Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Fix] Wrong permissions on edit CDB #2665

Merged
merged 23 commits into from
Dec 18, 2020
Merged

[Fix] Wrong permissions on edit CDB #2665

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
3c825c5
Added new action and reducer to get status and context of server (clu…
gabiwassan Nov 27, 2020
23b6f1e
Added new method isClusterOrManager to get cluster status, set on red…
gabiwassan Nov 27, 2020
f2188c9
Fixed and replaced all permissions by contextConfigServer (cluster or…
gabiwassan Nov 27, 2020
acbb51c
Rollback, wrong change.
gabiwassan Nov 27, 2020
f1420b8
Request changes of validation null properties.
gabiwassan Nov 27, 2020
4ed8732
Added initial state of clusterStatus
gabiwassan Nov 27, 2020
f689408
Moved method isClusterOrManager to management-main.js to distribute t…
gabiwassan Nov 30, 2020
9cd4472
Fixed permissions to edit and export to csv.
gabiwassan Dec 1, 2020
5715e9c
Fixed permissions for manager or cluster. Added on wz-user-permission…
gabiwassan Dec 3, 2020
00eeacf
Merge branch '4.0-7.9' into fix/2657-wrong-permissions-on-edit-cdb
gabiwassan Dec 3, 2020
20ce83a
Changed to const permissions declaration.
gabiwassan Dec 3, 2020
80aa117
Merge remote-tracking branch 'origin/fix/2657-wrong-permissions-on-ed…
gabiwassan Dec 3, 2020
b81b69d
Fixed user-permissions to support cominations of resources with &. Re…
gabiwassan Dec 4, 2020
129753e
Refactor Withe and Black mode. (juts simplify code)
gabiwassan Dec 4, 2020
3474127
Fixed typo error
gabiwassan Dec 4, 2020
191d3f6
Fixed errors detected on PR.
gabiwassan Dec 10, 2020
e6f95a6
Removed unnecessary request, to update list content, we have this val…
gabiwassan Dec 11, 2020
a611ff6
First commit scaffolding test wz-users-permissions
gabiwassan Dec 11, 2020
c793aaf
Fixed mock of userPermissions and requiredPermissions
gabiwassan Dec 11, 2020
754c5b5
Implemented a basic suite of test for wz-user-permissions.ts
gabiwassan Dec 11, 2020
6448c21
Removed import.
gabiwassan Dec 11, 2020
e8dd674
Added header Wazuh Copyright.
gabiwassan Dec 15, 2020
0c6be16
Added CHANGELOG.md
gabiwassan Dec 18, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
95 changes: 72 additions & 23 deletions public/controllers/management/components/management/ruleset/ruleset-table.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,8 @@ import { filtersToObject } from '../../../../../components/wz-search-bar';
import { withUserPermissions } from '../../../../../components/common/hocs/withUserPermissions';
import { WzUserPermissions } from '../../../../../react-services/wz-user-permissions';
import { compose } from 'redux';
import { clusterReq } from '../configuration/utils/wz-fetch';
import { updateClusterStatus } from '../../../../../redux/actions/appStateActions';

class WzRulesetTable extends Component {
_isMounted = false;
Expand Down Expand Up @@ -74,7 +76,7 @@ class WzRulesetTable extends Component {
if (match && match[0]) {
this._isMounted && this.setState({ isRedirect: true });
const id = match[0].split('=')[1];
const result = await WzRequest.apiReq('GET', `/rules`,
const result = await WzRequest.apiReq('GET', `/rules`,
{
params: {
rule_ids: id
Expand All @@ -91,11 +93,12 @@ class WzRulesetTable extends Component {
this._isMounted && this.setState({ isRedirect: false });
}
}
await this.isClusterOrManager();
}

async componentDidUpdate(prevProps) {
const { isProcessing, section, showingFiles, filters, } = this.props.state;

const processingChange = prevProps.state.isProcessing !== isProcessing ||
(prevProps.state.isProcessing && isProcessing);
const sectionChanged = prevProps.state.section !== section;
Expand All @@ -122,14 +125,41 @@ class WzRulesetTable extends Component {
this._isMounted = false;
}

isClusterOrManager = async () => {
await clusterReq()
.then((clusterStatus) => {
gabiwassan marked this conversation as resolved.
Show resolved Hide resolved
if (
clusterStatus.data.data.enabled === 'yes' &&
clusterStatus.data.data.running === 'yes'
) {
this.props.updateClusterStatus({
status: true,
contextConfigServer: 'cluster',
});
} else {
this.props.updateClusterStatus({
status: false,
contextConfigServer: 'manager',
});
}
})
.catch((error) => {
console.warn(`Error when try to get cluster status`, error);
this.props.updateClusterStatus({
status: false,
contextConfigServer: 'manager',
});
});
};

async getItems() {
const { section, showingFiles } = this.props.state;

this._isMounted && this.setState({
items: []
});
this.props.updateTotalItems(false);

const rawItems = await this.wzReq(
'GET',
`${this.paths[this.props.request]}${showingFiles ? '/files' : ''}`,
Expand Down Expand Up @@ -235,12 +265,35 @@ class WzRulesetTable extends Component {

const getRowProps = item => {
const { id, name } = item;

const extraSectionPermissions = this.extraSectionPrefixResource[this.props.state.section];
return {
'data-test-subj': `row-${id || name}`,
className: 'customRowClass',
onClick: !WzUserPermissions.checkMissingUserPermissions([[{action: 'manager:read_file', resource: `file:path:${item.relative_dirname}/${item.filename}`}, {action: 'manager:read', resource: `file:path:${item.relative_dirname}/${item.filename}`}, {action: `${this.props.state.section}:read`, resource: `${extraSectionPermissions}:${item.filename}`}]], this.props.userPermissions) ? async () => {
onClick: !WzUserPermissions.checkMissingUserPermissions(
[
[
{
action: `${((this.tableProps || {}).clusterStatus || {}).contextConfigServer}:read_file`,
resource: `file:path:${item.relative_dirname}/${item.filename}`,
},
{
action: `${((this.tableProps || {}).clusterStatus || {}).contextConfigServer}:read`,
resource: `file:path:${item.relative_dirname}/${item.filename}`,
},
{
action: `cluster:status`,
resource: `*:*:*`,
},
{
action: `${this.props.state.section}:read`,
resource: `${extraSectionPermissions}:${item.filename}`,
},
],
],
this.props.userPermissions
)
? async () => {
if(this.isLoading) return;
this.setState({isLoading: true});
const { section } = this.props.state;
Expand Down Expand Up @@ -333,32 +386,28 @@ class WzRulesetTable extends Component {
}
}

const mapStateToProps = state => {
const mapStateToProps = (state) => {
return {
state: state.rulesetReducers
state: state.rulesetReducers,
clusterStatus: state.appStateReducers.clusterStatus,
};
};

const mapDispatchToProps = dispatch => {
const mapDispatchToProps = (dispatch) => {
return {
updateDefaultItems: defaultItems =>
dispatch(updateDefaultItems(defaultItems)), //TODO: Research to remove
updateIsProcessing: isProcessing =>
dispatch(updateIsProcessing(isProcessing)),
updateShowModal: showModal => dispatch(updateShowModal(showModal)),
updateFileContent: fileContent => dispatch(updateFileContent(fileContent)),
updateListContent: listInfo => dispatch(updateListContent(listInfo)),
updateListItemsForRemove: itemList =>
dispatch(updateListItemsForRemove(itemList)),
updateRuleInfo: rule => dispatch(updateRuleInfo(rule)),
updateDecoderInfo: rule => dispatch(updateDecoderInfo(rule))
updateDefaultItems: (defaultItems) => dispatch(updateDefaultItems(defaultItems)), //TODO: Research to remove
updateIsProcessing: (isProcessing) => dispatch(updateIsProcessing(isProcessing)),
updateShowModal: (showModal) => dispatch(updateShowModal(showModal)),
updateFileContent: (fileContent) => dispatch(updateFileContent(fileContent)),
updateListContent: (listInfo) => dispatch(updateListContent(listInfo)),
updateListItemsForRemove: (itemList) => dispatch(updateListItemsForRemove(itemList)),
updateRuleInfo: (rule) => dispatch(updateRuleInfo(rule)),
updateDecoderInfo: (rule) => dispatch(updateDecoderInfo(rule)),
updateClusterStatus: (clusterStatus) => dispatch(updateClusterStatus(clusterStatus)),
};
};

export default compose(
connect(
mapStateToProps,
mapDispatchToProps
),
connect(mapStateToProps, mapDispatchToProps),
withUserPermissions
)(WzRulesetTable);
38 changes: 28 additions & 10 deletions public/controllers/management/components/management/ruleset/utils/columns.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ export default class RulesetColumns {
}
return (
<div>
{haveTooltip === false ?
{haveTooltip === false ?
<span dangerouslySetInnerHTML={{ __html: value}} /> :
<EuiToolTip position="bottom" content={toolTipDescription}>
<span dangerouslySetInnerHTML={{ __html: value}} />
Expand Down Expand Up @@ -78,9 +78,9 @@ export default class RulesetColumns {
width: '15%',
render: (value, item) => {
return (
<WzButtonPermissions
<WzButtonPermissions
buttonType='link'
permissions={[[{action: 'manager:read_file', resource: `file:path:${item.relative_dirname}/${item.filename}`}, {action: 'manager:read', resource: `file:path:${item.relative_dirname}/${item.filename}`}, { action: 'rules:read', resource: `rule:file:${item.filename}`}]]}
permissions={[[{action: `${((this.tableProps || {}).clusterStatus || {}).contextConfigServer}:read_file`, resource: `file:path:${item.relative_dirname}/${item.filename}`}, {action: `${((this.tableProps || {}).clusterStatus || {}).contextConfigServer}:read`, resource: `file:path:${item.relative_dirname}/${item.filename}`}, { action: 'rules:read', resource: `rule:file:${item.filename}`}]]}
tooltip={{position:'top', content: `Show ${value} content`}}
onClick={async (ev) => {
ev.stopPropagation();
Expand Down Expand Up @@ -130,7 +130,7 @@ export default class RulesetColumns {
return (
<WzButtonPermissions
buttonType='link'
permissions={[[{action: 'manager:read_file', resource: `file:path:${item.relative_dirname}/${item.filename}`}, {action: 'manager:read', resource: `file:path:${item.relative_dirname}/${item.filename}`}, { action: 'decoders:read', resource: `decoder:file:${item.filename}`}]]}
permissions={[[{action: `${((this.tableProps || {}).clusterStatus || {}).contextConfigServer}:read_file`, resource: `file:path:${item.relative_dirname}/${item.filename}`}, {action: `${((this.tableProps || {}).clusterStatus || {}).contextConfigServer}:read`, resource: `file:path:${item.relative_dirname}/${item.filename}`}, { action: 'decoders:read', resource: `decoder:file:${item.filename}`}]]}
tooltip={{position:'top', content: `Show ${value} content`}}
onClick={async (ev) => {
ev.stopPropagation();
Expand Down Expand Up @@ -197,7 +197,7 @@ export default class RulesetColumns {
return (
<WzButtonPermissions
buttonType='icon'
permissions={[[{action: 'manager:read_file', resource: `file:path:${item.relative_dirname}/${item.filename}`}, {action: 'manager:read', resource: `file:path:${item.relative_dirname}/${item.filename}`}, { action: 'lists:read', resource: `list:path:${item.filename}`}]]}
permissions={[[{action: `${((this.tableProps || {}).clusterStatus || {}).contextConfigServer}:read_file`, resource: `file:path:${item.relative_dirname}/${item.filename}`}, {action: `${((this.tableProps || {}).clusterStatus || {}).contextConfigServer}:read`, resource: `file:path:${item.relative_dirname}/${item.filename}`}, { action: 'lists:read', resource: `list:path:${item.filename}`}]]}
aria-label="Show content"
iconType="eye"
tooltip={{position: 'top', content:`Edit ${item.filename} content`}}
Expand All @@ -215,7 +215,7 @@ export default class RulesetColumns {
<div>
<WzButtonPermissions
buttonType='icon'
permissions={[[{action: 'manager:read_file', resource: `file:path:${item.relative_dirname}/${item.filename}`}, {action: 'manager:read', resource: `file:path:${item.relative_dirname}/${item.filename}`}, { action: 'lists:read', resource: `list:path:${item.filename}`}]]}
permissions={[[{action: `${((this.tableProps || {}).clusterStatus || {}).contextConfigServer}:read_file`, resource: `file:path:${item.relative_dirname}/${item.filename}`}, {action: `${((this.tableProps || {}).clusterStatus || {}).contextConfigServer}:read`, resource: `file:path:${item.relative_dirname}/${item.filename}`}, { action: 'lists:read', resource: `list:path:${item.filename}`}]]}
aria-label="Edit content"
iconType="pencil"
tooltip={{position: 'top', content:`Edit ${item.filename} content`}}
Expand All @@ -229,7 +229,7 @@ export default class RulesetColumns {
/>
<WzButtonPermissions
buttonType='icon'
permissions={[{action: 'manager:delete_file', resource: `file:path:${item.relative_dirname}/${item.filename}`}]}
permissions={[{action: `${((this.tableProps || {}).clusterStatus || {}).contextConfigServer}:delete_file`, resource: `file:path:${item.relative_dirname}/${item.filename}`}]}
aria-label="Delete content"
iconType="trash"
tooltip={{position: 'top', content:`Remove ${item.filename} file`}}
Expand All @@ -248,6 +248,24 @@ export default class RulesetColumns {
]
};

const getEditButtonPermissions = (item) => {
return [
{
action: `${((this.tableProps || {}).clusterStatus || {}).contextConfigServer}:read_file`,
resource: `file:path:${item.relative_dirname}/${item.filename}`,
},
{
action: `${((this.tableProps || {}).clusterStatus || {}).contextConfigServer}:read`,
resource: `node:id:*`,
},
{ action: 'lists:read', resource: `list:path:${item.filename}` },
{
action: `cluster:status`,
resource: `*:*:*`,
},
];
};

this.columns.lists[2] =
{
name: 'Actions',
Expand All @@ -258,7 +276,7 @@ export default class RulesetColumns {
<div>
<WzButtonPermissions
buttonType='icon'
permissions={[[{action: 'manager:read_file', resource: `file:path:${item.relative_dirname}/${item.filename}`}, {action: 'manager:read', resource: `file:path:${item.relative_dirname}/${item.filename}`}, { action: 'lists:read', resource: `list:path:${item.filename}`}]]}
permissions={getEditButtonPermissions(item)}
aria-label="Edit content"
iconType="pencil"
tooltip={{position: 'top', content: `Edit ${item.filename} content`}}
Expand All @@ -272,7 +290,7 @@ export default class RulesetColumns {
/>
<WzButtonPermissions
buttonType='icon'
permissions={[{action: 'manager:delete_file', resource: `file:path:${item.relative_dirname}/${item.filename}`}]}
permissions={[{action: `${((this.tableProps || {}).clusterStatus || {}).contextConfigServer}:delete_file`, resource: `file:path:${item.relative_dirname}/${item.filename}`}]}
aria-label="Show content"
iconType="trash"
tooltip={{position: 'top', content:(defaultItems.indexOf(`${item.relative_dirname}`) === -1) ? `Delete ${item.filename}` : `The ${item.filename} list cannot be deleted`}}
Expand Down Expand Up @@ -300,7 +318,7 @@ export default class RulesetColumns {
}
}
};


this.buildColumns();
}
Expand Down
13 changes: 12 additions & 1 deletion public/redux/actions/appStateActions.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -157,4 +157,15 @@ export const updateToastNotificationsModal = toastNotification => {
type: 'UPDATE_TOAST_NOTIFICATIONS_MODAL',
toastNotification
};
};
};

/**
* Updates ClusterOrManagerConfiguration in the appState store
* @param clusterStatus
*/
export const updateClusterStatus = (clusterStatus) => {
return {
type: 'UPDATE_CLUSTER_STATUS',
clusterStatus,
};
};
15 changes: 13 additions & 2 deletions public/redux/reducers/appStateReducers.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,11 @@ const initialState = {
showExploreAgentModalGlobal: false,
userPermissions: {},
userRoles: [],
toastNotification: false
toastNotification: false,
clusterStatus: {
status: false,
contextConfigServer: 'manager',
},
};

const appStateReducers = (state = initialState, action) => {
Expand All @@ -33,7 +37,7 @@ const appStateReducers = (state = initialState, action) => {
currentAPI: action.currentAPI
};
}

if (action.type === 'SHOW_MENU') {
return {
...state,
Expand Down Expand Up @@ -120,6 +124,13 @@ const appStateReducers = (state = initialState, action) => {
};
}

if (action.type === 'UPDATE_CLUSTER_STATUS') {
return {
...state,
clusterStatus: action.clusterStatus,
frankeros marked this conversation as resolved.
Show resolved Hide resolved
};
}

return state;
};

Expand Down