -1     
- Misses      31661    31663       +2     
- Partials     3285     3286       +1     

Flag	Coverage Δ
Linux_1	28.75% <25.00%> (-0.01%)	⬇️
Linux_2	56.28% <75.00%> (+<0.01%)	⬆️
Linux_3	37.51% <25.00%> (-0.01%)	⬇️
Linux_4	29.60% <25.00%> (-0.01%)	⬇️
Windows_1	28.77% <25.00%> (-0.01%)	⬇️
Windows_2	56.23% <75.00%> (+<0.01%)	⬆️
Windows_3	37.51% <25.00%> (-0.01%)	⬇️
Windows_4	29.60% <25.00%> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[Hailong-am]

how about call await uiSettingsClient.get(DEFAULT_WORKSPACE); no matter what's the path after the user authenticated, after this call setting object should been initialized which include upgrade logic. With this, we don't need to put exclude workspace wrapper logic in other place.

[SuZhou-Joe]

Get your point, yeah let me see if I can find a centralized place that will trigger the get method of ui settings client.