From 43c65213996dd36e3df50eec855bf07a5a09ff02 Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Wed, 16 Oct 2024 13:23:53 +0200 Subject: [PATCH] [IMP] Newly created alert should be visible by administrator --- source/app/datamgmt/alerts/alerts_db.py | 7 ++++--- .../datamgmt/manage/manage_access_control_db.py | 7 +------ tests/tests_rest_alerts.py | 14 ++++++++++++++ 3 files changed, 19 insertions(+), 9 deletions(-) diff --git a/source/app/datamgmt/alerts/alerts_db.py b/source/app/datamgmt/alerts/alerts_db.py index 0c2a0555e..766be6472 100644 --- a/source/app/datamgmt/alerts/alerts_db.py +++ b/source/app/datamgmt/alerts/alerts_db.py @@ -36,6 +36,7 @@ import app from app import db +from app import ac_current_user_has_permission from app.datamgmt.case.case_assets_db import create_asset from app.datamgmt.case.case_assets_db import set_ioc_links from app.datamgmt.case.case_assets_db import get_unspecified_analysis_status_id @@ -61,6 +62,7 @@ from app.models.alerts import AlertCaseAssociation from app.models.alerts import SimilarAlertsCache from app.models.alerts import AlertResolutionStatus +from app.models.authorization import Permissions from app.iris_engine.utils.common import parse_bf_date_format from app.schema.marshables import EventSchema from app.util import add_obj_history_entry @@ -188,10 +190,9 @@ def get_filtered_alerts( if isinstance(iocs, list): conditions.append(Alert.iocs.any(Ioc.ioc_value.in_(iocs))) - if current_user_id is not None: + if current_user_id is not None and not ac_current_user_has_permission(Permissions.server_administrator): clients_filters = get_user_clients_id(current_user_id) - if clients_filters is not None: - conditions.append(Alert.alert_customer_id.in_(clients_filters)) + conditions.append(Alert.alert_customer_id.in_(clients_filters)) if len(conditions) > 1: conditions = [reduce(and_, conditions)] diff --git a/source/app/datamgmt/manage/manage_access_control_db.py b/source/app/datamgmt/manage/manage_access_control_db.py index 9532375c7..c5b7d9132 100644 --- a/source/app/datamgmt/manage/manage_access_control_db.py +++ b/source/app/datamgmt/manage/manage_access_control_db.py @@ -26,7 +26,6 @@ from app.models.authorization import OrganisationCaseAccess from app.models.authorization import User from app.models.authorization import UserCaseAccess -from app.datamgmt.case.case_db import case_db_exists from typing import Optional @@ -130,12 +129,8 @@ def get_user_clients_id(user_id: int) -> list: Returns: list: List of clients """ - filters = [] - if not ac_current_user_has_permission(Permissions.server_administrator): - filters.append(UserClient.user_id == user_id) - result = UserClient.query.filter( - *filters + UserClient.user_id == user_id ).with_entities( UserClient.client_id ).all() diff --git a/tests/tests_rest_alerts.py b/tests/tests_rest_alerts.py index 0af473630..cbdde35b9 100644 --- a/tests/tests_rest_alerts.py +++ b/tests/tests_rest_alerts.py @@ -18,6 +18,7 @@ from unittest import TestCase from iris import Iris +from uuid import uuid4 class TestsRestAlerts(TestCase): @@ -64,3 +65,16 @@ def test_merge_alert_into_a_case_should_not_fail(self): response = self._subject.create(f'/alerts/merge/{alert_identifier}', body) # TODO should be 201 self.assertEqual(200, response.status_code) + + def test_get_alerts_filter_should_show_newly_created_alert_for_administrator(self): + alert_title = f'title{uuid4()}' + body = { + 'alert_title': alert_title, + 'alert_severity_id': 4, + 'alert_status_id': 3, + 'alert_customer_id': 1 + } + self._subject.create('/alerts/add', body) + response = self._subject.get('/alerts/filter', query_parameters={'alert_title': alert_title}).json() + self.assertEqual(1, response['data']['total']) +