[IMP] Newly created alert should be visible by administrator

dfir-iris · Oct 16, 2024 · 43c6521 · 43c6521
1 parent 8c56e2f
commit 43c6521
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 9 deletions.
diff --git a/source/app/datamgmt/alerts/alerts_db.py b/source/app/datamgmt/alerts/alerts_db.py
@@ -36,6 +36,7 @@
 
 import app
 from app import db
+from app import ac_current_user_has_permission
 from app.datamgmt.case.case_assets_db import create_asset
 from app.datamgmt.case.case_assets_db import set_ioc_links
 from app.datamgmt.case.case_assets_db import get_unspecified_analysis_status_id
@@ -61,6 +62,7 @@
 from app.models.alerts import AlertCaseAssociation
 from app.models.alerts import SimilarAlertsCache
 from app.models.alerts import AlertResolutionStatus
+from app.models.authorization import Permissions
 from app.iris_engine.utils.common import parse_bf_date_format
 from app.schema.marshables import EventSchema
 from app.util import add_obj_history_entry
@@ -188,10 +190,9 @@ def get_filtered_alerts(
         if isinstance(iocs, list):
             conditions.append(Alert.iocs.any(Ioc.ioc_value.in_(iocs)))
 
-    if current_user_id is not None:
+    if current_user_id is not None and not ac_current_user_has_permission(Permissions.server_administrator):
         clients_filters = get_user_clients_id(current_user_id)
-        if clients_filters is not None:
-            conditions.append(Alert.alert_customer_id.in_(clients_filters))
+        conditions.append(Alert.alert_customer_id.in_(clients_filters))
 
     if len(conditions) > 1:
         conditions = [reduce(and_, conditions)]

diff --git a/source/app/datamgmt/manage/manage_access_control_db.py b/source/app/datamgmt/manage/manage_access_control_db.py
@@ -26,7 +26,6 @@
 from app.models.authorization import OrganisationCaseAccess
 from app.models.authorization import User
 from app.models.authorization import UserCaseAccess
-from app.datamgmt.case.case_db import case_db_exists
 
 from typing import Optional
 
@@ -130,12 +129,8 @@ def get_user_clients_id(user_id: int) -> list:
     Returns:
         list: List of clients
     """
-    filters = []
-    if not ac_current_user_has_permission(Permissions.server_administrator):
-        filters.append(UserClient.user_id == user_id)
-
     result = UserClient.query.filter(
-        *filters
+        UserClient.user_id == user_id
     ).with_entities(
         UserClient.client_id
     ).all()

diff --git a/tests/tests_rest_alerts.py b/tests/tests_rest_alerts.py
@@ -18,6 +18,7 @@
 
 from unittest import TestCase
 from iris import Iris
+from uuid import uuid4
 
 
 class TestsRestAlerts(TestCase):
@@ -64,3 +65,16 @@ def test_merge_alert_into_a_case_should_not_fail(self):
         response = self._subject.create(f'/alerts/merge/{alert_identifier}', body)
         # TODO should be 201
         self.assertEqual(200, response.status_code)
+
+    def test_get_alerts_filter_should_show_newly_created_alert_for_administrator(self):
+        alert_title = f'title{uuid4()}'
+        body = {
+            'alert_title': alert_title,
+            'alert_severity_id': 4,
+            'alert_status_id': 3,
+            'alert_customer_id': 1
+        }
+        self._subject.create('/alerts/add', body)
+        response = self._subject.get('/alerts/filter', query_parameters={'alert_title': alert_title}).json()
+        self.assertEqual(1, response['data']['total'])
+