Home Explore Help
Sign In
tum
/
soc
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Commits 3 Releases 0 Wiki

No Description

Tree: 9bd700d33c
Branches Tags
soc
/
iris-web
/
source
/
app
/
datamgmt
/
manage
/
manage_acces...

manage_access_control_db.py 4.4KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160 
  1. #  IRIS Source Code
    2. 

  2. #  contact@dfir-iris.org
    3. 

  3. #
    4. 

  4. #  This program is free software; you can redistribute it and/or
    5. 

  5. #  modify it under the terms of the GNU Lesser General Public
    6. 

  6. #  License as published by the Free Software Foundation; either
    7. 

  7. #  version 3 of the License, or (at your option) any later version.
    8. 

  8. #
    9. 

  9. #  This program is distributed in the hope that it will be useful,
    10. 

  10. #  but WITHOUT ANY WARRANTY; without even the implied warranty of
    11. 

  11. #  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    12. 

  12. #  Lesser General Public License for more details.
    13. 

  13. #
    14. 

  14. #  You should have received a copy of the GNU Lesser General Public License
    15. 

  15. #  along with this program; if not, write to the Free Software Foundation,
    16. 

  16. #  Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
    17. 

  17. 

  18. from app import ac_current_user_has_permission
    19. 

  19. from app.models.cases import Cases
    20. 

  20. from app.models.authorization import Group
    21. 

  21. from app.models.authorization import UserClient
    22. 

  22. from app.models.authorization import Permissions
    23. 

  23. from app.models.authorization import CaseAccessLevel
    24. 

  24. from app.models.authorization import GroupCaseAccess
    25. 

  25. from app.models.authorization import Organisation
    26. 

  26. from app.models.authorization import OrganisationCaseAccess
    27. 

  27. from app.models.authorization import User
    28. 

  28. from app.models.authorization import UserCaseAccess
    29. 

  29. 

  30. from typing import Optional
    31. 

  31. 

  32. 

  33. def manage_ac_audit_users_db():
    34. 

  34.     uca = UserCaseAccess.query.with_entities(
    35. 

  35.         User.name,
    36. 

  36.         User.user,
    37. 

  37.         User.id,
    38. 

  38.         User.uuid,
    39. 

  39.         UserCaseAccess.access_level,
    40. 

  40.         Cases.name,
    41. 

  41.         Cases.case_id
    42. 

  42.     ).join(
    43. 

  43.         UserCaseAccess.case
    44. 

  44.     ).join(
    45. 

  45.         UserCaseAccess.user
    46. 

  46.     ).all()
    47. 

  47. 

  48.     gca = GroupCaseAccess.query.with_entities(
    49. 

  49.         Group.group_name,
    50. 

  50.         Group.group_id,
    51. 

  51.         Group.group_uuid,
    52. 

  52.         GroupCaseAccess.access_level,
    53. 

  53.         Cases.name,
    54. 

  54.         Cases.case_id
    55. 

  55.     ).join(
    56. 

  56.         GroupCaseAccess.case
    57. 

  57.     ).join(
    58. 

  58.         GroupCaseAccess.group
    59. 

  59.     ).all()
    60. 

  60. 

  61.     oca = OrganisationCaseAccess.query.with_entities(
    62. 

  62.         Organisation.org_name,
    63. 

  63.         Organisation.org_id,
    64. 

  64.         Organisation.org_uuid,
    65. 

  65.         OrganisationCaseAccess.access_level,
    66. 

  66.         Cases.name,
    67. 

  67.         Cases.case_id
    68. 

  68.     ).all()
    69. 

  69. 

  70.     ret = {
    71. 

  71.         'users': [u._asdict() for u in uca],
    72. 

  72.         'groups': [g._asdict() for g in gca],
    73. 

  73.         'organisations': [o._asdict() for o in oca]
    74. 

  74.     }
    75. 

  75. 

  76.     return ret
    77. 

  77. 

  78. 

  79. def check_ua_case_client(user_id: int, case_id: int) -> Optional[UserClient]:
    80. 

  80.     """Check if the user has access to the case, through the customer of the case
    81. 

  81.        (in other words, check that the customer of the case is assigned to the user)
    82. 

  82. 

  83.     Args:
    84. 

  84.         user_id (int): identifier of the user
    85. 

  85.         case_id (int): identifier of the case
    86. 

  86. 

  87.     Returns:
    88. 

  88.         UserClient: the user relationship with the customer of the case, if it is assigned to the user
    89. 

  89.                     None otherwise
    90. 

  90.     """
    91. 

  91.     if ac_current_user_has_permission(Permissions.server_administrator):
    92. 

  92.         # Return a dummy object
    93. 

  93.         uc = UserClient()
    94. 

  94.         uc.access_level = CaseAccessLevel.full_access.value
    95. 

  95.         return uc
    96. 

  96. 

  97.     result = UserClient.query.filter(
    98. 

  98.         UserClient.user_id == user_id,
    99. 

  99.         Cases.case_id == case_id
    100. 

  100.     ).join(Cases,
    101. 

  101.            UserClient.client_id == Cases.client_id
    102. 

  102.     ).first()
    103. 

  103. 

  104.     return result
    105. 

  105. 

  106. 

  107. def get_client_users(client_id: int) -> list:
    108. 

  108.     """Get users for a client
    109. 

  109. 

  110.     Args:
    111. 

  111.         client_id (int): Client ID
    112. 

  112. 

  113.     Returns:
    114. 

  114.         list: List of users
    115. 

  115.     """
    116. 

  116.     result = UserClient.query.filter(
    117. 

  117.         UserClient.client_id == client_id
    118. 

  118.     ).all()
    119. 

  119. 

  120.     return result
    121. 

  121. 

  122. 

  123. def get_user_clients_id(user_id: int) -> list:
    124. 

  124.     """Get clients for a user
    125. 

  125. 

  126.     Args:
    127. 

  127.         user_id (int): User ID
    128. 

  128. 

  129.     Returns:
    130. 

  130.         list: List of clients
    131. 

  131.     """
    132. 

  132.     result = UserClient.query.filter(
    133. 

  133.         UserClient.user_id == user_id
    134. 

  134.     ).with_entities(
    135. 

  135.         UserClient.client_id
    136. 

  136.     ).all()
    137. 

  137. 

  138.     return [r[0] for r in result]
    139. 

  139. 

  140. 

  141. def user_has_client_access(user_id: int, client_id: int) -> bool:
    142. 

  142.     """Check if a user has access to a client
    143. 

  143. 

  144.     Args:
    145. 

  145.         user_id (int): User ID
    146. 

  146.         client_id (int): Client ID
    147. 

  147. 

  148.     Returns:
    149. 

  149.         bool: True if the user has access to the client
    150. 

  150.     """
    151. 

  151.     if ac_current_user_has_permission(Permissions.server_administrator):
    152. 

  152.         return True
    153. 

  153. 

  154.     result = UserClient.query.filter(
    155. 

  155.         UserClient.user_id == user_id,
    156. 

  156.         UserClient.client_id == client_id
    157. 

  157.     ).first()
    158. 

  158. 

  159.     return result is not None
    160. 

  160.