[go: nahoru, domu]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[backend] fix user capabilities check for notification (#7109) #7130

Merged
merged 7 commits into from
May 31, 2024
Merged

[backend] fix user capabilities check for notification (#7109) #7130

Changes from 1 commit
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
a3ce2a8
[backend] fix user capabilities check for notification (#7109)
marieflorescontact May 27, 2024
8645869
[backend] remove constant and add Todo
marieflorescontact May 30, 2024
8fa95fb
[backend] fix Opinion and Note capability check
marieflorescontact May 30, 2024
75fb568
[backend] fix Opinion and Note capability check
marieflorescontact May 30, 2024
5bb1622
[backend] fix Opinion and Note capability check
marieflorescontact May 30, 2024
844ba6c
[backend] use isUserHasCapability
marieflorescontact May 30, 2024
c033049
[backend] use isUserHasCapability
marieflorescontact May 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
[backend] use isUserHasCapability
  • Loading branch information
@marieflorescontact
marieflorescontact committed May 30, 2024
commit 844ba6c494296867723d93bc317a15bfd22038ad
8 changes: 3 additions & 5 deletions opencti-platform/opencti-graphql/src/domain/backgroundTask-common.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
import { generateInternalId, generateStandardId } from '../schema/identifier';
import { ENTITY_TYPE_BACKGROUND_TASK } from '../schema/internalObject';
import { now } from '../utils/format';
import { BYPASS, MEMBER_ACCESS_RIGHT_ADMIN, SETTINGS_SET_ACCESSES } from '../utils/access';
import { BYPASS, isUserHasCapability, MEMBER_ACCESS_RIGHT_ADMIN, SETTINGS_SET_ACCESSES } from '../utils/access';
import { isKnowledge, KNOWLEDGE_DELETE, KNOWLEDGE_UPDATE } from '../schema/general';
import { ForbiddenAccess, UnsupportedError } from '../config/errors';
import { elIndex } from '../database/engine';
Expand Down Expand Up @@ -88,8 +88,7 @@
const isUserData = userFilters.length > 0
&& userFilters[0].values.length === 1
&& userFilters[0].values[0] === user.id;
// TODO clean up user capabilities and use isUserHasCapability without split
const isAuthorized = userCapabilities.includes(BYPASS) || userCapabilities.includes('SETACCESSES') || isUserData;
const isAuthorized = userCapabilities.includes(BYPASS) || isUserHasCapability(user, SETTINGS_SET_ACCESSES) || isUserData;

Check warning on line 91 in opencti-platform/opencti-graphql/src/domain/backgroundTask-common.js

View check run for this annotation

Codecov / codecov/patch

opencti-platform/opencti-graphql/src/domain/backgroundTask-common.js#L91 

Added line #L91 was not covered by tests
if (!isAuthorized) {
throw ForbiddenAccess();
}
Expand All @@ -101,8 +100,7 @@
}
const notificationsUsers = uniq(objects.map((o) => o.user_id));
const isUserData = notificationsUsers.length === 1 && notificationsUsers.includes(user.id);
// TODO clean up user capabilities and use isUserHasCapability without split
const isAuthorized = userCapabilities.includes(BYPASS) || userCapabilities.includes('SETACCESSES') || isUserData;
const isAuthorized = userCapabilities.includes(BYPASS) || isUserHasCapability(user, SETTINGS_SET_ACCESSES) || isUserData;

Check warning on line 103 in opencti-platform/opencti-graphql/src/domain/backgroundTask-common.js

View check run for this annotation

Codecov / codecov/patch

opencti-platform/opencti-graphql/src/domain/backgroundTask-common.js#L103 

Added line #L103 was not covered by tests
if (!isAuthorized) {
throw ForbiddenAccess();
}
Expand Down
Loading