[BUG][NewHomePage] Avoid Requiring Index Write Permission for the New Homepage Loading

[Flyingliuhub]

Describe the bug

The new homepage was introduced in the 2.13 release, which required index write permission when loading. However, this should be avoided as dashboard users may not have index write permission.

To Reproduce
Steps to reproduce the behavior:

1. Enable useNewHomePage in the advance setting
2. Open the homepage with users who only have readonly permission users
3. The new homepage was broken with error message "There was an error loading the homepage."

Steps to reproduce the behavior in local cluster:

1. Run OS with security plugin yarn opensearch snapshot --security
2. Run osd yarn start --no-base-path
3. Login with osd with admin user and enable newhome feature from advanced setting for Global tenant
4. Copy the default role readall and add Global tenant read permission
5. Create user test and map to the copied readall_copy role
6. Login with osd with test user which created in the step 5
7. Navigate to homepage

Expected behavior
The new home page loading should not required to index write permission

Impact
In case of admin enabled advance setting in the global tenant, all the readonly users under global tenant will impact when visit new home page.

OpenSearch Version
8.13.0

Dashboards Version
2.13.0

Plugins

All the official release plugins

Screenshots

newhomepageissue2.mov

Host/Environment (please complete the following information):

• OS: [e.g. iOS]
• Browser and version [e.g. 22]

Additional context

{
    "statusCode": 403,
    "error": "Forbidden",
    "message": "no permissions for [indices:data/write/index] and User [name=xxx, backend_roles=[xxx], requestedTenant=null]: security_exception: [security_exception] Reason: no permissions for [indices:data/write/index] and User [name=xxxx, backend_roles=[xxxx], requestedTenant=null]"
}

[seraphjiang]

Thanks @Flyingliuhub @ashwin-pc

@bbarani @wbeckler do you think we should conduct a patch release to include fix for this?

cc: @kgcreative @elfisher

[bbarani]

Based on feedback from @ashwin-pc, this bug is in an opt-in feature and the new dashboard is not enabled by default so the risk is low. Please let me know if you think otherwise.

[seraphjiang]

Based on feedback from @ashwin-pc, this bug is in an opt-in feature and the new dashboard is not enabled by default so the risk is low. Please let me know if you think otherwise.

not sure how we define the opt-in feature, compare the experimental feature , GA feature.

• @kgcreative @elfisher to assess the potential to custom impact

[ananzh]

@Flyingliuhub I am not able reproduce this. Here are my steps:

• Add opensearch_security.auth.anonymous_auth_enabled: true in opensearch_dashboards. also set http:
  anonymous_auth_enabled: true in opensearch
• I use global admin to set to use new home page
• log out
• remove login part from url and reload

Here is the video, and start at 40s
https://github.com/opensearch-project/OpenSearch-Dashboards/assets/79961084/2ae244dc-6c27-46cc-bf70-5392b4387312

[Flyingliuhub]

@Flyingliuhub I am not able reproduce this. Here are my steps:

* Add opensearch_security.auth.anonymous_auth_enabled: true in opensearch_dashboards. also set http:
  anonymous_auth_enabled: true in opensearch

* I use global admin to set to use new home page

* log out

* remove login part from url and reload

Here is the video, and start at 40s https://github.com/opensearch-project/OpenSearch-Dashboards/assets/79961084/2ae244dc-6c27-46cc-bf70-5392b4387312

@ananzh You are visit default home, not newhome page, you need to visit the new home page for repro the issue

[ananzh]

@Flyingliuhub will revisit this in 2.15

[ananzh]

Issue is in src/plugins/home/public/services/section_type/section_type.ts . Fix is to update

if (heroes || sections) {
              homepage
                .save({})
                .then(() => error$.next(undefined))
                .catch((e) => error$.next(e));
            }

to

if (heroes || sections) {
              homepage
                .save({})
            }

[Flyingliuhub]

@ananzh 2.15 is release soon. do you have a fix for this issue? we still saw this error in the future.playground with 2.15 build

[ananzh]

@ruanyl I think this bug is fixed in #7054. I don't quite remember why I reopen it on the same day when PR is merged. I think it might just be a mistake when I check all the 2.15 PRs. Feel free to verify this.

[ruanyl]

Introduced a new framework for dynamic content rendering #7201, the issue no longer existing, closing this now.