From fee5a59895030a9c04c6303de79a08fb2a1eb6a1 Mon Sep 17 00:00:00 2001
From: Arturo Liduena <arturo.liduena@elastic.co>
Date: Tue, 3 Dec 2024 23:26:11 +0100
Subject: [PATCH 1/2] Enhance access query logic to handle user ID and name
 conditions more robustly

---
 .../server/service/util/get_access_query.ts          | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/util/get_access_query.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/util/get_access_query.ts
index 6b654731a264b..c01fb4422cc66 100644
--- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/util/get_access_query.ts
+++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/util/get_access_query.ts
@@ -20,7 +20,17 @@ export function getAccessQuery({
               should: [
                 { term: { public: true } },
                 ...(user
-                  ? [{ term: user.id ? { 'user.id': user.id } : { 'user.name': user.name } }]
+                  ? user.id
+                    ? [
+                        { term: { 'user.id': user.id } },
+                        {
+                          bool: {
+                            must_not: { exists: { field: 'user.id' } },
+                            must: { term: { 'user.name': user.name } },
+                          },
+                        },
+                      ]
+                    : [{ term: { 'user.name': user.name } }]
                   : []),
               ],
               minimum_should_match: 1,

From 90df2f779a7bbb2a55ced450d0906857d0bb9759 Mon Sep 17 00:00:00 2001
From: Arturo Liduena <arturo.liduena@elastic.co>
Date: Wed, 4 Dec 2024 10:10:20 +0100
Subject: [PATCH 2/2] Refactor access query logic to use a dedicated function
 for user access filters

---
 .../server/service/util/get_access_query.ts   | 37 +++++++++++--------
 1 file changed, 21 insertions(+), 16 deletions(-)

diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/util/get_access_query.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/util/get_access_query.ts
index c01fb4422cc66..b517273630f56 100644
--- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/util/get_access_query.ts
+++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/util/get_access_query.ts
@@ -17,22 +17,7 @@ export function getAccessQuery({
         filter: [
           {
             bool: {
-              should: [
-                { term: { public: true } },
-                ...(user
-                  ? user.id
-                    ? [
-                        { term: { 'user.id': user.id } },
-                        {
-                          bool: {
-                            must_not: { exists: { field: 'user.id' } },
-                            must: { term: { 'user.name': user.name } },
-                          },
-                        },
-                      ]
-                    : [{ term: { 'user.name': user.name } }]
-                  : []),
-              ],
+              should: [{ term: { public: true } }, ...getUserAccessFilters(user)],
               minimum_should_match: 1,
             },
           },
@@ -61,3 +46,23 @@ export function getAccessQuery({
     },
   ];
 }
+
+function getUserAccessFilters(user?: { name: string; id?: string }) {
+  if (!user) {
+    return [];
+  }
+
+  if (user.id) {
+    return [
+      { term: { 'user.id': user.id } },
+      {
+        bool: {
+          must_not: { exists: { field: 'user.id' } },
+          must: { term: { 'user.name': user.name } },
+        },
+      },
+    ];
+  }
+
+  return [{ term: { 'user.name': user.name } }];
+}