Skip to content

Commit

Permalink
[backend/frontend] Prevent users from deleting documents used as SP l…
Browse files Browse the repository at this point in the history 
…ogos (#1660)
  • Loading branch information
@Dimfacion
Dimfacion committed Oct 17, 2024
1 parent 946652b commit a55da06
Show file tree
Hide file tree
Showing 5 changed files with 25 additions and 8 deletions.
13 changes: 11 additions & 2 deletions openbas-api/src/main/java/io/openbas/rest/document/DocumentApi.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -269,13 +269,18 @@ public List<RawDocument> documents() {
@PostMapping("/api/documents/search")
public Page<RawPaginationDocument> searchDocuments(@RequestBody @Valid final SearchPaginationInput searchPaginationInput) {
OpenBASPrincipal user = currentUser();
List<Document> securityPlatformLogos = securityPlatformRepository.securityPlatformLogo();
if (user.isAdmin()) {
return buildPaginationJPA(
(Specification<Document> specification, Pageable pageable) -> this.documentRepository.findAll(
specification, pageable),
searchPaginationInput,
Document.class
).map(RawPaginationDocument::new);
).map((document) -> {
var rawPaginationDocument = new RawPaginationDocument(document);
rawPaginationDocument.setDocument_can_be_deleted(!securityPlatformLogos.contains(document));
return rawPaginationDocument;
});
} else {
return buildPaginationJPA(
(Specification<Document> specification, Pageable pageable) -> this.documentRepository.findAll(
Expand All @@ -284,7 +289,11 @@ public Page<RawPaginationDocument> searchDocuments(@RequestBody @Valid final Sea
),
searchPaginationInput,
Document.class
).map(RawPaginationDocument::new);
).map((document) -> {
var rawPaginationDocument = new RawPaginationDocument(document);
rawPaginationDocument.setDocument_can_be_deleted(!securityPlatformLogos.contains(document));
return rawPaginationDocument;
});
}
}

Expand Down
2 changes: 1 addition & 1 deletion openbas-front/src/admin/components/components/documents/DocumentPopover.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -164,7 +164,7 @@ const DocumentPopover = (props) => {
</MenuItem>
)}
{!onRemoveDocument && (
<MenuItem onClick={handleOpenDelete}>
<MenuItem onClick={handleOpenDelete} disabled={!document.document_can_be_deleted}>
{t('Delete')}
</MenuItem>
)}
Expand Down
10 changes: 5 additions & 5 deletions openbas-front/src/utils/api-types.d.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1439,6 +1439,7 @@ export interface InjectorConnection {

export interface InjectorContract {
convertedContent?: object;
injector_contract_arch?: "x86_64" | "arm64" | "Unknown";
injector_contract_atomic_testing?: boolean;
injector_contract_attack_patterns?: AttackPattern[];
injector_contract_content: string;
Expand Down Expand Up @@ -1493,6 +1494,7 @@ export interface InjectorContractInput {
}

export interface InjectorContractOutput {
injector_contract_arch?: "x86_64" | "arm64" | "Unknown";
injector_contract_attack_patterns?: string[];
injector_contract_content: string;
injector_contract_id: string;
Expand All @@ -1509,7 +1511,6 @@ export interface InjectorContractOutput {
| "Internal"
| "Unknown"
)[];
injector_contract_arch?: "x86_64" | "arm64";
}

export interface InjectorContractUpdateInput {
Expand Down Expand Up @@ -2363,7 +2364,6 @@ export interface Payload {
payload_type?: string;
/** @format date-time */
payload_updated_at: string;
executable_arch?: "x86_64" | "arm64";
}

export interface PayloadArgument {
Expand All @@ -2377,8 +2377,8 @@ export interface PayloadCreateInput {
command_content?: string;
command_executor?: string;
dns_resolution_hostname?: string;
executable_arch?: "x86_64" | "arm64" | "Unknown";
executable_file?: string;
executable_arch?: "x86_64" | "arm64";
file_drop_file?: string;
payload_arguments?: PayloadArgument[];
payload_attack_patterns?: string[];
Expand All @@ -2405,6 +2405,7 @@ export interface PayloadUpdateInput {
command_content?: string;
command_executor?: string;
dns_resolution_hostname?: string;
executable_arch?: "x86_64" | "arm64" | "Unknown";
executable_file?: string;
file_drop_file?: string;
payload_arguments?: PayloadArgument[];
Expand Down Expand Up @@ -2598,6 +2599,7 @@ export interface RawDocument {
}

export interface RawPaginationDocument {
document_can_be_deleted?: boolean;
document_description?: string;
document_exercises?: string[];
document_id?: string;
Expand Down Expand Up @@ -2631,8 +2633,6 @@ export interface RawPaginationScenario {
}

export interface RawUser {
/** @format date-time */
user_created_at?: string;
user_email?: string;
user_firstname?: string;
user_gravatar?: string;
Expand Down
1 change: 1 addition & 0 deletions openbas-model/src/main/java/io/openbas/database/raw/RawPaginationDocument.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ public class RawPaginationDocument {
List<String> document_scenarios;
String document_type;
List<String> document_tags;
boolean document_can_be_deleted = true;

public RawPaginationDocument(final Document document) {
this.document_id = document.getId();
Expand Down
7 changes: 7 additions & 0 deletions openbas-model/src/main/java/io/openbas/database/repository/SecurityPlatformRepository.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package io.openbas.database.repository;

import io.openbas.database.model.Document;
import io.openbas.database.model.SecurityPlatform;
import org.springframework.data.jpa.repository.JpaSpecificationExecutor;
import org.springframework.data.jpa.repository.Query;
Expand All @@ -8,6 +9,7 @@
import org.springframework.stereotype.Repository;

import java.time.Instant;
import java.util.List;
import java.util.Optional;

@Repository
Expand All @@ -29,4 +31,9 @@ public interface SecurityPlatformRepository extends CrudRepository<SecurityPlatf
@Override
@Query("select count(distinct s) from SecurityPlatform s where s.createdAt < :creationDate")
long globalCount(@Param("creationDate") Instant creationDate);

@Query("select distinct s.logoDark from SecurityPlatform s " +
"union " +
"select distinct s.logoLight from SecurityPlatform s ")
List<Document> securityPlatformLogo();
}

0 comments on commit a55da06

Please sign in to comment.