Skip to content

Commit

Permalink
Merge pull request #893 from intuitem/fix/manager_permissions
Browse files Browse the repository at this point in the history
rationalize permissions
  • Loading branch information
nas-tabchiche authored Oct 3, 2024
2 parents 13e922c + afca101 commit 606177d
Show file tree
Hide file tree
Showing 3 changed files with 287 additions and 201 deletions.
6 changes: 3 additions & 3 deletions backend/app_tests/api/test_utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ def expected_request_response(
# User has access to the domain
return False, expected_status, "ok"
else:
return False, expected_status, "outside_scope"
return True, expected_status, "outside_scope"
else:
# User has not permission to perform the action
if (
Expand Down Expand Up @@ -771,7 +771,7 @@ def update_object(
), f"{verbose_name} object detail can not be accessed with permission"
else:
assert (
response.status_code == status.HTTP_403_FORBIDDEN
response.status_code == status.HTTP_404_NOT_FOUND
), f"{verbose_name} object detail can be accessed without permission"

if not (fails or user_perm_fails):
Expand Down Expand Up @@ -911,7 +911,7 @@ def delete_object(
), f"{verbose_name} object detail can not be accessed with permission"
else:
assert (
response.status_code == status.HTTP_403_FORBIDDEN
response.status_code == status.HTTP_404_NOT_FOUND
), f"{verbose_name} object detail can be accessed without permission"

# Asserts that the object was deleted successfully
Expand Down
239 changes: 138 additions & 101 deletions backend/core/startup.py
Original file line number Diff line number Diff line change
Expand Up @@ -11,28 +11,32 @@
logger = get_logger(__name__)

READER_PERMISSIONS_LIST = [
"view_project",
"view_riskassessment",
"view_appliedcontrol",
"view_policy",
"view_riskscenario",
"view_riskacceptance",
"view_asset",
"view_threat",
"view_referencecontrol",
"view_folder",
"view_usergroup",
"view_riskmatrix",
"view_complianceassessment",
"view_requirementassessment",
"view_requirementnode",
"view_entity",
"view_entityassessment",
"view_evidence",
"view_folder",
"view_framework",
"view_loadedlibrary",
"view_policy",
"view_project",
"view_referencecontrol",
"view_representative",
"view_requirementassessment",
"view_requirementmapping",
"view_requirementmappingset",
"view_requirementnode",
"view_riskacceptance",
"view_riskassessment",
"view_riskmatrix",
"view_riskscenario",
"view_solution",
"view_storedlibrary",
"view_threat",
"view_user",
"view_requirementmappingset",
"view_requirementmapping",
"view_usergroup",
]

APPROVER_PERMISSIONS_LIST = [
Expand Down Expand Up @@ -62,120 +66,153 @@
]

ANALYST_PERMISSIONS_LIST = [
"add_appliedcontrol",
"add_asset",
"add_complianceassessment",
"add_evidence",
"add_policy",
"add_project",
"view_project",
"change_project",
"delete_project",
"add_riskacceptance",
"add_riskassessment",
"view_riskassessment",
"change_riskassessment",
"delete_riskassessment",
"add_appliedcontrol",
"view_appliedcontrol",
"add_riskscenario",
"add_solution",
"add_threat",
"change_appliedcontrol",
"delete_appliedcontrol",
"add_policy",
"view_policy",
"change_asset",
"change_complianceassessment",
"change_entity",
"change_entityassessment",
"change_evidence",
"change_policy",
"delete_policy",
"add_riskscenario",
"view_riskscenario",
"change_riskscenario",
"delete_riskscenario",
"add_riskacceptance",
"view_riskacceptance",
"change_project",
"change_referencecontrol",
"change_representative",
"change_requirementassessment",
"change_riskacceptance",
"delete_riskacceptance",
"add_complianceassessment",
"view_complianceassessment",
"change_complianceassessment",
"change_riskassessment",
"change_riskscenario",
"change_solution",
"change_threat",
"delete_appliedcontrol",
"delete_asset",
"delete_complianceassessment",
"view_requirementassessment",
"change_requirementassessment",
"add_evidence",
"view_evidence",
"change_evidence",
"delete_entity",
"delete_entityassessment",
"delete_evidence",
"add_asset",
"view_asset",
"change_asset",
"delete_asset",
"add_threat",
"view_threat",
"change_threat",
"delete_policy",
"delete_project",
"delete_referencecontrol",
"delete_representative",
"delete_riskacceptance",
"delete_riskassessment",
"delete_riskscenario",
"delete_solution",
"delete_threat",
"view_referencecontrol",
"view_appliedcontrol",
"view_asset",
"view_complianceassessment",
"view_entity",
"view_entityassessment",
"view_evidence",
"view_folder",
"view_usergroup",
"view_riskmatrix",
"view_requirementnode",
"view_framework",
"view_storedlibrary",
"view_loadedlibrary",
"view_user",
"view_requirementmappingset",
"view_policy",
"view_project",
"view_referencecontrol",
"view_representative",
"view_requirementassessment",
"view_requirementmapping",
"view_requirementmappingset",
"view_requirementnode",
"view_riskacceptance",
"view_riskassessment",
"view_riskmatrix",
"view_riskscenario",
"view_solution",
"view_storedlibrary",
"view_threat",
"view_user",
"view_usergroup",
]

DOMAIN_MANAGER_PERMISSIONS_LIST = [
"change_usergroup",
"view_usergroup",
"add_project",
"change_project",
"delete_project",
"view_project",
"add_riskassessment",
"view_riskassessment",
"change_riskassessment",
"delete_riskassessment",
"add_appliedcontrol",
"view_appliedcontrol",
"change_appliedcontrol",
"delete_appliedcontrol",
"add_asset",
"add_complianceassessment",
"add_entity",
"add_entityassessment",
"add_evidence",
"add_folder",
"add_policy",
"view_policy",
"change_policy",
"delete_policy",
"add_riskscenario",
"view_riskscenario",
"change_riskscenario",
"delete_riskscenario",
"add_project",
"add_riskacceptance",
"view_riskacceptance",
"change_riskacceptance",
"delete_riskacceptance",
"add_asset",
"view_asset",
"change_asset",
"delete_asset",
"add_riskassessment",
"add_riskmatrix",
"add_riskscenario",
"add_solution",
"add_threat",
"view_threat",
"change_threat",
"delete_threat",
"view_referencecontrol",
"view_folder",
"change_appliedcontrol",
"change_asset",
"change_complianceassessment",
"change_entity",
"change_entityassessment",
"change_evidence",
"change_folder",
"add_riskmatrix",
"view_riskmatrix",
"change_policy",
"change_project",
"change_referencecontrol",
"change_representative",
"change_requirementassessment",
"change_riskacceptance",
"change_riskassessment",
"change_riskmatrix",
"change_riskscenario",
"change_solution",
"change_threat",
"delete_appliedcontrol",
"delete_asset",
"delete_complianceassessment",
"delete_entity",
"delete_entityassessment",
"delete_evidence",
"delete_folder",
"delete_policy",
"delete_project",
"delete_referencecontrol",
"delete_representative",
"delete_riskacceptance",
"delete_riskassessment",
"delete_riskmatrix",
"add_complianceassessment",
"delete_riskscenario",
"delete_solution",
"delete_threat",
"view_appliedcontrol",
"view_asset",
"view_complianceassessment",
"change_complianceassessment",
"delete_complianceassessment",
"view_requirementassessment",
"change_requirementassessment",
"add_evidence",
"view_entity",
"view_entityassessment",
"view_evidence",
"change_evidence",
"delete_evidence",
"view_requirementnode",
"view_folder",
"view_framework",
"view_storedlibrary",
"view_loadedlibrary",
"view_user",
"view_requirementmappingset",
"view_policy",
"view_project",
"view_referencecontrol",
"view_representative",
"view_requirementassessment",
"view_requirementmapping",
"view_requirementmappingset",
"view_requirementnode",
"view_riskacceptance",
"view_riskassessment",
"view_riskmatrix",
"view_riskscenario",
"view_solution",
"view_storedlibrary",
"view_threat",
"view_user",
"view_usergroup",
]

ADMINISTRATOR_PERMISSIONS_LIST = [
Expand Down
Loading

0 comments on commit 606177d

Please sign in to comment.