MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: add tests to cover different user roles

pull/9439/head
Luciano Righetti 2023-12-12 11:31:48 +01:00
parent 09c6484d04
commit df136f6b3b
4 changed files with 116 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/Controller/Component/ACLComponent.php
View File

@ -13,7 +13,6 @@ use Cake\Utility\Inflector;
class ACLComponent extends Component
{
private $user = null;
protected $components = ['Navigation'];
@ -182,14 +181,15 @@ class ACLComponent extends Component
'view' => ['*']
],
'SharingGroups' => [
'add' => ['perm_org_admin'],
'addOrg' => ['perm_org_admin'],
'delete' => ['perm_org_admin'],
'edit' => ['perm_org_admin'],
'add' => ['perm_sharing_group'],
'addServer' => ['perm_sharing_group'],
'addOrg' => ['perm_sharing_group'],
'delete' => ['perm_sharing_group'],
'edit' => ['perm_sharing_group'],
'index' => ['*'],
'listOrgs' => ['*'],
'removeOrg' => ['perm_org_admin'],
'view' => ['*']
'removeServer' => ['perm_sharing_group'],
'removeOrg' => ['perm_sharing_group'],
'view' => ['*'],
],
'Users' => [
'add' => ['perm_org_admin'],

31
src/Model/Table/AppTable.php
View File

@ -6,6 +6,7 @@ use Cake\Collection\CollectionInterface;
use Cake\Database\Expression\QueryExpression;
use Cake\Http\Exception\MethodNotAllowedException;
use Cake\I18n\FrozenTime;
use Cake\ORM\Locator\LocatorAwareTrait;
use Cake\ORM\Query;
use Cake\ORM\Table;
use Cake\ORM\TableRegistry;
@ -14,11 +15,16 @@ use InvalidArgumentException;
class AppTable extends Table
{
use LocatorAwareTrait;
/** @var LogsTable */
public $Log = null;
public function initialize(array $config): void
{
}
public function getStatisticsUsageForModel(Object $table, array $scopes, array $options = []): array
public function getStatisticsUsageForModel(object $table, array $scopes, array $options = []): array
{
$defaultOptions = [
'limit' => 5,
@ -39,9 +45,9 @@ class AppTable extends Table
if ($queryTopUsage->getDefaultTypes()[$scope] != 'boolean') {
$queryTopUsage->where(
function (QueryExpression $exp) use ($scope) {
return $exp
->isNotNull($scope)
->notEq($scope, '');
return $exp
->isNotNull($scope)
->notEq($scope, '');
}
);
}
@ -101,7 +107,7 @@ class AppTable extends Table
}
// Move this into a tool
public function getActivityStatisticsForModel(Object $table, int $days = 30): array
public function getActivityStatisticsForModel(object $table, int $days = 30): array
{
$statistics = [];
if ($table->hasBehavior('Timestamp')) {
@ -115,7 +121,7 @@ class AppTable extends Table
return $statistics;
}
public function getActivityStatistic(Object $table, int $days = 30, string $field = 'modified', bool $includeTimeline = true): array
public function getActivityStatistic(object $table, int $days = 30, string $field = 'modified', bool $includeTimeline = true): array
{
$statistics = [];
$statistics['days'] = $days;
@ -130,7 +136,7 @@ class AppTable extends Table
return $statistics;
}
public function buildTimeline(Object $table, int $days = 30, string $field = 'modified'): array
public function buildTimeline(object $table, int $days = 30, string $field = 'modified'): array
{
$timeline = [];
$authorizedFields = ['modified', 'created'];
@ -286,4 +292,15 @@ class AppTable extends Table
}
return null;
}
/**
* @return LogsTable
*/
protected function loadLog()
{
if (!isset($this->Log)) {
$this->Log = $this->fetchTable('Logs');
}
return $this->Log;
}
}

20
src/Model/Table/SharingGroupsTable.php
View File

@ -321,7 +321,8 @@ class SharingGroupsTable extends AppTable
function (QueryExpression $exp, Query $q) use ($serverToFetch) {
return $exp->in('id', array_keys($serverToFetch));
}
)->disableHydration()->toArray();;
)->disableHydration()->toArray();
;
$serversById = array_column(array_column($servers, 'Server'), null, 'id');
}
@ -390,7 +391,7 @@ class SharingGroupsTable extends AppTable
if (isset($org['Organisation'][0])) {
$org['Organisation'] = $org['Organisation'][0];
}
if ($org['Organisation']['uuid'] == $user['Organisation']['uuid']) {
if ($org['uuid'] == $user['Organisation']['uuid']) {
if ($user['Role']['perm_sync'] || $org['extend'] == 1) {
$orgCheck = true;
break;
@ -404,7 +405,7 @@ class SharingGroupsTable extends AppTable
$server['Server'] = $server['Server'][0];
}
if (
$server['Server']['url'] == Configure::read('MISP.baseurl') ||
$server['url'] == Configure::read('MISP.baseurl') ||
(!empty(Configure::read('MISP.external_baseurl')) && Configure::read('MISP.external_baseurl') === $server['Server']['url'])
) {
$serverCheck = true;
@ -851,11 +852,12 @@ class SharingGroupsTable extends AppTable
{
if (!isset($sg['Organisation'])) {
if (!isset($sg['SharingGroupOrg'])) {
$sg['SharingGroupOrg'] = [[
'extend' => 1,
'uuid' => $user['Organisation']['uuid'],
'name' => $user['Organisation']['name'],
]
$sg['SharingGroupOrg'] = [
[
'extend' => 1,
'uuid' => $user['Organisation']['uuid'],
'name' => $user['Organisation']['name'],
]
];
return $user['org_id'];
} else {
@ -961,7 +963,7 @@ class SharingGroupsTable extends AppTable
}
}
} else {
$sharingGroupOrgEntity =$this->SharingGroupOrgs->newEntity(
$sharingGroupOrgEntity = $this->SharingGroupOrgs->newEntity(
[
'sharing_group_id' => $sg_id,
'org_id' => $sg['SharingGroupOrg'][$k]['org_id'],

82
tests/TestCase/Api/SharingGroups/AddSharingGroupApiTest.php
View File

@ -25,11 +25,14 @@ class AddSharingGroupApiTest extends TestCase
'app.SharingGroupServers',
];
public function testAddSharingGroup(): void
/**
* @dataProvider userDataProvider
*/
public function testAddSharingGroup($user): void
{
$this->skipOpenApiValidations();
$this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
$this->setAuthToken($user['authkey']);
$faker = \Faker\Factory::create();
$uuid = $faker->uuid();
@ -43,7 +46,12 @@ class AddSharingGroupApiTest extends TestCase
]
);
$this->assertResponseOk();
$this->assertResponseCode($user['expectedStatusCode']);
if ($user['expectedStatusCode'] != 200) {
return;
}
$this->assertDbRecordExists(
'SharingGroups',
[
@ -54,11 +62,14 @@ class AddSharingGroupApiTest extends TestCase
);
}
public function testAddSharingGroupOrganisation(): void
/**
* @dataProvider userDataProvider
*/
public function testAddSharingGroupOrganisation($user): void
{
$this->skipOpenApiValidations();
$this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
$this->setAuthToken($user['authkey']);
$faker = \Faker\Factory::create();
$uuid = $faker->uuid();
@ -78,7 +89,12 @@ class AddSharingGroupApiTest extends TestCase
]
);
$this->assertResponseOk();
$this->assertResponseCode($user['expectedStatusCode']);
if ($user['expectedStatusCode'] != 200) {
return;
}
$this->assertDbRecordExists(
'SharingGroups',
[
@ -94,11 +110,14 @@ class AddSharingGroupApiTest extends TestCase
);
}
public function testAddSharingGroupServer(): void
/**
* @dataProvider userDataProvider
*/
public function testAddSharingGroupServer($user): void
{
$this->skipOpenApiValidations();
$this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
$this->setAuthToken($user['authkey']);
$faker = \Faker\Factory::create();
$uuid = $faker->uuid();
@ -121,7 +140,13 @@ class AddSharingGroupApiTest extends TestCase
]
]
);
$this->assertResponseOk();
$this->assertResponseCode($user['expectedStatusCode']);
if ($user['expectedStatusCode'] != 200) {
return;
}
$sharingGroup = $this->getJsonResponseAsArray();
@ -140,4 +165,43 @@ class AddSharingGroupApiTest extends TestCase
]
);
}
public function allowedUserDataProvider(): array
{
return [];
}
public function userDataProvider(): array
{
return [
[
[
'role' => 'Admin',
'authkey' => AuthKeysFixture::ADMIN_API_KEY,
'expectedStatusCode' => 200
]
],
[
[
'role' => 'Org Admin',
'authkey' => AuthKeysFixture::ORG_ADMIN_API_KEY,
'expectedStatusCode' => 403
]
],
[
[
'role' => 'Sync User',
'authkey' => AuthKeysFixture::SYNC_API_KEY,
'expectedStatusCode' => 403
]
],
[
[
'role' => 'Regular User',
'authkey' => AuthKeysFixture::REGULAR_USER_API_KEY,
'expectedStatusCode' => 405
]
]
];
}
}