mirror of https://github.com/MISP/MISP
chg: [internal] Check if update is possible
parent
1bad9a008b
commit
3fd029cc62
|
@ -2027,7 +2027,7 @@ class Attribute extends AppModel
|
||||||
* @param array $user
|
* @param array $user
|
||||||
* @param array $options
|
* @param array $options
|
||||||
* @param int|false $result_count If false, count is not fetched
|
* @param int|false $result_count If false, count is not fetched
|
||||||
* @return array|int|null
|
* @return array
|
||||||
* @throws Exception
|
* @throws Exception
|
||||||
*/
|
*/
|
||||||
public function fetchAttributes(array $user, array $options = [], &$result_count = false)
|
public function fetchAttributes(array $user, array $options = [], &$result_count = false)
|
||||||
|
|
|
@ -1234,6 +1234,32 @@ class TestSecurity(unittest.TestCase):
|
||||||
self.admin_misp_connector.delete_user(publisher_user)
|
self.admin_misp_connector.delete_user(publisher_user)
|
||||||
self.admin_misp_connector.delete_organisation(different_org)
|
self.admin_misp_connector.delete_organisation(different_org)
|
||||||
|
|
||||||
|
def test_unpublished_private(self):
|
||||||
|
with self.__setting("MISP.unpublishedprivate", True):
|
||||||
|
created_event = self.admin_misp_connector.add_event(self.__generate_event())
|
||||||
|
self.assertIsInstance(created_event, MISPEvent, "Admin user should be able to create event")
|
||||||
|
|
||||||
|
logged_in = PyMISP(url, self.test_usr.authkey)
|
||||||
|
# Event is not published, so normal user should not see that event
|
||||||
|
self.assertFalse(logged_in.event_exists(created_event.uuid))
|
||||||
|
fetched_event = logged_in.get_event(created_event.uuid)
|
||||||
|
self.assertEqual(fetched_event["errors"][0], 404)
|
||||||
|
attributes = logged_in.search(controller='attributes', uuid=created_event.uuid)
|
||||||
|
self.assertEqual(len(attributes["Attribute"]), 0, attributes)
|
||||||
|
|
||||||
|
# Publish
|
||||||
|
self.assertSuccessfulResponse(self.admin_misp_connector.publish(created_event))
|
||||||
|
|
||||||
|
# Event is published, so normal user should see that event
|
||||||
|
self.assertTrue(logged_in.event_exists(created_event.uuid))
|
||||||
|
fetched_event = logged_in.get_event(created_event.uuid)
|
||||||
|
self.assertSuccessfulResponse(fetched_event, "User should be able to see published event")
|
||||||
|
attributes = logged_in.search(controller='attributes', uuid=created_event.uuid)
|
||||||
|
self.assertEqual(len(attributes["Attribute"]), 1, attributes)
|
||||||
|
|
||||||
|
# Cleanup
|
||||||
|
self.admin_misp_connector.delete_event(created_event)
|
||||||
|
|
||||||
def test_sg_index_user_cannot_see(self):
|
def test_sg_index_user_cannot_see(self):
|
||||||
org = self.__create_org()
|
org = self.__create_org()
|
||||||
hidden_sg = self.__create_sharing_group()
|
hidden_sg = self.__create_sharing_group()
|
||||||
|
|
Loading…
Reference in New Issue