[Security Solution][Endpoint] Adds RBAC API checks for Blocklist (#14…

…4047)

* Adds RBAC API checks for Blocklist

* Change privilege to read for export method in all artifacts

x-pack/plugins/security_solution/server/lists_integration/endpoint/validators/blocklist_validator.ts

@@ -213,10 +213,18 @@ export class BlocklistValidator extends BaseValidator {
     return item.listId === ENDPOINT_BLOCKLISTS_LIST_ID;
   }
 
+  protected async validateHasWritePrivilege(): Promise<void> {
+    return super.validateHasPrivilege('canWriteBlocklist');
+  }
+
+  protected async validateHasReadPrivilege(): Promise<void> {
+    return super.validateHasPrivilege('canReadBlocklist');
+  }
+
   async validatePreCreateItem(
     item: CreateExceptionListItemOptions
   ): Promise<CreateExceptionListItemOptions> {
-    await this.validateCanManageEndpointArtifacts();
+    await this.validateHasWritePrivilege();
 
     item.entries = removeDuplicateEntryValues(item.entries as BlocklistConditionEntry[]);
 
@@ -228,27 +236,27 @@ export class BlocklistValidator extends BaseValidator {
   }
 
   async validatePreDeleteItem(): Promise<void> {
-    await this.validateCanManageEndpointArtifacts();
+    await this.validateHasWritePrivilege();
   }
 
   async validatePreGetOneItem(): Promise<void> {
-    await this.validateCanManageEndpointArtifacts();
+    await this.validateHasReadPrivilege();
   }
 
   async validatePreMultiListFind(): Promise<void> {
-    await this.validateCanManageEndpointArtifacts();
+    await this.validateHasReadPrivilege();
   }
 
   async validatePreExport(): Promise<void> {
-    await this.validateCanManageEndpointArtifacts();
+    await this.validateHasReadPrivilege();
   }
 
   async validatePreSingleListFind(): Promise<void> {
-    await this.validateCanManageEndpointArtifacts();
+    await this.validateHasReadPrivilege();
   }
 
   async validatePreGetListSummary(): Promise<void> {
-    await this.validateCanManageEndpointArtifacts();
+    await this.validateHasReadPrivilege();
   }
 
   async validatePreUpdateItem(
@@ -257,7 +265,7 @@ export class BlocklistValidator extends BaseValidator {
   ): Promise<UpdateExceptionListItemOptions> {
     const updatedItem = _updatedItem as ExceptionItemLikeOptions;
 
-    await this.validateCanManageEndpointArtifacts();
+    await this.validateHasWritePrivilege();
 
     _updatedItem.entries = removeDuplicateEntryValues(
       _updatedItem.entries as BlocklistConditionEntry[]

x-pack/plugins/security_solution/server/lists_integration/endpoint/validators/event_filter_validator.ts

@@ -116,7 +116,7 @@ export class EventFilterValidator extends BaseValidator {
   }
 
   async validatePreExport(): Promise<void> {
-    await this.validateHasWritePrivilege();
+    await this.validateHasReadPrivilege();
   }
 
   async validatePreSingleListFind(): Promise<void> {

x-pack/plugins/security_solution/server/lists_integration/endpoint/validators/host_isolation_exceptions_validator.ts

@@ -105,7 +105,7 @@ export class HostIsolationExceptionsValidator extends BaseValidator {
   }
 
   async validatePreExport(): Promise<void> {
-    await this.validateHasWritePrivilege();
+    await this.validateHasReadPrivilege();
   }
 
   async validatePreSingleListFind(): Promise<void> {

x-pack/plugins/security_solution/server/lists_integration/endpoint/validators/trusted_app_validator.ts

@@ -207,7 +207,7 @@ export class TrustedAppValidator extends BaseValidator {
   }
 
   async validatePreExport(): Promise<void> {
-    await this.validateHasWritePrivilege();
+    await this.validateHasReadPrivilege();
   }
 
   async validatePreSingleListFind(): Promise<void> {