[go: nahoru, domu]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[backend] fix user capabilities check for notification (#7109) #7130

Merged
merged 7 commits into from
May 31, 2024
Merged

[backend] fix user capabilities check for notification (#7109) #7130

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
a3ce2a8
[backend] fix user capabilities check for notification (#7109)
marieflorescontact May 27, 2024
8645869
[backend] remove constant and add Todo
marieflorescontact May 30, 2024
8fa95fb
[backend] fix Opinion and Note capability check
marieflorescontact May 30, 2024
75fb568
[backend] fix Opinion and Note capability check
marieflorescontact May 30, 2024
5bb1622
[backend] fix Opinion and Note capability check
marieflorescontact May 30, 2024
844ba6c
[backend] use isUserHasCapability
marieflorescontact May 30, 2024
c033049
[backend] use isUserHasCapability
marieflorescontact May 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions opencti-platform/opencti-graphql/src/domain/backgroundTask-common.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
import { generateInternalId, generateStandardId } from '../schema/identifier';
import { ENTITY_TYPE_BACKGROUND_TASK } from '../schema/internalObject';
import { now } from '../utils/format';
import { BYPASS, MEMBER_ACCESS_RIGHT_ADMIN, SETTINGS_SET_ACCESSES } from '../utils/access';
import { BYPASS, isUserHasCapability, MEMBER_ACCESS_RIGHT_ADMIN, SETTINGS_SET_ACCESSES } from '../utils/access';
import { isKnowledge, KNOWLEDGE_DELETE, KNOWLEDGE_UPDATE } from '../schema/general';
import { ForbiddenAccess, UnsupportedError } from '../config/errors';
import { elIndex } from '../database/engine';
Expand Down Expand Up @@ -88,7 +88,7 @@
const isUserData = userFilters.length > 0
&& userFilters[0].values.length === 1
&& userFilters[0].values[0] === user.id;
const isAuthorized = userCapabilities.includes(BYPASS) || userCapabilities.includes(SETTINGS_SET_ACCESSES) || isUserData;
const isAuthorized = isUserHasCapability(user, SETTINGS_SET_ACCESSES) || isUserData;

Check warning on line 91 in opencti-platform/opencti-graphql/src/domain/backgroundTask-common.js

View check run for this annotation

Codecov / codecov/patch

opencti-platform/opencti-graphql/src/domain/backgroundTask-common.js#L91 

Added line #L91 was not covered by tests
if (!isAuthorized) {
throw ForbiddenAccess();
}
Expand All @@ -100,7 +100,7 @@
}
const notificationsUsers = uniq(objects.map((o) => o.user_id));
const isUserData = notificationsUsers.length === 1 && notificationsUsers.includes(user.id);
const isAuthorized = userCapabilities.includes(BYPASS) || userCapabilities.includes(SETTINGS_SET_ACCESSES) || isUserData;
const isAuthorized = isUserHasCapability(user, SETTINGS_SET_ACCESSES) || isUserData;

Check warning on line 103 in opencti-platform/opencti-graphql/src/domain/backgroundTask-common.js

View check run for this annotation

Codecov / codecov/patch

opencti-platform/opencti-graphql/src/domain/backgroundTask-common.js#L103 

Added line #L103 was not covered by tests
if (!isAuthorized) {
throw ForbiddenAccess();
}
Expand Down
4 changes: 2 additions & 2 deletions opencti-platform/opencti-graphql/src/resolvers/note.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ import {
} from '../domain/stixDomainObject';
import { RELATION_CREATED_BY, } from '../schema/stixRefRelationship';
import { KNOWLEDGE_COLLABORATION, KNOWLEDGE_UPDATE } from '../schema/general';
import { BYPASS, isUserHasCapability } from '../utils/access';
import { BYPASS, isUserHasCapability, KNOWLEDGE_KNUPDATE } from '../utils/access';
import { ForbiddenAccess } from '../config/errors';
import { userAddIndividual } from '../domain/user';

Expand Down Expand Up @@ -73,7 +73,7 @@ const noteResolvers = {
},
fieldPatch: async ({ input, commitMessage, references }) => {
await checkUserAccess(context, context.user, id);
const isManager = isUserHasCapability(context.user, KNOWLEDGE_UPDATE);
const isManager = isUserHasCapability(context.user, KNOWLEDGE_KNUPDATE);
const availableInputs = isManager ? input : input.filter((i) => i.key !== 'createdBy');
return stixDomainObjectEditField(context, context.user, id, availableInputs, { commitMessage, references });
},
Expand Down
4 changes: 2 additions & 2 deletions opencti-platform/opencti-graphql/src/resolvers/opinion.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@
import { RELATION_CREATED_BY, } from '../schema/stixRefRelationship';
import { KNOWLEDGE_COLLABORATION, KNOWLEDGE_UPDATE } from '../schema/general';
import { userAddIndividual } from '../domain/user';
import { BYPASS, isUserHasCapability } from '../utils/access';
import { BYPASS, isUserHasCapability, KNOWLEDGE_KNUPDATE } from '../utils/access';
import { ForbiddenAccess } from '../config/errors';

// Needs to have edit rights or needs to be creator of the opinion
Expand Down Expand Up @@ -75,7 +75,7 @@
},
fieldPatch: async ({ input, commitMessage, references }) => {
await checkUserAccess(context, context.user, id);
const isManager = isUserHasCapability(context.user, KNOWLEDGE_UPDATE);
const isManager = isUserHasCapability(context.user, KNOWLEDGE_KNUPDATE);

Check warning on line 78 in opencti-platform/opencti-graphql/src/resolvers/opinion.js

View check run for this annotation

Codecov / codecov/patch

opencti-platform/opencti-graphql/src/resolvers/opinion.js#L78 

Added line #L78 was not covered by tests
const availableInputs = isManager ? input : input.filter((i) => i.key !== 'createdBy');
return stixDomainObjectEditField(context, context.user, id, availableInputs, { commitMessage, references });
},
Expand Down
1 change: 1 addition & 0 deletions opencti-platform/opencti-graphql/src/utils/access.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ export const SETTINGS_SET_ACCESSES = 'SETTINGS_SETACCESSES';
export const TAXIIAPI_SETCOLLECTIONS = 'TAXIIAPI_SETCOLLECTIONS';
export const TAXIIAPI_SETCSVMAPPERS = 'TAXIIAPI_SETCSVMAPPERS';
export const KNOWLEDGE = 'KNOWLEDGE';
export const KNOWLEDGE_KNUPDATE = 'KNOWLEDGE_KNUPDATE';
export const KNOWLEDGE_ORGANIZATION_RESTRICT = 'KNOWLEDGE_KNUPDATE_KNORGARESTRICT';
export const SETTINGS = 'SETTINGS';
export const VIRTUAL_ORGANIZATION_ADMIN = 'VIRTUAL_ORGANIZATION_ADMIN';
Expand Down