[api/frontend] Fix deletion of user, relation handling

OpenCTI-Platform · Feb 19, 2020 · c41d68d · c41d68d
1 parent 2875e5b
commit c41d68d
Show file tree

Hide file tree

Showing 11 changed files with 57 additions and 25 deletions.
diff --git a/...-platform/opencti-front/src/private/components/settings/groups/GroupEditionPermissions.js b/...-platform/opencti-front/src/private/components/settings/groups/GroupEditionPermissions.js
@@ -13,6 +13,7 @@ import ListItemText from '@material-ui/core/ListItemText';
 import ListItemAvatar from '@material-ui/core/ListItemAvatar';
 import Checkbox from '@material-ui/core/Checkbox';
 import Avatar from '@material-ui/core/Avatar';
+import Alert from '@material-ui/lab/Alert/Alert';
 import { commitMutation, QueryRenderer } from '../../../../relay/environment';
 import inject18n from '../../../../components/i18n';
 import { markingDefinitionsLinesSearchQuery } from '../marking_definitions/MarkingDefinitionsLines';
@@ -83,14 +84,19 @@ class GroupEditionPermissionsComponent extends Component {
   }
 
   render() {
-    const { classes, group } = this.props;
+    const { classes, group, t } = this.props;
     const groupMarkingDefinitions = pipe(
       pathOr([], ['permissions', 'edges']),
       map((n) => ({ id: n.node.id, relation: n.relation.id })),
     )(group);
 
     return (
-      <div>
+      <div style={{ paddingTop: 15 }}>
+        <Alert severity="warning" style={{ marginBottom: 10 }}>
+          {t(
+            'Groups permissions on data marking is not fully implemented yet.',
+          )}
+        </Alert>
         <QueryRenderer
           query={markingDefinitionsLinesSearchQuery}
           variables={{ search: '' }}

diff --git a/opencti-platform/opencti-front/src/private/components/settings/users/UserCreation.js b/opencti-platform/opencti-front/src/private/components/settings/users/UserCreation.js
@@ -167,6 +167,7 @@ class UserCreation extends Component {
           </div>
           <div className={classes.container}>
             <Alert severity="info">{t('User will be created with default roles.')}</Alert>
+            <br />
             <Formik
               initialValues={{
                 name: '',

diff --git a/opencti-platform/opencti-front/src/private/components/settings/users/UserEditionOverview.js b/opencti-platform/opencti-front/src/private/components/settings/users/UserEditionOverview.js
@@ -271,7 +271,6 @@ class UserEditionOverviewComponent extends Component {
                 <MenuItem value="auto">
                   <em>{t('Automatic')}</em>
                 </MenuItem>
-                RO
                 <MenuItem value="en">English</MenuItem>
                 <MenuItem value="fr">Français</MenuItem>
               </SelectField>

diff --git a/opencti-platform/opencti-front/src/utils/Localization.js b/opencti-platform/opencti-front/src/utils/Localization.js
@@ -267,6 +267,8 @@ const i18n = {
       'Direct targeting of this sector': 'Ciblage direct de ce secteur',
       'Direct targeting of this region': 'Ciblage direct de cette région',
       'Direct targeting of this country': 'Ciblage direct de ce pays',
+      'Groups permissions on data marking is not fully implemented yet.':
+        "Les permissions des groupes sur le marquage des données n'est pas encore implémenté.",
       // Menu
       Dashboard: 'Tableau de bord',
       Visualization: 'Visualisation',

diff --git a/opencti-platform/opencti-graphql/src/config/conf.js b/opencti-platform/opencti-graphql/src/config/conf.js
@@ -55,6 +55,10 @@ export const BUS_TOPICS = {
   KillChainPhase: {
     EDIT_TOPIC: 'KILL_CHAIN_PHASE_EDIT_TOPIC',
     ADDED_TOPIC: 'KILL_CHAIN_PHASE_ADDED_TOPIC'
+  },
+  Group: {
+    EDIT_TOPIC: 'GROUP_EDIT_TOPIC',
+    ADDED_TOPIC: 'GROUP_ADDED_TOPIC'
   }
 };
 
@@ -118,6 +122,8 @@ logger.add(
 );
 
 // eslint-disable-next-line
-logger.info(`🚀 OpenCTI started in ${environment} mode with ${externalConfigurationFile ? 'external' : 'embedded'} file`);
+logger.info(
+  `🚀 OpenCTI started in ${environment} mode with ${externalConfigurationFile ? 'external' : 'embedded'} file`
+);
 export const isAppRealTime = nconf.get('app:reactive') && JSON.parse(nconf.get('app:reactive'));
 export default nconf;
diff --git a/opencti-platform/opencti-graphql/src/database/elasticSearch.js b/opencti-platform/opencti-graphql/src/database/elasticSearch.js
@@ -480,6 +480,9 @@ const elMergeRelation = (concept, fromConnection, toConnection) => {
 };
 const elReconstructRelation = (concept, relationsMap = null) => {
   const naturalDirections = rolesMap[concept.relationship_type];
+  if (!naturalDirections) {
+    throw new Error(`[ELASTIC] Missing rolesMap of the relation type ${concept.relationship_type}`);
+  }
   const bindingByAlias = invertObj(naturalDirections);
   const { connections } = concept;
   // Need to rebuild the from and the to.

diff --git a/opencti-platform/opencti-graphql/src/database/graknRoles.js b/opencti-platform/opencti-graphql/src/database/graknRoles.js
@@ -16,6 +16,10 @@ export const rolesMap = {
     allowed: 'from',
     allow: 'to'
   },
+  user_role: {
+    client: 'from',
+    position: 'to'
+  },
   // endregion
   // region relation_embedded
   authored_by: {

diff --git a/opencti-platform/opencti-graphql/src/domain/connector.js b/opencti-platform/opencti-graphql/src/domain/connector.js
@@ -1,4 +1,4 @@
-import { assoc, filter, includes, isNil, map, pipe } from 'ramda';
+import { assoc, filter, includes, map, pipe } from 'ramda';
 import {
   createEntity,
   deleteEntityById,
@@ -11,7 +11,6 @@ import {
   updateAttribute
 } from '../database/grakn';
 import { connectorConfig, registerConnectorQueues } from '../database/rabbitmq';
-import { ForbiddenAccess } from '../config/errors';
 
 export const CONNECTOR_INTERNAL_IMPORT_FILE = 'INTERNAL_IMPORT_FILE'; // Files mime types to support (application/json, ...) -> import-
 export const CONNECTOR_INTERNAL_EXPORT_FILE = 'INTERNAL_EXPORT_FILE'; // Files mime types to generate (application/pdf, ...) -> export-

diff --git a/opencti-platform/opencti-graphql/src/domain/group.js b/opencti-platform/opencti-graphql/src/domain/group.js
@@ -1,6 +1,8 @@
 import {
   createEntity,
+  createRelation,
   deleteEntityById,
+  deleteRelationById,
   escapeString,
   executeWrite,
   findWithConnectedRelations,
@@ -41,7 +43,7 @@ export const permissions = async groupId => {
 
 export const addGroup = async (user, group) => {
   const created = await createEntity(group, 'Group', { modelType: TYPE_OPENCTI_INTERNAL });
-  return notify(BUS_TOPICS.StixDomainEntity.ADDED_TOPIC, created, user);
+  return notify(BUS_TOPICS.Group.ADDED_TOPIC, created, user);
 };
 export const groupDelete = groupId => deleteEntityById(groupId, 'Group');
 
@@ -50,6 +52,17 @@ export const groupEditField = (user, groupId, input) => {
     return updateAttribute(groupId, 'Group', input, wTx);
   }).then(async () => {
     const group = await loadEntityById(groupId, 'Group');
-    return notify(BUS_TOPICS.StixDomainEntity.EDIT_TOPIC, group, user);
+    return notify(BUS_TOPICS.Group.EDIT_TOPIC, group, user);
   });
 };
+
+export const groupAddRelation = async (user, groupId, input) => {
+  const data = await createRelation(groupId, input, {}, 'Group', null);
+  return notify(BUS_TOPICS.Group.EDIT_TOPIC, data, user);
+};
+
+export const groupDeleteRelation = async (user, groupId, relationId) => {
+  await deleteRelationById(relationId, 'relation');
+  const data = await loadEntityById(groupId, 'Group');
+  return notify(BUS_TOPICS.Group.EDIT_TOPIC, data, user);
+};
diff --git a/opencti-platform/opencti-graphql/src/domain/user.js b/opencti-platform/opencti-graphql/src/domain/user.js
@@ -320,17 +320,11 @@ export const userAddRelation = async (user, userId, input) => {
   const data = await createRelation(userId, input, {}, 'User', null);
   return notify(BUS_TOPICS.StixDomainEntity.EDIT_TOPIC, data, user);
 };
-export const userDeleteRelation = async (
-  user,
-  userId,
-  relationId = null,
-  toId = null,
-  relationType = 'stix_relation_embedded'
-) => {
+export const userDeleteRelation = async (user, userId, relationId = null, toId = null, relationType = 'relation') => {
   if (relationId) {
-    await deleteRelationById(relationId, 'stix_relation_embedded');
+    await deleteRelationById(relationId, 'relation');
   } else if (toId) {
-    await deleteRelationsByFromAndTo(userId, toId, relationType, 'stix_relation_embedded');
+    await deleteRelationsByFromAndTo(userId, toId, relationType, 'relation');
   } else {
     throw new Error('Cannot delete the relation, missing relationId or toId');
   }

diff --git a/opencti-platform/opencti-graphql/src/resolvers/group.js b/opencti-platform/opencti-graphql/src/resolvers/group.js
@@ -1,10 +1,15 @@
-import { addGroup, groupDelete, findAll, findById, members, permissions, groupEditField } from '../domain/group';
 import {
-  stixDomainEntityEditContext,
-  stixDomainEntityCleanContext,
-  stixDomainEntityAddRelation,
-  stixDomainEntityDeleteRelation
-} from '../domain/stixDomainEntity';
+  addGroup,
+  groupDelete,
+  findAll,
+  findById,
+  members,
+  permissions,
+  groupEditField,
+  groupDeleteRelation,
+  groupAddRelation
+} from '../domain/group';
+import { stixDomainEntityEditContext, stixDomainEntityCleanContext } from '../domain/stixDomainEntity';
 import { fetchEditContext } from '../database/redis';
 
 const groupResolvers = {
@@ -23,8 +28,8 @@ const groupResolvers = {
       fieldPatch: ({ input }) => groupEditField(user, id, input),
       contextPatch: ({ input }) => stixDomainEntityEditContext(user, id, input),
       contextClean: () => stixDomainEntityCleanContext(user, id),
-      relationAdd: ({ input }) => stixDomainEntityAddRelation(user, id, input),
-      relationDelete: ({ relationId }) => stixDomainEntityDeleteRelation(user, id, relationId)
+      relationAdd: ({ input }) => groupAddRelation(user, id, input),
+      relationDelete: ({ relationId }) => groupDeleteRelation(user, id, relationId)
     }),
     groupAdd: (_, { input }, { user }) => addGroup(user, input)
   }