Skip to content

Commit

Permalink
#1423 Add permission check in case and observable bulk actions
Browse files Browse the repository at this point in the history
  • Loading branch information
@nadouani
nadouani committed Jul 8, 2020
1 parent fe5ee04 commit 6721498
Show file tree
Hide file tree
Showing 7 changed files with 28 additions and 160 deletions.
13 changes: 9 additions & 4 deletions frontend/app/scripts/controllers/case/CaseListCtrl.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
angular.module('theHiveControllers')
.controller('CaseListCtrl', CaseListCtrl);

function CaseListCtrl($scope, $q, $state, $window, $uibModal, FilteringSrv, StreamStatSrv, PaginatedQuerySrv, EntitySrv, CaseSrv, UserSrv, AuthenticationSrv, CaseResolutionStatus, NotificationSrv, Severity, Tlp, CortexSrv) {
function CaseListCtrl($scope, $q, $state, $window, $uibModal, FilteringSrv, SecuritySrv, StreamStatSrv, PaginatedQuerySrv, EntitySrv, CaseSrv, UserSrv, AuthenticationSrv, CaseResolutionStatus, NotificationSrv, Severity, Tlp, CortexSrv) {
var self = this;

this.openEntity = EntitySrv.open;
Expand Down Expand Up @@ -72,7 +72,7 @@
operations: [
{'_name': 'listCase'}
],
extraData: ["observableStats", "taskStats", "isOwner", "shareCount"],
extraData: ["observableStats", "taskStats", "isOwner", "shareCount", "permissions"],
onUpdate: function() {
self.resetSelection();
}
Expand Down Expand Up @@ -102,12 +102,17 @@

self.selectAll = function() {
var selected = self.menu.selectAll;

_.each(self.list.values, function(item) {
item.selected = selected;
if(SecuritySrv.checkPermissions(['manageCase'], item.extraData.permissions)) {
item.selected = selected;
}
});

if (selected) {
self.selection = self.list.values;
self.selection = _.filter(self.list.values, function(item) {
return !!item.selected;
});
} else {
self.selection = [];
}
Expand Down
43 changes: 10 additions & 33 deletions frontend/app/scripts/controllers/case/CaseObservablesCtrl.js
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
(function () {
'use strict';
angular.module('theHiveControllers').controller('CaseObservablesCtrl',
function ($scope, $q, $state, $stateParams, $filter, $uibModal, ModalUtilsSrv, FilteringSrv, StreamSrv, CaseTabsSrv, PaginatedQuerySrv, CaseArtifactSrv, NotificationSrv, AnalyzerSrv, CortexSrv, VersionSrv) {
function ($scope, $q, $state, $stateParams, $filter, $uibModal, SecuritySrv, ModalUtilsSrv, FilteringSrv, StreamSrv, CaseTabsSrv, PaginatedQuerySrv, CaseArtifactSrv, NotificationSrv, AnalyzerSrv, CortexSrv, VersionSrv) {

CaseTabsSrv.activateTab($state.current.data.tab);

Expand Down Expand Up @@ -33,7 +33,6 @@
.then(function() {
$scope.load();

$scope.initSelection($scope.selection);
$scope.initAnalyzersList();

// Add a listener to refresh observables list on job finish
Expand Down Expand Up @@ -74,9 +73,9 @@
sort: $scope.filtering.context.sort,
pageSize: $scope.filtering.context.pageSize,
filter: $scope.filtering.buildQuery(),
extraData: ['seen'],
extraData: ['seen', 'permissions'],
operations: [
{'_name': 'getCase', "idOrName": $scope.caseId},
{'_name': 'getCase', 'idOrName': $scope.caseId},
{'_name': 'observables'}
],
onUpdate: function() {
Expand Down Expand Up @@ -171,46 +170,32 @@
//
// init lists
//
$scope.initSelection = function (selection) {
selection.all = false;
selection.list = {};
selection.Action = 'main';
};

$scope.initAnalyzersList = function () {
if($scope.analysisEnabled) {
AnalyzerSrv.query()
.then(function (analyzers) {
$scope.analyzersList.analyzers = analyzers;
$scope.analyzersList.active = {};
$scope.analyzersList.datatypes = {};
angular.forEach($scope.analyzersList.analyzers, function (analyzer) {
$scope.analyzersList.active[analyzer.name] = false;
});
$scope.analyzersList.selected = {};
angular.forEach($scope.analyzersList.analyzers, function (analyzer) {
$scope.analyzersList.selected[analyzer.name] = false;
});
});
}
};

// select all artifacts : add all artifacts in selection or delete selection
$scope.selectAll = function () {
var selected = $scope.menu.selectAll;

_.each($scope.artifacts.values, function(item) {
item.selected = selected;
if(SecuritySrv.checkPermissions(['manageObservable'], item.extraData.permissions)) {
item.selected = selected;
}
});

if (selected) {
$scope.selection.artifacts = $scope.artifacts.values;
$scope.selection.artifacts = _.filter($scope.artifacts.values, function(item) {
return !!item.selected;
});
} else {
$scope.selection.artifacts = [];

$scope.initAnalyzersList();
}


};

// select or unselect an artifact
Expand All @@ -222,8 +207,6 @@
return item._id === artifact._id;
});
}


};

// actions on artifacts
Expand Down Expand Up @@ -313,7 +296,6 @@

$scope.hideExport = function() {
$scope.showExportPanel = false;
$scope.initSelection($scope.selection);
};

$scope.removeObservables = function () {
Expand All @@ -335,8 +317,6 @@
}).catch(function(/*err*/) {
//NotificationSrv.error('Observable deletion', response.data, response.status);
});

$scope.initSelection($scope.selection);
};

// run selected analyzers on selected artifacts
Expand Down Expand Up @@ -374,9 +354,6 @@
}, function() {

});

$scope.initAnalyzersList();
$scope.initSelection($scope.selection);
};

$scope.openArtifact = function (artifact) {
Expand Down
79 changes: 0 additions & 79 deletions frontend/app/views/partials/case/case.export.html
View file

This file was deleted.

15 changes: 8 additions & 7 deletions frontend/app/views/partials/case/case.list.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,27 +38,28 @@ <h3 class="box-title">List of cases ({{$vm.list.total || 0}} of {{$vm.caseStats.
<table class="table table-striped case-list">
<thead>
<tr>
<th style="width: 10px;" class="p-0"></th>
<th width="20px" if-permission="manageCase">
<input type="checkbox" ng-model="$vm.menu.selectAll" ng-change="$vm.selectAll()">
</th>
<th style="width: 10px;" class="p-0"></th>
<th>Title</th>
<th style="width: 70px;"></th>
<th style="width: 80px;text-align:center;">Severity</th>
<th style="width: 100px;">Tasks</th>
<th style="width: 100px;">Observables</th>
<th style="width: 60px;">Assignee</th>
<th style="width: 120px;">Date</th>
<th style="width: 40px;" if-permission="manageTask" allowed="{{userPermissions}}" ng-if="appConfig.connectors.cortex.enabled">Actions</th>
<th style="width: 40px;" ng-if="appConfig.connectors.cortex.enabled">Actions</th>
</tr>
</thead>

<tbody>
<tr ng-class="{true:'tr-warning'}[currentCase.flag]" ng-repeat="currentCase in $vm.list.values">
<td if-permission="manageCase">
<input type="checkbox" ng-model="currentCase.selected" ng-change="$vm.select(currentCase)">
</td>
<td class="p-0 bg-tlp-{{currentCase.tlp}} clickable" ng-click="$vm.addFilterValue('tlp', currentCase.tlp)"></td>
<td>
<input if-permission="manageCase" allowed="{{currentCase.extraData.permissions.join(',')}}"
type="checkbox" ng-model="currentCase.selected" ng-change="$vm.select(currentCase)">
</td>
<td>
<div class="case-title wrap">
<span class="mr-xxs text-primary" ng-if="!!!currentCase.extraData.isOwner"><i class="fa fa-share-square"
Expand Down Expand Up @@ -126,9 +127,9 @@ <h3 class="box-title">List of cases ({{$vm.list.total || 0}} of {{$vm.caseStats.
<case-duration start="currentCase.startDate" end="currentCase.endDate" icon="fa-clock-o"></case-duration>
</div>
</td>
<td if-permission="manageTask" allowed="{{userPermissions}}" ng-if="appConfig.connectors.cortex.enabled">
<td>

<span class="ml-xs" uib-dropdown>
<span class="ml-xs" uib-dropdown ng-if="appConfig.connectors.cortex.enabled" if-permission="manageAction" allowed="{{currentCase.extraData.permissions.join(',')}}">
<a href class="text-primary noline nowrap" ng-click="$vm.getCaseResponders(currentCase._id, true)" uib-dropdown-toggle>
<i class="text-primary fa fa-cog"></i>
<!-- Responders
Expand Down
6 changes: 0 additions & 6 deletions frontend/app/views/partials/case/case.observables.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,12 +64,6 @@

<div class="filter-panel" ng-include="'views/partials/observables/list/filters.html'" ng-show="filtering.context.showFilters"></div>

<div class="row">
<div class="selection-options" ng-if="selection.Action === 'runAnalyzers'">
<div ng-include="'views/partials/observables/list/run-analyzers.html'"></div>
</div>
</div>

<br>
<!-- Main page : Table + Text/CSV -->
<div class="row">
Expand Down
2 changes: 1 addition & 1 deletion frontend/app/views/partials/observables/list/observables.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ <h4>
<tr ng-repeat="artifact in artifacts.values">
<td class="p-0 bg-tlp-{{artifact.tlp}} clickable" ng-click="filterByTlp(artifact.tlp)"></td>
<td>
<input type="checkbox" ng-model="artifact.selected" ng-change="selectArtifact(artifact)" >
<input type="checkbox" ng-model="artifact.selected" ng-change="selectArtifact(artifact)" if-permission="manageObservable" allowed="{{artifact.extraData.permissions.join(',')}}">
</td>
<td>
<span ng-click="addFilterValue('ioc', artifact.ioc)" ng-if="artifact.ioc" class="clickable fa fa-star" uib-tooltip="is an IOC" tooltip-popup-delay="500" tooltip-placement="bottom"></span>
Expand Down
30 changes: 0 additions & 30 deletions frontend/app/views/partials/observables/list/run-analyzers.html
View file

This file was deleted.

0 comments on commit 6721498

Please sign in to comment.