@@ -11,7 +11,8 @@ import {
1111 PLATFORM_ORGANIZATION ,
1212 queryAsAdmin ,
1313 securityQuery ,
14- USER_EDITOR ,
14+ TEST_ORGANIZATION ,
15+ USER_EDITOR
1516} from '../../utils/testQuery' ;
1617import { queryAsUserIsExpectedForbidden } from '../../utils/testQueryHelper' ;
1718import { executionContext , SYSTEM_USER } from '../../../src/utils/access' ;
@@ -72,7 +73,7 @@ const EDIT_AUTHORIZED_MEMBERS_QUERY = gql`
7273 }
7374` ;
7475
75- describe ( 'Case Incident Response standard behavior with authorized_members activation from entity' , ( ) => {
76+ /* describe('Case Incident Response standard behavior with authorized_members activation from entity', () => {
7677 let caseIncident: CaseIncident;
7778 let userEditorId: string;
7879 // 1. On créé un case incident => on vérifie que l'editor y a accès, que les authorized members sont vide, que le user access right est admin
@@ -93,14 +94,14 @@ describe('Case Incident Response standard behavior with authorized_members activ
9394 expect(caseIncidentResponseCreateQueryResult?.data?.caseIncidentAdd.currentUserAccessRight).toEqual('admin'); // CurrentUser should be admin if authorized members not activated
9495 caseIncident = caseIncidentResponseCreateQueryResult?.data?.caseIncidentAdd;
9596 });
96- it ( 'should Editor User access Case Incident Response' , async ( ) => {
97+ it('should Editor user access Case Incident Response', async () => {
9798 const caseIRQueryResult = await editorQuery({ query: READ_QUERY, variables: { id: caseIncident.id } });
9899 expect(caseIRQueryResult).not.toBeNull();
99100 expect(caseIRQueryResult?.data?.caseIncident).not.toBeUndefined();
100101 expect(caseIRQueryResult?.data?.caseIncident.id).toEqual(caseIncident.id);
101102 });
102103 // On essaye de modifier les authorized members avec le user editor => on vérifie qu'il n'a pas les droits et qu'il se prend une erreur forbidden
103- it ( 'should Editor User not edit authorized members if not in authorized members' , async ( ) => {
104+ it('should Editor user not edit authorized members if not in authorized members', async () => {
104105 userEditorId = await getUserIdByEmail(USER_EDITOR.email);
105106 const authorizedMembers = {
106107 id: caseIncident.id,
@@ -117,7 +118,7 @@ describe('Case Incident Response standard behavior with authorized_members activ
117118 });
118119 });
119120 // On essaye de modifier les authorized members avec l'admin (seulement admin) => on vérifie que ça a bien fonctionné avec l'admin, et on vérifie que l'editor n'a pas accès au case incident
120- it ( 'should Admin User edit authorized members' , async ( ) => {
121+ it('should Admin user edit authorized members', async () => {
121122 // Activate Authorized members
122123 await queryAsAdmin({
123124 query: EDIT_AUTHORIZED_MEMBERS_QUERY,
@@ -145,15 +146,15 @@ describe('Case Incident Response standard behavior with authorized_members activ
145146 }
146147 ]);
147148 });
148- it ( 'should Editor User not access Case Incident Response' , async ( ) => {
149+ it('should Editor user not access Case Incident Response', async () => {
149150 const caseIRQueryResult = await editorQuery({ query: READ_QUERY, variables: { id: caseIncident.id } });
150151 expect(caseIRQueryResult).not.toBeNull();
151152 expect(caseIRQueryResult?.data?.caseIncident).not.toBeUndefined();
152153 expect(caseIRQueryResult?.data?.caseIncident).toBeNull();
153154 });
154155 // On modifie les authorized members avec l'admin en ajoutant l'editor en view => on vérifie que l'editor a bien accès au case incident
155- it ( 'should Admin User edit authorized members: Editor has view access right' , async ( ) => {
156- // Add Editor User in authorized members
156+ it('should Admin user edit authorized members: Editor has view access right', async () => {
157+ // Add Editor user in authorized members
157158 await queryAsAdmin({
158159 query: EDIT_AUTHORIZED_MEMBERS_QUERY,
159160 variables: {
@@ -188,14 +189,14 @@ describe('Case Incident Response standard behavior with authorized_members activ
188189 }
189190 ]);
190191 });
191- it ( 'should Editor User access Case Incident Response' , async ( ) => {
192+ it('should Editor user access Case Incident Response', async () => {
192193 const caseIRQueryResult = await editorQuery({ query: READ_QUERY, variables: { id: caseIncident.id } });
193194 expect(caseIRQueryResult).not.toBeNull();
194195 expect(caseIRQueryResult?.data?.caseIncident).not.toBeUndefined();
195196 expect(caseIRQueryResult?.data?.caseIncident.id).toEqual(caseIncident.id);
196197 });
197198 // On essaye d'editer le case avec l'editor => forbidden parce qu'il a seulement l'accès en view
198- it ( 'should Editor User not edit case incident with view access right' , async ( ) => {
199+ it('should Editor user not edit case incident with view access right', async () => {
199200 const authorizedMembers = {
200201 id: caseIncident.id,
201202 input: [
@@ -211,7 +212,7 @@ describe('Case Incident Response standard behavior with authorized_members activ
211212 });
212213 });
213214 // On modifie les authorized members avec l'admin en mettant l'editor en 'edit', et on vérifie qu'il peut bien éditer un case incident (description)
214- it ( 'should Admin User edit authorized members: Editor has edit access right' , async ( ) => {
215+ it('should Admin user edit authorized members: Editor has edit access right', async () => {
215216 await queryAsAdmin({
216217 query: EDIT_AUTHORIZED_MEMBERS_QUERY,
217218 variables: {
@@ -246,7 +247,7 @@ describe('Case Incident Response standard behavior with authorized_members activ
246247 }
247248 ]);
248249 });
249- it ( 'should Editor User edit case incident' , async ( ) => {
250+ it('should Editor user edit case incident', async () => {
250251 const UPDATE_QUERY = gql`
251252 mutation CaseIncident($id: ID!, $input: [EditInput]!) {
252253 stixDomainObjectEdit(id: $id) {
@@ -266,14 +267,14 @@ describe('Case Incident Response standard behavior with authorized_members activ
266267 expect(queryResult?.data?.stixDomainObjectEdit.fieldPatch.name).toEqual('Case Incident Response - updated');
267268 });
268269 // l'editor essaye de delete le case incident => forbidden parce qu'il a seulement l'accès en edit
269- it ( 'should Editor User not delete case incident with edit access right' , async ( ) => {
270+ it('should Editor user not delete case incident with edit access right', async () => {
270271 await queryAsUserIsExpectedForbidden(USER_EDITOR.client, {
271272 query: DELETE_QUERY,
272273 variables: { id: caseIncident.id },
273274 });
274275 });
275276 // On modifie les authorized members avec l'admin en mettant l'editor en 'admin', et on delete le case avec l'editor
276- it ( 'should Admin User edit authorized members: Editor has admin access right' , async ( ) => {
277+ it('should Admin user edit authorized members: Editor has admin access right', async () => {
277278 await queryAsAdmin({
278279 query: EDIT_AUTHORIZED_MEMBERS_QUERY,
279280 variables: {
@@ -308,7 +309,7 @@ describe('Case Incident Response standard behavior with authorized_members activ
308309 }
309310 ]);
310311 });
311- it ( 'should Editor User Case Incident Response deleted' , async ( ) => {
312+ it('should Editor user Case Incident Response deleted', async () => {
312313 // Delete the case
313314 await editorQuery({
314315 query: DELETE_QUERY,
@@ -485,9 +486,10 @@ describe('Case Incident Response and organization sharing standard behavior with
485486 expect(queryResult).not.toBeNull();
486487 expect(queryResult?.data?.caseIncident).toBeNull();
487488 });
488- } ) ;
489+ }); */
489490
490491describe ( 'Case Incident Response and organization sharing standard behavior with platform organization' , ( ) => {
492+ let platformOrganizationId : string ;
491493 let testOrganizationId : string ;
492494 let caseIrId : string ;
493495 let userEditorId : string ;
@@ -506,9 +508,10 @@ describe('Case Incident Response and organization sharing standard behavior with
506508 }
507509 }
508510 ` ;
511+ // 1. 'should plateform organization sharing and EE activated' => OK avec PlaformOrganization
509512 it ( 'should plateform organization sharing and EE activated' , async ( ) => {
510513 // Get organization id
511- testOrganizationId = await getOrganizationIdByName ( PLATFORM_ORGANIZATION . name ) ;
514+ platformOrganizationId = await getOrganizationIdByName ( PLATFORM_ORGANIZATION . name ) ;
512515
513516 // Get settings ID
514517 const SETTINGS_READ_QUERY = gql `
@@ -531,7 +534,7 @@ describe('Case Incident Response and organization sharing standard behavior with
531534 variables : {
532535 id : settingsInternalId ,
533536 input : [
534- { key : 'platform_organization' , value : testOrganizationId } ,
537+ { key : 'platform_organization' , value : platformOrganizationId } ,
535538 { key : 'enterprise_edition' , value : new Date ( ) . getTime ( ) } ,
536539 ]
537540 }
@@ -542,6 +545,7 @@ describe('Case Incident Response and organization sharing standard behavior with
542545 expect ( platformOrganization ?. data ?. settingsEdit . fieldPatch . enterprise_edition ) . not . toBeUndefined ( ) ;
543546 expect ( platformOrganization ?. data ?. settingsEdit . fieldPatch . platform_organization . name ) . toEqual ( PLATFORM_ORGANIZATION . name ) ;
544547 } ) ;
548+ // 2. 'should Case Incident Response created' => OK
545549 it ( 'should Case Incident Response created' , async ( ) => {
546550 // Create Case Incident Response
547551 const caseIRCreateQueryResult = await adminQuery ( {
@@ -554,21 +558,17 @@ describe('Case Incident Response and organization sharing standard behavior with
554558 } ) ;
555559
556560 expect ( caseIRCreateQueryResult ) . not . toBeNull ( ) ;
557- expect ( caseIRCreateQueryResult ?. data ?. caseIncidentAdd . authorized_members ) . not . toBeUndefined ( ) ;
558- expect ( caseIRCreateQueryResult ?. data ?. caseIncidentAdd . authorized_members ) . toEqual ( [ ] ) ; // authorized members not activated
561+ expect ( caseIRCreateQueryResult ?. data ?. caseIncidentAdd ) . not . toBeUndefined ( ) ;
559562 caseIrId = caseIRCreateQueryResult ?. data ?. caseIncidentAdd . id ;
560563 } ) ;
561- it ( 'should not access Case Incident Response if no organization' , async ( ) => {
562- const caseIRQueryResult = await participantQuery ( { query : READ_QUERY , variables : { id : caseIrId } } ) ;
563- expect ( caseIRQueryResult ) . not . toBeNull ( ) ;
564- expect ( caseIRQueryResult . data ?. caseIncident ) . toBeNull ( ) ;
565- } ) ;
566- it ( 'should not access Case Incident Response from different organization' , async ( ) => {
564+ // 3. On vérifie que editor n'a pas accès au case incident parce que editor fait partie de l'orga TestOrganization ('should not access Case Incident Response out of his organization')
565+ it ( 'should Editor user not access Case Incident Response' , async ( ) => {
567566 const caseIRQueryResult = await editorQuery ( { query : READ_QUERY , variables : { id : caseIrId } } ) ;
568567 expect ( caseIRQueryResult ) . not . toBeNull ( ) ;
569568 expect ( caseIRQueryResult . data ?. caseIncident ) . toBeNull ( ) ;
570569 } ) ;
571- it ( 'should Authorized Members activated' , async ( ) => {
570+ // 4. 'should Authorized Members activated' avec editor en view => OK
571+ it ( 'should Admin user Authorized Members activated' , async ( ) => {
572572 userEditorId = await getUserIdByEmail ( USER_EDITOR . email ) ;
573573 await queryAsAdmin ( {
574574 query : EDIT_AUTHORIZED_MEMBERS_QUERY ,
@@ -604,12 +604,69 @@ describe('Case Incident Response and organization sharing standard behavior with
604604 }
605605 ] ) ;
606606 } ) ;
607- it ( 'should access Case Incident Response out of her organization if authorized members activated' , async ( ) => {
607+ // 5. 'should access Case Incident Response out of her organization if authorized members activated' => OK
608+ it ( 'should Editor user access Case Incident Response out of her organization if authorized members activated' , async ( ) => {
609+ const caseIRQueryResult = await editorQuery ( { query : READ_QUERY , variables : { id : caseIrId } } ) ;
610+ expect ( caseIRQueryResult ) . not . toBeNull ( ) ;
611+ expect ( caseIRQueryResult ?. data ?. caseIncident ) . not . toBeUndefined ( ) ;
612+ expect ( caseIRQueryResult ?. data ?. caseIncident . id ) . toEqual ( caseIrId ) ;
613+ } ) ;
614+ // 6. On enlève les authorized members, et on vérifie que l'editor n'as plus accès au case
615+ it ( 'should Admin user removes Editor user from authorized members' , async ( ) => {
616+ await queryAsAdmin ( {
617+ query : EDIT_AUTHORIZED_MEMBERS_QUERY ,
618+ variables : {
619+ id : caseIrId ,
620+ input : [
621+ {
622+ id : ADMIN_USER . id ,
623+ access_right : 'admin'
624+ }
625+ ]
626+ }
627+ } ) ;
628+ // Verify Editor user has no more access to Case incident
629+ const caseIRQueryResult = await editorQuery ( { query : READ_QUERY , variables : { id : caseIrId } } ) ;
630+ expect ( caseIRQueryResult ) . not . toBeNull ( ) ;
631+ expect ( caseIRQueryResult . data ?. caseIncident ) . toBeNull ( ) ;
632+ } ) ;
633+ // 7. On share le case à la platform orga "Test" dont fait partie l'editor, et on vérifie que l'editor y a accès maintenant
634+ it ( 'should share Case Incident Response with Organization' , async ( ) => {
635+ // Get organization id
636+ testOrganizationId = await getOrganizationIdByName ( TEST_ORGANIZATION . name ) ;
637+ const ORGANIZATION_SHARING_QUERY = gql `
638+ mutation StixCoreObjectSharingGroupAddMutation(
639+ $id: ID!
640+ $organizationId: ID!
641+ ) {
642+ stixCoreObjectEdit(id: $id) {
643+ restrictionOrganizationAdd(organizationId: $organizationId) {
644+ id
645+ objectOrganization {
646+ id
647+ name
648+ }
649+ }
650+ }
651+ }
652+ ` ;
653+
654+ const organizationSharingQueryResult = await adminQuery ( {
655+ query : ORGANIZATION_SHARING_QUERY ,
656+ variables : { id : caseIrId , organizationId : testOrganizationId }
657+ } ) ;
658+ expect ( organizationSharingQueryResult ) . not . toBeNull ( ) ;
659+ expect ( organizationSharingQueryResult ?. data ?. stixCoreObjectEdit . restrictionOrganizationAdd ) . not . toBeNull ( ) ;
660+ expect ( organizationSharingQueryResult ?. data ?. stixCoreObjectEdit . restrictionOrganizationAdd . objectOrganization [ 0 ] . name ) . toEqual ( TEST_ORGANIZATION . name ) ;
661+
662+ // Verify Editor user has access to Case incident
608663 const caseIRQueryResult = await editorQuery ( { query : READ_QUERY , variables : { id : caseIrId } } ) ;
664+ console . log ( JSON . stringify ( caseIRQueryResult ) ) ;
609665 expect ( caseIRQueryResult ) . not . toBeNull ( ) ;
610666 expect ( caseIRQueryResult ?. data ?. caseIncident ) . not . toBeUndefined ( ) ;
611667 expect ( caseIRQueryResult ?. data ?. caseIncident . id ) . toEqual ( caseIrId ) ;
612668 } ) ;
669+ // 'should plateform organization sharing and EE deactivated' => OK
613670 it ( 'should plateform organization sharing and EE deactivated' , async ( ) => {
614671 // Remove plateform organization
615672 const platformOrganization = await adminQuery ( {
@@ -623,6 +680,7 @@ describe('Case Incident Response and organization sharing standard behavior with
623680 expect ( platformOrganization ) . not . toBeNull ( ) ;
624681 expect ( platformOrganization ?. data ?. settingsEdit . fieldPatch . platform_organization ) . toBeNull ( ) ;
625682 } ) ;
683+ // 'should Case Incident Response deleted' => OK
626684 it ( 'should Case Incident Response deleted' , async ( ) => {
627685 // Delete the case
628686 await adminQuery ( {
0 commit comments