opencti icon indicating copy to clipboard operation
opencti copied to clipboard

Published 20 hours ago verified publisher icon OpenCTI-Platform

Capabilities by entity types

Open Bonsai8863 opened this issue 1 year ago • 2 comments

Proposed changes

  • Allow admins to define more granular access control over specific entity types
  • Added a tab in role edit drawer for entity overrides
  • Created new Security component to support overridden entity types
  • Support granular RBAC on Reports; will add to other entity types upon approval of design

Checklist

  • [x] I consider the submitted work as finished
  • [x] I tested the code for its functionality
  • [ ] I wrote test cases for the relevant uses case
  • [ ] I added/update the relevant documentation (either on github or on notion)
  • [x] Where necessary I refactored code to improve the overall quality

Bonsai8863 avatar Dec 18 '23 15:12 Bonsai8863

Codecov Report

Attention: Patch coverage is 71.59091% with 25 lines in your changes are missing coverage. Please review.

Project coverage is 66.74%. Comparing base (cff70c3) to head (30191df).

:exclamation: Current head 30191df differs from pull request most recent head b8959dd. Consider uploading reports for the commit b8959dd to get more accurate results

Files Patch % Lines
...tform/opencti-graphql/src/graphql/authDirective.js 43.90% 23 Missing :warning:
...cti-platform/opencti-graphql/src/database/redis.ts 77.77% 2 Missing :warning:
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #5252      +/-   ##
==========================================
- Coverage   67.76%   66.74%   -1.02%     
==========================================
  Files         532      541       +9     
  Lines       65069    64628     -441     
  Branches     5464     5311     -153     
==========================================
- Hits        44097    43139     -958     
- Misses      20972    21489     +517

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

codecov[bot] avatar Dec 18 '23 15:12 codecov[bot]

Just rebased and upgraded to support new api results.

My testing results:

  1. Configuration screen must be improved image Spacing/padding must be reworked. Looks like there is some extra scrollbar in the list.

  2. Configuration error on override image Some capabilities cannot be override (and must not be) but screen tell the user that is the case.

  3. If base capabilities has no access knowledge, override is not accessible I created a role with no capabilities + override to have access on Report and malware. When I log with the user with this role the UI doesnt load any menu like when a user have no capabilities at all. The menu on the left must be displayed according to the override possibilities.

  4. I think security is missing on generic api. Like stixDomainObjectEdit(id: ID!) that will not check if the user have really the right to modify the element taking into account the overrides

On the technical side i will comment directly in the PR

richard-julien avatar Feb 05 '24 22:02 richard-julien