diff --git a/backend/app_tests/api/test_utils.py b/backend/app_tests/api/test_utils.py index 448c5073b..a973ebb6c 100644 --- a/backend/app_tests/api/test_utils.py +++ b/backend/app_tests/api/test_utils.py @@ -100,7 +100,7 @@ def expected_request_response( # User has access to the domain return False, expected_status, "ok" else: - return False, expected_status, "outside_scope" + return True, expected_status, "outside_scope" else: # User has not permission to perform the action if ( @@ -771,7 +771,7 @@ def update_object( ), f"{verbose_name} object detail can not be accessed with permission" else: assert ( - response.status_code == status.HTTP_403_FORBIDDEN + response.status_code == status.HTTP_404_NOT_FOUND ), f"{verbose_name} object detail can be accessed without permission" if not (fails or user_perm_fails): @@ -911,7 +911,7 @@ def delete_object( ), f"{verbose_name} object detail can not be accessed with permission" else: assert ( - response.status_code == status.HTTP_403_FORBIDDEN + response.status_code == status.HTTP_404_NOT_FOUND ), f"{verbose_name} object detail can be accessed without permission" # Asserts that the object was deleted successfully diff --git a/backend/core/startup.py b/backend/core/startup.py index 8c2deb181..8c833456d 100644 --- a/backend/core/startup.py +++ b/backend/core/startup.py @@ -11,28 +11,32 @@ logger = get_logger(__name__) READER_PERMISSIONS_LIST = [ - "view_project", - "view_riskassessment", "view_appliedcontrol", - "view_policy", - "view_riskscenario", - "view_riskacceptance", "view_asset", - "view_threat", - "view_referencecontrol", - "view_folder", - "view_usergroup", - "view_riskmatrix", "view_complianceassessment", - "view_requirementassessment", - "view_requirementnode", + "view_entity", + "view_entityassessment", "view_evidence", + "view_folder", "view_framework", "view_loadedlibrary", + "view_policy", + "view_project", + "view_referencecontrol", + "view_representative", + "view_requirementassessment", + "view_requirementmapping", + "view_requirementmappingset", + "view_requirementnode", + "view_riskacceptance", + "view_riskassessment", + "view_riskmatrix", + "view_riskscenario", + "view_solution", "view_storedlibrary", + "view_threat", "view_user", - "view_requirementmappingset", - "view_requirementmapping", + "view_usergroup", ] APPROVER_PERMISSIONS_LIST = [ @@ -62,120 +66,153 @@ ] ANALYST_PERMISSIONS_LIST = [ + "add_appliedcontrol", + "add_asset", + "add_complianceassessment", + "add_evidence", + "add_policy", "add_project", - "view_project", - "change_project", - "delete_project", + "add_riskacceptance", "add_riskassessment", - "view_riskassessment", - "change_riskassessment", - "delete_riskassessment", - "add_appliedcontrol", - "view_appliedcontrol", + "add_riskscenario", + "add_solution", + "add_threat", "change_appliedcontrol", - "delete_appliedcontrol", - "add_policy", - "view_policy", + "change_asset", + "change_complianceassessment", + "change_entity", + "change_entityassessment", + "change_evidence", "change_policy", - "delete_policy", - "add_riskscenario", - "view_riskscenario", - "change_riskscenario", - "delete_riskscenario", - "add_riskacceptance", - "view_riskacceptance", + "change_project", + "change_referencecontrol", + "change_representative", + "change_requirementassessment", "change_riskacceptance", - "delete_riskacceptance", - "add_complianceassessment", - "view_complianceassessment", - "change_complianceassessment", + "change_riskassessment", + "change_riskscenario", + "change_solution", + "change_threat", + "delete_appliedcontrol", + "delete_asset", "delete_complianceassessment", - "view_requirementassessment", - "change_requirementassessment", - "add_evidence", - "view_evidence", - "change_evidence", + "delete_entity", + "delete_entityassessment", "delete_evidence", - "add_asset", - "view_asset", - "change_asset", - "delete_asset", - "add_threat", - "view_threat", - "change_threat", + "delete_policy", + "delete_project", + "delete_referencecontrol", + "delete_representative", + "delete_riskacceptance", + "delete_riskassessment", + "delete_riskscenario", + "delete_solution", "delete_threat", - "view_referencecontrol", + "view_appliedcontrol", + "view_asset", + "view_complianceassessment", + "view_entity", + "view_entityassessment", + "view_evidence", "view_folder", - "view_usergroup", - "view_riskmatrix", - "view_requirementnode", "view_framework", - "view_storedlibrary", "view_loadedlibrary", - "view_user", - "view_requirementmappingset", + "view_policy", + "view_project", + "view_referencecontrol", + "view_representative", + "view_requirementassessment", "view_requirementmapping", + "view_requirementmappingset", + "view_requirementnode", + "view_riskacceptance", + "view_riskassessment", + "view_riskmatrix", + "view_riskscenario", + "view_solution", + "view_storedlibrary", + "view_threat", + "view_user", + "view_usergroup", ] DOMAIN_MANAGER_PERMISSIONS_LIST = [ - "change_usergroup", - "view_usergroup", - "add_project", - "change_project", - "delete_project", - "view_project", - "add_riskassessment", - "view_riskassessment", - "change_riskassessment", - "delete_riskassessment", "add_appliedcontrol", - "view_appliedcontrol", - "change_appliedcontrol", - "delete_appliedcontrol", + "add_asset", + "add_complianceassessment", + "add_entity", + "add_entityassessment", + "add_evidence", + "add_folder", "add_policy", - "view_policy", - "change_policy", - "delete_policy", - "add_riskscenario", - "view_riskscenario", - "change_riskscenario", - "delete_riskscenario", + "add_project", "add_riskacceptance", - "view_riskacceptance", - "change_riskacceptance", - "delete_riskacceptance", - "add_asset", - "view_asset", - "change_asset", - "delete_asset", + "add_riskassessment", + "add_riskmatrix", + "add_riskscenario", + "add_solution", "add_threat", - "view_threat", - "change_threat", - "delete_threat", - "view_referencecontrol", - "view_folder", + "change_appliedcontrol", + "change_asset", + "change_complianceassessment", + "change_entity", + "change_entityassessment", + "change_evidence", "change_folder", - "add_riskmatrix", - "view_riskmatrix", + "change_policy", + "change_project", + "change_referencecontrol", + "change_representative", + "change_requirementassessment", + "change_riskacceptance", + "change_riskassessment", "change_riskmatrix", + "change_riskscenario", + "change_solution", + "change_threat", + "delete_appliedcontrol", + "delete_asset", + "delete_complianceassessment", + "delete_entity", + "delete_entityassessment", + "delete_evidence", + "delete_folder", + "delete_policy", + "delete_project", + "delete_referencecontrol", + "delete_representative", + "delete_riskacceptance", + "delete_riskassessment", "delete_riskmatrix", - "add_complianceassessment", + "delete_riskscenario", + "delete_solution", + "delete_threat", + "view_appliedcontrol", + "view_asset", "view_complianceassessment", - "change_complianceassessment", - "delete_complianceassessment", - "view_requirementassessment", - "change_requirementassessment", - "add_evidence", + "view_entity", + "view_entityassessment", "view_evidence", - "change_evidence", - "delete_evidence", - "view_requirementnode", + "view_folder", "view_framework", - "view_storedlibrary", "view_loadedlibrary", - "view_user", - "view_requirementmappingset", + "view_policy", + "view_project", + "view_referencecontrol", + "view_representative", + "view_requirementassessment", "view_requirementmapping", + "view_requirementmappingset", + "view_requirementnode", + "view_riskacceptance", + "view_riskassessment", + "view_riskmatrix", + "view_riskscenario", + "view_solution", + "view_storedlibrary", + "view_threat", + "view_user", + "view_usergroup", ] ADMINISTRATOR_PERMISSIONS_LIST = [ diff --git a/frontend/tests/utils/test-data.ts b/frontend/tests/utils/test-data.ts index 2d5725daf..3df5269f7 100644 --- a/frontend/tests/utils/test-data.ts +++ b/frontend/tests/utils/test-data.ts @@ -26,140 +26,186 @@ export default { analyst: { name: 'Analyst', perms: [ + 'add_appliedcontrol', + 'add_asset', + 'add_complianceassessment', + 'add_evidence', + 'add_policy', 'add_project', - 'view_project', - 'change_project', - 'delete_project', + 'add_riskacceptance', 'add_riskassessment', - 'view_riskassessment', - 'change_riskassessment', - 'delete_riskassessment', - 'add_appliedcontrol', - 'view_appliedcontrol', + 'add_riskscenario', + 'add_solution', + 'add_threat', 'change_appliedcontrol', - 'delete_appliedcontrol', - 'add_policy', - 'view_policy', + 'change_asset', + 'change_complianceassessment', + 'change_entity', + 'change_entityassessment', + 'change_evidence', 'change_policy', - 'delete_policy', - 'add_riskscenario', - 'view_riskscenario', - 'change_riskscenario', - 'delete_riskscenario', - 'add_riskacceptance', - 'view_riskacceptance', + 'change_project', + 'change_referencecontrol', + 'change_representative', + 'change_requirementassessment', 'change_riskacceptance', - 'delete_riskacceptance', - 'add_complianceassessment', - 'view_complianceassessment', - 'change_complianceassessment', + 'change_riskassessment', + 'change_riskscenario', + 'change_solution', + 'change_threat', + 'delete_appliedcontrol', + 'delete_asset', 'delete_complianceassessment', - 'view_requirementassessment', - 'change_requirementassessment', - 'add_evidence', - 'view_evidence', - 'change_evidence', + 'delete_entity', + 'delete_entityassessment', 'delete_evidence', - 'add_asset', - 'view_asset', - 'change_asset', - 'delete_asset', - 'add_threat', - 'view_threat', - 'change_threat', + 'delete_policy', + 'delete_project', + 'delete_referencecontrol', + 'delete_representative', + 'delete_riskacceptance', + 'delete_riskassessment', + 'delete_riskscenario', + 'delete_solution', 'delete_threat', - 'view_referencecontrol', + 'view_appliedcontrol', + 'view_asset', + 'view_complianceassessment', + 'view_entity', + 'view_entityassessment', + 'view_evidence', 'view_folder', - 'view_usergroup', - 'view_riskmatrix', - 'view_requirementnode', 'view_framework', 'view_loadedlibrary', - 'view_user' + 'view_policy', + 'view_project', + 'view_referencecontrol', + 'view_representative', + 'view_requirementassessment', + 'view_requirementmapping', + 'view_requirementmappingset', + 'view_requirementnode', + 'view_riskacceptance', + 'view_riskassessment', + 'view_riskmatrix', + 'view_riskscenario', + 'view_solution', + 'view_storedlibrary', + 'view_threat', + 'view_user', + 'view_usergroup' ] }, reader: { name: 'Reader', perms: [ - 'view_project', - 'view_riskassessment', 'view_appliedcontrol', - 'view_policy', - 'view_riskscenario', - 'view_riskacceptance', 'view_asset', - 'view_threat', - 'view_referencecontrol', - 'view_folder', - 'view_usergroup', - 'view_riskmatrix', 'view_complianceassessment', - 'view_requirementassessment', - 'view_requirementnode', + 'view_entity', + 'view_entityassessment', 'view_evidence', + 'view_folder', 'view_framework', 'view_loadedlibrary', - 'view_user' + 'view_policy', + 'view_project', + 'view_referencecontrol', + 'view_representative', + 'view_requirementassessment', + 'view_requirementmapping', + 'view_requirementmappingset', + 'view_requirementnode', + 'view_riskacceptance', + 'view_riskassessment', + 'view_riskmatrix', + 'view_riskscenario', + 'view_solution', + 'view_storedlibrary', + 'view_threat', + 'view_user', + 'view_usergroup' ] }, domainManager: { name: 'Domain manager', perms: [ - 'change_usergroup', - 'view_usergroup', - 'add_project', - 'change_project', - 'delete_project', - 'view_project', - 'add_riskassessment', - 'view_riskassessment', - 'change_riskassessment', - 'delete_riskassessment', 'add_appliedcontrol', - 'view_appliedcontrol', - 'change_appliedcontrol', - 'delete_appliedcontrol', + 'add_asset', + 'add_complianceassessment', + 'add_entity', + 'add_entityassessment', + 'add_evidence', + 'add_folder', 'add_policy', - 'view_policy', - 'change_policy', - 'delete_policy', - 'add_riskscenario', - 'view_riskscenario', - 'change_riskscenario', - 'delete_riskscenario', + 'add_project', 'add_riskacceptance', - 'view_riskacceptance', - 'change_riskacceptance', - 'delete_riskacceptance', - 'add_asset', - 'view_asset', - 'change_asset', - 'delete_asset', + 'add_riskassessment', + 'add_riskmatrix', + 'add_riskscenario', + 'add_solution', 'add_threat', - 'view_threat', - 'change_threat', - 'delete_threat', - 'view_referencecontrol', - 'view_folder', + 'change_appliedcontrol', + 'change_asset', + 'change_complianceassessment', + 'change_entity', + 'change_entityassessment', + 'change_evidence', 'change_folder', - 'add_riskmatrix', - 'view_riskmatrix', + 'change_policy', + 'change_project', + 'change_referencecontrol', + 'change_representative', + 'change_requirementassessment', + 'change_riskacceptance', + 'change_riskassessment', 'change_riskmatrix', + 'change_riskscenario', + 'change_solution', + 'change_threat', + 'delete_appliedcontrol', + 'delete_asset', + 'delete_complianceassessment', + 'delete_entity', + 'delete_entityassessment', + 'delete_evidence', + 'delete_folder', + 'delete_policy', + 'delete_project', + 'delete_referencecontrol', + 'delete_representative', + 'delete_riskacceptance', + 'delete_riskassessment', 'delete_riskmatrix', - 'add_complianceassessment', + 'delete_riskscenario', + 'delete_solution', + 'delete_threat', + 'view_appliedcontrol', + 'view_asset', 'view_complianceassessment', - 'change_complianceassessment', - 'delete_complianceassessment', - 'view_requirementassessment', - 'change_requirementassessment', - 'add_evidence', + 'view_entity', + 'view_entityassessment', 'view_evidence', - 'change_evidence', - 'delete_evidence', - 'view_requirementnode', + 'view_folder', 'view_framework', 'view_loadedlibrary', - 'view_user' + 'view_policy', + 'view_project', + 'view_referencecontrol', + 'view_representative', + 'view_requirementassessment', + 'view_requirementmapping', + 'view_requirementmappingset', + 'view_requirementnode', + 'view_riskacceptance', + 'view_riskassessment', + 'view_riskmatrix', + 'view_riskscenario', + 'view_solution', + 'view_storedlibrary', + 'view_threat', + 'view_user', + 'view_usergroup' ] }, approver: { @@ -183,8 +229,11 @@ export default { 'view_requirementnode', 'view_evidence', 'view_framework', + 'view_storedlibrary', 'view_loadedlibrary', - 'view_user' + 'view_user', + 'view_requirementmappingset', + 'view_requirementmapping' ] } },