mirror of https://github.com/MISP/MISP
fix: add tests to cover different user roles
parent
09c6484d04
commit
df136f6b3b
|
@ -13,7 +13,6 @@ use Cake\Utility\Inflector;
|
|||
|
||||
class ACLComponent extends Component
|
||||
{
|
||||
|
||||
private $user = null;
|
||||
protected $components = ['Navigation'];
|
||||
|
||||
|
@ -182,14 +181,15 @@ class ACLComponent extends Component
|
|||
'view' => ['*']
|
||||
],
|
||||
'SharingGroups' => [
|
||||
'add' => ['perm_org_admin'],
|
||||
'addOrg' => ['perm_org_admin'],
|
||||
'delete' => ['perm_org_admin'],
|
||||
'edit' => ['perm_org_admin'],
|
||||
'add' => ['perm_sharing_group'],
|
||||
'addServer' => ['perm_sharing_group'],
|
||||
'addOrg' => ['perm_sharing_group'],
|
||||
'delete' => ['perm_sharing_group'],
|
||||
'edit' => ['perm_sharing_group'],
|
||||
'index' => ['*'],
|
||||
'listOrgs' => ['*'],
|
||||
'removeOrg' => ['perm_org_admin'],
|
||||
'view' => ['*']
|
||||
'removeServer' => ['perm_sharing_group'],
|
||||
'removeOrg' => ['perm_sharing_group'],
|
||||
'view' => ['*'],
|
||||
],
|
||||
'Users' => [
|
||||
'add' => ['perm_org_admin'],
|
||||
|
|
|
@ -6,6 +6,7 @@ use Cake\Collection\CollectionInterface;
|
|||
use Cake\Database\Expression\QueryExpression;
|
||||
use Cake\Http\Exception\MethodNotAllowedException;
|
||||
use Cake\I18n\FrozenTime;
|
||||
use Cake\ORM\Locator\LocatorAwareTrait;
|
||||
use Cake\ORM\Query;
|
||||
use Cake\ORM\Table;
|
||||
use Cake\ORM\TableRegistry;
|
||||
|
@ -14,11 +15,16 @@ use InvalidArgumentException;
|
|||
|
||||
class AppTable extends Table
|
||||
{
|
||||
use LocatorAwareTrait;
|
||||
|
||||
/** @var LogsTable */
|
||||
public $Log = null;
|
||||
|
||||
public function initialize(array $config): void
|
||||
{
|
||||
}
|
||||
|
||||
public function getStatisticsUsageForModel(Object $table, array $scopes, array $options = []): array
|
||||
public function getStatisticsUsageForModel(object $table, array $scopes, array $options = []): array
|
||||
{
|
||||
$defaultOptions = [
|
||||
'limit' => 5,
|
||||
|
@ -39,9 +45,9 @@ class AppTable extends Table
|
|||
if ($queryTopUsage->getDefaultTypes()[$scope] != 'boolean') {
|
||||
$queryTopUsage->where(
|
||||
function (QueryExpression $exp) use ($scope) {
|
||||
return $exp
|
||||
->isNotNull($scope)
|
||||
->notEq($scope, '');
|
||||
return $exp
|
||||
->isNotNull($scope)
|
||||
->notEq($scope, '');
|
||||
}
|
||||
);
|
||||
}
|
||||
|
@ -101,7 +107,7 @@ class AppTable extends Table
|
|||
}
|
||||
|
||||
// Move this into a tool
|
||||
public function getActivityStatisticsForModel(Object $table, int $days = 30): array
|
||||
public function getActivityStatisticsForModel(object $table, int $days = 30): array
|
||||
{
|
||||
$statistics = [];
|
||||
if ($table->hasBehavior('Timestamp')) {
|
||||
|
@ -115,7 +121,7 @@ class AppTable extends Table
|
|||
return $statistics;
|
||||
}
|
||||
|
||||
public function getActivityStatistic(Object $table, int $days = 30, string $field = 'modified', bool $includeTimeline = true): array
|
||||
public function getActivityStatistic(object $table, int $days = 30, string $field = 'modified', bool $includeTimeline = true): array
|
||||
{
|
||||
$statistics = [];
|
||||
$statistics['days'] = $days;
|
||||
|
@ -130,7 +136,7 @@ class AppTable extends Table
|
|||
return $statistics;
|
||||
}
|
||||
|
||||
public function buildTimeline(Object $table, int $days = 30, string $field = 'modified'): array
|
||||
public function buildTimeline(object $table, int $days = 30, string $field = 'modified'): array
|
||||
{
|
||||
$timeline = [];
|
||||
$authorizedFields = ['modified', 'created'];
|
||||
|
@ -286,4 +292,15 @@ class AppTable extends Table
|
|||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return LogsTable
|
||||
*/
|
||||
protected function loadLog()
|
||||
{
|
||||
if (!isset($this->Log)) {
|
||||
$this->Log = $this->fetchTable('Logs');
|
||||
}
|
||||
return $this->Log;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -321,7 +321,8 @@ class SharingGroupsTable extends AppTable
|
|||
function (QueryExpression $exp, Query $q) use ($serverToFetch) {
|
||||
return $exp->in('id', array_keys($serverToFetch));
|
||||
}
|
||||
)->disableHydration()->toArray();;
|
||||
)->disableHydration()->toArray();
|
||||
;
|
||||
|
||||
$serversById = array_column(array_column($servers, 'Server'), null, 'id');
|
||||
}
|
||||
|
@ -390,7 +391,7 @@ class SharingGroupsTable extends AppTable
|
|||
if (isset($org['Organisation'][0])) {
|
||||
$org['Organisation'] = $org['Organisation'][0];
|
||||
}
|
||||
if ($org['Organisation']['uuid'] == $user['Organisation']['uuid']) {
|
||||
if ($org['uuid'] == $user['Organisation']['uuid']) {
|
||||
if ($user['Role']['perm_sync'] || $org['extend'] == 1) {
|
||||
$orgCheck = true;
|
||||
break;
|
||||
|
@ -404,7 +405,7 @@ class SharingGroupsTable extends AppTable
|
|||
$server['Server'] = $server['Server'][0];
|
||||
}
|
||||
if (
|
||||
$server['Server']['url'] == Configure::read('MISP.baseurl') ||
|
||||
$server['url'] == Configure::read('MISP.baseurl') ||
|
||||
(!empty(Configure::read('MISP.external_baseurl')) && Configure::read('MISP.external_baseurl') === $server['Server']['url'])
|
||||
) {
|
||||
$serverCheck = true;
|
||||
|
@ -851,11 +852,12 @@ class SharingGroupsTable extends AppTable
|
|||
{
|
||||
if (!isset($sg['Organisation'])) {
|
||||
if (!isset($sg['SharingGroupOrg'])) {
|
||||
$sg['SharingGroupOrg'] = [[
|
||||
'extend' => 1,
|
||||
'uuid' => $user['Organisation']['uuid'],
|
||||
'name' => $user['Organisation']['name'],
|
||||
]
|
||||
$sg['SharingGroupOrg'] = [
|
||||
[
|
||||
'extend' => 1,
|
||||
'uuid' => $user['Organisation']['uuid'],
|
||||
'name' => $user['Organisation']['name'],
|
||||
]
|
||||
];
|
||||
return $user['org_id'];
|
||||
} else {
|
||||
|
@ -961,7 +963,7 @@ class SharingGroupsTable extends AppTable
|
|||
}
|
||||
}
|
||||
} else {
|
||||
$sharingGroupOrgEntity =$this->SharingGroupOrgs->newEntity(
|
||||
$sharingGroupOrgEntity = $this->SharingGroupOrgs->newEntity(
|
||||
[
|
||||
'sharing_group_id' => $sg_id,
|
||||
'org_id' => $sg['SharingGroupOrg'][$k]['org_id'],
|
||||
|
|
|
@ -25,11 +25,14 @@ class AddSharingGroupApiTest extends TestCase
|
|||
'app.SharingGroupServers',
|
||||
];
|
||||
|
||||
public function testAddSharingGroup(): void
|
||||
/**
|
||||
* @dataProvider userDataProvider
|
||||
*/
|
||||
public function testAddSharingGroup($user): void
|
||||
{
|
||||
$this->skipOpenApiValidations();
|
||||
|
||||
$this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
|
||||
$this->setAuthToken($user['authkey']);
|
||||
|
||||
$faker = \Faker\Factory::create();
|
||||
$uuid = $faker->uuid();
|
||||
|
@ -43,7 +46,12 @@ class AddSharingGroupApiTest extends TestCase
|
|||
]
|
||||
);
|
||||
|
||||
$this->assertResponseOk();
|
||||
$this->assertResponseCode($user['expectedStatusCode']);
|
||||
|
||||
if ($user['expectedStatusCode'] != 200) {
|
||||
return;
|
||||
}
|
||||
|
||||
$this->assertDbRecordExists(
|
||||
'SharingGroups',
|
||||
[
|
||||
|
@ -54,11 +62,14 @@ class AddSharingGroupApiTest extends TestCase
|
|||
);
|
||||
}
|
||||
|
||||
public function testAddSharingGroupOrganisation(): void
|
||||
/**
|
||||
* @dataProvider userDataProvider
|
||||
*/
|
||||
public function testAddSharingGroupOrganisation($user): void
|
||||
{
|
||||
$this->skipOpenApiValidations();
|
||||
|
||||
$this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
|
||||
$this->setAuthToken($user['authkey']);
|
||||
|
||||
$faker = \Faker\Factory::create();
|
||||
$uuid = $faker->uuid();
|
||||
|
@ -78,7 +89,12 @@ class AddSharingGroupApiTest extends TestCase
|
|||
]
|
||||
);
|
||||
|
||||
$this->assertResponseOk();
|
||||
$this->assertResponseCode($user['expectedStatusCode']);
|
||||
|
||||
if ($user['expectedStatusCode'] != 200) {
|
||||
return;
|
||||
}
|
||||
|
||||
$this->assertDbRecordExists(
|
||||
'SharingGroups',
|
||||
[
|
||||
|
@ -94,11 +110,14 @@ class AddSharingGroupApiTest extends TestCase
|
|||
);
|
||||
}
|
||||
|
||||
public function testAddSharingGroupServer(): void
|
||||
/**
|
||||
* @dataProvider userDataProvider
|
||||
*/
|
||||
public function testAddSharingGroupServer($user): void
|
||||
{
|
||||
$this->skipOpenApiValidations();
|
||||
|
||||
$this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
|
||||
$this->setAuthToken($user['authkey']);
|
||||
|
||||
$faker = \Faker\Factory::create();
|
||||
$uuid = $faker->uuid();
|
||||
|
@ -121,7 +140,13 @@ class AddSharingGroupApiTest extends TestCase
|
|||
]
|
||||
]
|
||||
);
|
||||
$this->assertResponseOk();
|
||||
|
||||
|
||||
$this->assertResponseCode($user['expectedStatusCode']);
|
||||
|
||||
if ($user['expectedStatusCode'] != 200) {
|
||||
return;
|
||||
}
|
||||
|
||||
$sharingGroup = $this->getJsonResponseAsArray();
|
||||
|
||||
|
@ -140,4 +165,43 @@ class AddSharingGroupApiTest extends TestCase
|
|||
]
|
||||
);
|
||||
}
|
||||
|
||||
public function allowedUserDataProvider(): array
|
||||
{
|
||||
return [];
|
||||
}
|
||||
|
||||
public function userDataProvider(): array
|
||||
{
|
||||
return [
|
||||
[
|
||||
[
|
||||
'role' => 'Admin',
|
||||
'authkey' => AuthKeysFixture::ADMIN_API_KEY,
|
||||
'expectedStatusCode' => 200
|
||||
]
|
||||
],
|
||||
[
|
||||
[
|
||||
'role' => 'Org Admin',
|
||||
'authkey' => AuthKeysFixture::ORG_ADMIN_API_KEY,
|
||||
'expectedStatusCode' => 403
|
||||
]
|
||||
],
|
||||
[
|
||||
[
|
||||
'role' => 'Sync User',
|
||||
'authkey' => AuthKeysFixture::SYNC_API_KEY,
|
||||
'expectedStatusCode' => 403
|
||||
]
|
||||
],
|
||||
[
|
||||
[
|
||||
'role' => 'Regular User',
|
||||
'authkey' => AuthKeysFixture::REGULAR_USER_API_KEY,
|
||||
'expectedStatusCode' => 405
|
||||
]
|
||||
]
|
||||
];
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue