[backend] WIP Update model: authorized members activation via entity(#4538)

Author: marieflorescontact

opencti-platform/opencti-graphql/src/modules/case/case-incident/case-incident-domain.ts

@@ -1,9 +1,9 @@
 import type { AuthContext, AuthUser } from '../../../types/user';
-import { createEntity } from '../../../database/middleware';
+import { createEntity, patchAttribute } from '../../../database/middleware';
 import type { EntityOptions } from '../../../database/middleware-loader';
 import { internalLoadById, listEntitiesPaginated, storeLoadById } from '../../../database/middleware-loader';
 import { BUS_TOPICS } from '../../../config/conf';
-import { ABSTRACT_STIX_DOMAIN_OBJECT, buildRefRelationKey } from '../../../schema/general';
+import { ABSTRACT_STIX_CORE_OBJECT, ABSTRACT_STIX_DOMAIN_OBJECT, buildRefRelationKey } from '../../../schema/general';
 import { notify } from '../../../database/redis';
 import { now } from '../../../utils/format';
 import { userAddIndividual } from '../../../domain/user';
@@ -16,7 +16,9 @@ import type { CaseIncidentAddInput, MemberAccessInput } from '../../../generated
 import { isStixId } from '../../../schema/schemaUtils';
 import { RELATION_OBJECT } from '../../../schema/stixRefRelationship';
 import { FilterMode } from '../../../generated/graphql';
-import { editAuthorizedMembers } from '../../../utils/authorizedMembers';
+import { isValidMemberAccessRight } from '../../../utils/access';
+import { containsValidAdmin } from '../../../utils/authorizedMembers';
+import { FunctionalError } from '../../../config/errors';
 
 export const findById: DomainFindById<BasicStoreEntityCaseIncident> = (context: AuthContext, user: AuthUser, caseIncidentId: string) => {
   return storeLoadById(context, user, caseIncidentId, ENTITY_TYPE_CONTAINER_CASE_INCIDENT);
@@ -61,7 +63,7 @@ export const caseIncidentContainsStixObjectOrStixRelationship = async (context:
   return caseIncidentFound.edges.length > 0;
 };
 
-/* export const caseIncidentEditAuthorizedMembers = async (
+export const caseIncidentEditAuthorizedMembers = async (
   context: AuthContext,
   user: AuthUser,
   entityId: string,
@@ -90,14 +92,14 @@ export const caseIncidentContainsStixObjectOrStixRelationship = async (context:
   const patch = { authorized_members };
   const { element } = await patchAttribute(context, user, entityId, ENTITY_TYPE_CONTAINER_CASE_INCIDENT, patch);
   return notify(BUS_TOPICS[ABSTRACT_STIX_CORE_OBJECT].EDIT_TOPIC, element, user);
-}; */
+};
 
-export const caseIncidentEditAuthorizedMembers = async (
+/* export const caseIncidentEditAuthorizedMembers = async (
   context: AuthContext,
   user: AuthUser,
   entityId: string,
   input: MemberAccessInput[] | undefined | null
 ) => {
   const requiredCapabilities = ['KNOWLEDGE_KNUPDATE_KNMANAGEAUTHMEMBERS'];
   return editAuthorizedMembers(context, user, entityId, input, requiredCapabilities, ENTITY_TYPE_CONTAINER_CASE_INCIDENT);
-};
+}; */

opencti-platform/opencti-graphql/src/utils/authorizedMembers.ts

@@ -19,10 +19,8 @@ import { findById as findOrganization } from '../modules/organization/organizati
 import { RELATION_MEMBER_OF, RELATION_PARTICIPATE_TO } from '../schema/internalRelationship';
 import { FunctionalError } from '../config/errors';
 import { patchAttribute } from '../database/middleware';
-import { ENTITY_TYPE_CONTAINER_FEEDBACK } from '../modules/case/feedback/feedback-types';
 import { notify } from '../database/redis';
 import { BUS_TOPICS } from '../config/conf';
-import { ABSTRACT_STIX_CORE_OBJECT } from '../schema/general';
 
 export const getAuthorizedMembers = async (
   context: AuthContext,
@@ -88,7 +86,7 @@ export const containsValidAdmin = async (
   return authorizedUsers.length > 0;
 };
 
-export const editAuthorizedMembers = async (
+/* export const editAuthorizedMembers = async (
   context: AuthContext,
   user: AuthUser,
   entityId: string,
@@ -120,4 +118,4 @@ export const editAuthorizedMembers = async (
   const { element } = await patchAttribute(context, user, entityId, entityType, patch);
   // TODO FIX type error
   return notify(BUS_TOPICS[entityType].EDIT_TOPIC, element, user);
-};
+}; */

opencti-platform/opencti-graphql/tests/02-integration/02-resolvers/case-incident-response-test.ts

@@ -136,18 +136,22 @@ describe('Case Incident Response resolver standard behavior', () => {
 });
 
 describe('Case Incident Response standard behavior with authorized_members activation from entity', () => {
-  let caseIncidentResponse: CaseIncident;
+  let caseIncidentResponseAuthorizedMembersFromEntity: CaseIncident;
   it('should Case Incident Response created', async () => {
     // Create Case Incident Response
-    const caseIncidentResponseQueryResult = await queryAsAdmin({
+    const caseIncidentResponseCreateQueryResult = await queryAsAdmin({
       query: CREATE_QUERY,
       variables: {
         input: {
           name: 'Case Incident Response With Authorized Members'
         }
       }
     });
-    caseIncidentResponse = caseIncidentResponseQueryResult?.data?.caseIncidentAdd;
+
+    expect(caseIncidentResponseCreateQueryResult).not.toBeNull();
+    expect(caseIncidentResponseCreateQueryResult?.data?.caseIncidentAdd.authorized_members).not.toBeUndefined();
+    expect(caseIncidentResponseCreateQueryResult?.data?.caseIncidentAdd.authorized_members).toEqual([]); // authorized members not activated
+    caseIncidentResponseAuthorizedMembersFromEntity = caseIncidentResponseCreateQueryResult?.data?.caseIncidentAdd;
 
     // Activate Authorized members
     const EDIT_AUTHORIZED_MEMBERS_QUERY = gql`
@@ -170,7 +174,7 @@ describe('Case Incident Response standard behavior with authorized_members activ
     await queryAsAdmin({
       query: EDIT_AUTHORIZED_MEMBERS_QUERY,
       variables: {
-        id: caseIncidentResponse.id,
+        id: caseIncidentResponseAuthorizedMembersFromEntity.id,
         input: [
           {
             id: ADMIN_USER.id,
@@ -179,9 +183,14 @@ describe('Case Incident Response standard behavior with authorized_members activ
         ]
       }
     });
-    expect(caseIncidentResponseQueryResult).not.toBeNull();
-    expect(caseIncidentResponseQueryResult?.data?.caseIncidentAdd.authorized_members).not.toBeUndefined();
-    expect(caseIncidentResponseQueryResult?.data?.caseIncidentAdd.authorized_members).toEqual([
+    // Verify if authorized members have been edited
+    const caseIncidentResponseUpdatedQueryResult = await queryAsAdmin({
+      query: READ_QUERY,
+      variables: { id: caseIncidentResponseAuthorizedMembersFromEntity.id }
+    });
+    expect(caseIncidentResponseUpdatedQueryResult).not.toBeNull();
+    expect(caseIncidentResponseUpdatedQueryResult?.data?.caseIncident.authorized_members).not.toBeUndefined();
+    expect(caseIncidentResponseUpdatedQueryResult?.data?.caseIncident.authorized_members).toEqual([
       {
         id: ADMIN_USER.id,
         access_right: 'admin'
@@ -192,7 +201,7 @@ describe('Case Incident Response standard behavior with authorized_members activ
     // Get current User access right
     const currentUserAccessRightQueryResult = await queryAsAdmin({
       query: READ_QUERY,
-      variables: { id: caseIncidentResponse.id },
+      variables: { id: caseIncidentResponseAuthorizedMembersFromEntity.id },
     });
 
     expect(currentUserAccessRightQueryResult).not.toBeNull();
@@ -202,17 +211,17 @@ describe('Case Incident Response standard behavior with authorized_members activ
     // Delete the case
     await queryAsAdmin({
       query: DELETE_QUERY,
-      variables: { id: caseIncidentResponse.id },
+      variables: { id: caseIncidentResponseAuthorizedMembersFromEntity.id },
     });
     // Verify is no longer found
-    const queryResult = await queryAsAdmin({ query: READ_QUERY, variables: { id: caseIncidentResponse.id } });
+    const queryResult = await queryAsAdmin({ query: READ_QUERY, variables: { id: caseIncidentResponseAuthorizedMembersFromEntity.id } });
     expect(queryResult).not.toBeNull();
     expect(queryResult?.data?.caseIncident).toBeNull();
   });
 });
 
 describe('Case Incident Response standard behavior with authorized_members activated via settings', () => {
-  let caseIncidentResponseAuthorizedMembers: CaseIncident;
+  let caseIncidentResponseAuthorizedMembersFromSettings: CaseIncident;
   it('should Case Incident Response created', async () => {
     // Activate authorized members for IR
     const ENTITY_SETTINGS_READ_QUERY_BY_TARGET_TYPE = gql`
@@ -272,7 +281,7 @@ describe('Case Incident Response standard behavior with authorized_members activ
         access_right: 'admin'
       }
     ]);
-    caseIncidentResponseAuthorizedMembers = caseIncidentResponseAuthorizedMembersData?.data?.caseIncidentAdd;
+    caseIncidentResponseAuthorizedMembersFromSettings = caseIncidentResponseAuthorizedMembersData?.data?.caseIncidentAdd;
     // Clean
     await queryAsAdmin({
       query: ENTITY_SETTINGS_UPDATE_QUERY,
@@ -283,10 +292,10 @@ describe('Case Incident Response standard behavior with authorized_members activ
     // Delete the case
     await queryAsAdmin({
       query: DELETE_QUERY,
-      variables: { id: caseIncidentResponseAuthorizedMembers.id },
+      variables: { id: caseIncidentResponseAuthorizedMembersFromSettings.id },
     });
     // Verify is no longer found
-    const queryResult = await queryAsAdmin({ query: READ_QUERY, variables: { id: caseIncidentResponseAuthorizedMembers.id } });
+    const queryResult = await queryAsAdmin({ query: READ_QUERY, variables: { id: caseIncidentResponseAuthorizedMembersFromSettings.id } });
     expect(queryResult).not.toBeNull();
     expect(queryResult?.data?.caseIncident).toBeNull();
   });