From a49bc5d19e4b288403876faf2137fb2c7a4ef9da Mon Sep 17 00:00:00 2001 From: Petr Erastov Date: Fri, 1 Mar 2024 15:03:29 +0300 Subject: [PATCH] Change user roles --- HISTORY.md | 11 ++ cybsi/api/user/api.py | 2 +- cybsi/api/user/enums.py | 128 ++++++++---------- .../authentication/user_api_key_generation.py | 2 +- 4 files changed, 69 insertions(+), 74 deletions(-) diff --git a/HISTORY.md b/HISTORY.md index 55ac12c..28ac857 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,6 +1,10 @@ Release History =============== +2.12.0a7 (2024-03-01) +--------------------- +- Change user roles + 2.12.0a6 (2024-02-02) --------------------- - Mention changes in 2.11.1 @@ -25,6 +29,13 @@ Release History --------------------- - Add Platforms attribute +2.11.2 (26.02.2024) +------------------- +- Add Dictionaries to ResourceNames +- Add DictionaryReader and DictionaryRegistrant roles. +- Remove privileges Feeds, FeedsData and SearchFilters from roles FeedAdministrator и FeedDataReader +- Remove privilege SearchFilters from role Searcher + 2.11.1 (2024-02-02) ------------------- - Export PotentialDamage and RIR attributes diff --git a/cybsi/api/user/api.py b/cybsi/api/user/api.py index 3835a2e..ab8f469 100644 --- a/cybsi/api/user/api.py +++ b/cybsi/api/user/api.py @@ -309,7 +309,7 @@ class UserForm(JsonObjectForm): >>> userForm = UserForm( >>> login="user_test", >>> access_level=ShareLevels.Green, - >>> roles=[RoleName.EntityReader], + >>> roles=[RoleName.SystemAdministrator], >>> password="string", >>> full_name="Test Tester", >>> email="test@pt.com", diff --git a/cybsi/api/user/enums.py b/cybsi/api/user/enums.py index f3a6688..745c0c6 100644 --- a/cybsi/api/user/enums.py +++ b/cybsi/api/user/enums.py @@ -12,83 +12,61 @@ class RoleName(CybsiAPIEnum): See :class:`ResourceName`. """ - Administrator = "Administrator" + SystemAdministrator = "SystemAdministrator" """ - Administrator's role permissions: - [DataSources:rw,EnrichmentConfig:r,Users:r] - """ - ConfigReader = "ConfigReader" - """ - ConfigReader's role permissions: - [DataSources:r, EnrichmentConfig:r] - """ - FeedAdministrator = "FeedAdministrator" - """ - FeedAdministrator's role permissions: - [DataSources:r, Feeds:rw, FeedsData:r, Observable:r, - ReputationLists:rw, ReputationListsContent:r, Search:r, - SearchFilters:rw, StoredQuery:rw, Users:r] - """ - FeedDataReader = "FeedDataReader" - """ - FeedDataReader's role permissions: - [DataSources:r, Feeds:r, FeedsData:r, ReputationLists:r, - ReputationListsContent:r, SearchFilters:r, StoredQuery:r, Users:r] - """ - EnrichmentRunner = "EnrichmentRunner" - """ - EnrichmentRunner's role permissions: - [DataSources:r, EnrichmentTasks:rw] - """ - EnrichmentTaskReader = "EnrichmentTaskReader" - """ - EnrichmentTaskReader's role permissions: - [DataSources:r, EnrichmentTasks:r] - """ - ReportRegistrant = "ReportRegistrant" - """ - ReportRegistrant's role permissions: - [Observations:w, Reports:w] - """ - ReportReader = "ReportReader" - """ - ReportReader's role permissions: - [DataSources:r, Observations:r, RawReports:r, Reports:r] - """ - EntityRegistrant = "EntityRegistrant" - """ - EntityRegistrant's role permissions: - [Observable:w] - """ - EntityReader = "EntityReader" - """ - EntityReader's role permissions: - [DataSources:r, Observable:r] + .. versionadded:: 2.12 + + System administrator's role permissions: + [DataSources:r,Users:rw,APIKeys:rw,License:w] """ - ArtifactReader = "ArtifactReader" + DataEngineer = "DataEngineer" """ - ArtifactReader's role permissions: - [Artifacts:r, DataSources:r] + .. versionadded:: 2.12 + + Data engineer's role permissions: + [StoredQuery:rw,Observable:r,EntityView:r,Artifacts:r, + ArtifactsContent:r,ReputationLists:rw,ReputationListsContent:r, + EnrichmentConfig:rw,DataSources:rw,Users:rw,APIKeys:rw, + Dictionaries:rw] """ - ArtifactRegistrant = "ArtifactRegistrant" + SOCAnalyst = "SOCAnalyst" """ - ArtifactRegistrant's role permissions: - [Artifacts:w] + .. versionadded:: 2.12 + + SOC analyst's role permissions: + [StoredQuery:rw,Observable:rw,EntityView:r,Artifacts:rw, + ArtifactsContent:r,Reports:rw,Observations:rw,RawReports:r + EnrichmentTasks:rw,ReputationLists:rw,ReputationListsContent:r, + EnrichmentConfig:r,DataSources:r,Users:r,Dictionaries:rw] """ - ArtifactContentReader = "ArtifactContentReader" + CTIAnalyst = "CTIAnalyst" """ - ArtifactContentReader's role permissions: - [Artifacts:r, ArtifactsContent:r] + .. versionadded:: 2.12 + + CTI analyst's role permissions: + [StoredQuery:r,Observable:rw,EntityView:r,Artifacts:rw, + ArtifactsContent:r,Reports:rw,Observations:rw,RawReports:r + EnrichmentTasks:rw,ReputationLists:r,ReputationListsContent:r, + EnrichmentConfig:r,DataSources:r,Users:r,Dictionaries:rw] """ - Searcher = "Searcher" + CyberSecuritySpecialist = "CyberSecuritySpecialist" """ - Searcher's role permissions: - [DataSources:r, Observable:r, Search:r, SearchFilters:rw] + .. versionadded:: 2.12 + + Cyber security specialist's role permissions: + [StoredQuery:r,Observable:r,EntityView:r,Artifacts:r, + Reports:r,Observations:r,RawReports:r,EnrichmentTasks:rw, + ReputationLists:r,ReputationListsContent:r, + EnrichmentConfig:r,DataSources:r,Users:r,Dictionaries:rw] """ - UserAdministrator = "UserAdministrator" + Guest = "Guest" """ - UserAdministrator's role permissions: - [APIKeys:rw, Users:rw] + .. versionadded:: 2.12 + + Guest's role permissions: + [Observable:r,Artifacts:r,Reports:r,Observations:r, + RawReports:r,EnrichmentTasks:r,EnrichmentConfig:r, + DataSources:r,Dictionaries:r] """ @@ -107,14 +85,16 @@ class ResourceName(CybsiAPIEnum): """Sample contents. Permission can be only with reading action.""" DataSources = "DataSources" """Data sources.""" + Dictionaries = "Dictionaries" + """ + .. versionadded:: 2.11.2 + + Dictionaries + """ EnrichmentConfig = "EnrichmentConfig" """Enrichment configs.""" EnrichmentTasks = "EnrichmentTasks" """Enrichment tasks.""" - Feeds = "Feeds" - """Feeds.""" - FeedsData = "FeedsData" - """Feed contents. Permission can be only with reading action.""" Observable = "Observable" """Observable entities.""" Observations = "Observations" @@ -128,8 +108,6 @@ class ResourceName(CybsiAPIEnum): """Reports.""" Search = "Search" """Search. Permission can be only with reading action.""" - SearchFilters = "SearchFilters" - """Search filters.""" Users = "Users" """Users.""" APIKeys = "APIKeys" @@ -140,3 +118,9 @@ class ResourceName(CybsiAPIEnum): """Reputation list contents. Permission can be only with reading action.""" StoredQuery = "StoredQuery" """Stored queries.""" + License = "License" + """ + .. versionadded:: 2.12 + + Licenses. + """ diff --git a/examples/authentication/user_api_key_generation.py b/examples/authentication/user_api_key_generation.py index 43b0a05..37fceae 100644 --- a/examples/authentication/user_api_key_generation.py +++ b/examples/authentication/user_api_key_generation.py @@ -23,7 +23,7 @@ userForm = UserForm( login="user_test", access_level=ShareLevels.Green, - roles=[RoleName.EntityReader], + roles=[RoleName.SystemAdministrator], password="string", full_name="Test Tester", email="test@pt.com",