Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User can't access authors list to edit entity #5848

Closed
yassine-ouaamou opened this issue Feb 7, 2024 · 1 comment
Closed

User can't access authors list to edit entity #5848

yassine-ouaamou opened this issue Feb 7, 2024 · 1 comment
Assignees
@SarahBocognano
Labels
bug use for describing something not working as expected critical use to identify critical bug to fix ASAP solved use to identify issue that has been solved (must be linked to the solving PR)
Milestone
Release 5.12.32

Comments

@yassine-ouaamou
Copy link
Member

Description

When a user (with basic knowledge and exploration capabilities) tries to edit the author of an entity, the list is empty and the user can't choose from existing individuals/organizations. Even if they have access to them through Entities > Organizations and Entities > Individuals.
⚠️ If an author was defined for the entity, we end up removing it

Environment

Testing

Reproducible Steps

Steps to create the smallest reproducible scenario:

  1. Create a user (see Screenshots section for the capabilities to include)
  2. Log-in with this user and access an entity (an observable for example)
  3. Try to edit the author

Expected Output

Empty list (check Additional information)

Actual Output

Get a list of organizations and individuals to select from

Additional information

The answer of the graphql request to get the list is as following:

{
    "errors": [
        {
            "message": "You are not allowed to do this.",
            "name": "FORBIDDEN_ACCESS",
            "time_thrown": "2024-02-07T11:02:11.598Z",
            "data": {
                "http_status": 403,
                "genre": "TECHNICAL"
            }
        },
        {
            "message": "You are not allowed to do this.",
            "name": "FORBIDDEN_ACCESS",
            "time_thrown": "2024-02-07T11:02:11.601Z",
            "data": {
                "http_status": 403,
                "genre": "TECHNICAL"
            }
        },
        {
            "message": "You are not allowed to do this.",
            "name": "FORBIDDEN_ACCESS",
            "time_thrown": "2024-02-07T11:02:11.603Z",
            "data": {
                "http_status": 403,
                "genre": "TECHNICAL"
            }
        }
    ],
    "data": {
        "identities": {
            "edges": [
                {
                    "node": {
                        "__typename": "System",
                        "id": "38599e84-e78a-43ca-9a8d-3b2303600b7a",
                        "standard_id": "identity--0741de79-7fac-5bd8-a7e4-3e97321e6c37",
                        "identity_class": "system",
                        "name": "Tanium Threat Response",
                        "entity_type": "System"
                    }
                },
                {
                    "node": {
                        "__typename": "System",
                        "id": "7e9640ee-4ac8-4268-a873-2fe50495bb2e",
                        "standard_id": "identity--11d1200d-e00c-57cd-a095-a28848af4f7c",
                        "identity_class": "system",
                        "name": "Magento",
                        "entity_type": "System"
                    }
                },
                {
                    "node": {
                        "__typename": "System",
                        "id": "a878435d-8fda-47cc-8347-b509f543c4f1",
                        "standard_id": "identity--243415e9-851e-50bc-a2a0-e66e9f252af0",
                        "identity_class": "system",
                        "name": "VMWare ESXi",
                        "entity_type": "System"
                    }
                },
                {
                    "node": {
                        "__typename": "System",
                        "id": "85bdb105-79e8-4cfa-844e-1f2aaeaad01c",
                        "standard_id": "identity--50c828ca-7b28-50d5-b478-886b1514a028",
                        "identity_class": "system",
                        "name": "WooCommerce",
                        "entity_type": "System"
                    }
                },
                {
                    "node": {
                        "__typename": "System",
                        "id": "7186411b-7f94-4bb8-9489-289d5ed58ef5",
                        "standard_id": "identity--52708952-f773-5c56-8d4d-8d4cb95f2145",
                        "identity_class": "system",
                        "name": "SIEM perimeter A",
                        "entity_type": "System"
                    }
                },
                {
                    "node": {
                        "__typename": "System",
                        "id": "e35310bd-e622-457e-8faf-4d71e4beae07",
                        "standard_id": "identity--b66495f7-609f-520a-8ebb-41989cf2da57",
                        "identity_class": "system",
                        "name": "WS_FTP",
                        "entity_type": "System"
                    }
                },
                {
                    "node": {
                        "__typename": "System",
                        "id": "885089bf-b85d-4908-a9a8-78b25d160f52",
                        "standard_id": "identity--c2ddb3d1-848e-59e5-be13-59ce704f7fe8",
                        "identity_class": "system",
                        "name": "GitLab",
                        "entity_type": "System"
                    }
                },
                {
                    "node": {
                        "__typename": "Individual",
                        "id": "f7a5df2e-efe9-421c-a0fa-cdcdd9829ba9",
                        "standard_id": "identity--010393f3-0526-5bf1-ad7a-cf973251f23b",
                        "identity_class": "individual",
                        "name": "*******",
                        "entity_type": "Individual",
                        "isUser": null
                    }
                },
                {
                    "node": {
                        "__typename": "Individual",
                        "id": "ddee802a-9e10-4a70-ac91-6681c834b575",
                        "standard_id": "identity--016e7db8-c8cb-5407-bdb8-e49ecd5a26af",
                        "identity_class": "individual",
                        "name": "c*****t@filigran.io",
                        "entity_type": "Individual",
                        "isUser": null
                    }
                },
                {
                    "node": {
                        "__typename": "Individual",
                        "id": "647bda58-eb23-44e1-9a25-d6b2976269f1",
                        "standard_id": "identity--0305164e-e9d4-5fd0-aa54-2385b1396bf7",
                        "identity_class": "individual",
                        "name": "Changes to the vacation schedule.pdf.lnk",
                        "entity_type": "Individual",
                        "isUser": null
                    }
                }
            ]
        }
    }
}

Screenshots (optional)

image
@yassine-ouaamou yassine-ouaamou added bug use for describing something not working as expected needs triage use to identify issue needing triage from Filigran Product team labels Feb 7, 2024
@nino-filigran nino-filigran added needs more info Intel needed about the use case and removed needs triage use to identify issue needing triage from Filigran Product team labels Feb 8, 2024
@nino-filigran
Copy link

nino-filigran commented Feb 8, 2024
edited

@yassine-ouaamou I can almost reproduce the bug (I have an issue, different though).
I've created a user, tried to modify a list of author for reports, and I can see a list of authors. (user = testuser)
I can only see systems, but not individuals, even though I have individuals in my platfrorm. Additionally, I don't see the full list of systems.

@nino-filigran nino-filigran added critical use to identify critical bug to fix ASAP and removed needs more info Intel needed about the use case labels Feb 8, 2024
@SamuelHassine SamuelHassine added this to the Release 6.0.0 milestone Feb 8, 2024
@SarahBocognano SarahBocognano self-assigned this Feb 8, 2024
@SarahBocognano SarahBocognano mentioned this issue Feb 8, 2024
Merged
5 tasks
SamuelHassine pushed a commit that referenced this issue Feb 8, 2024
@SarahBocognano
[frontend] User can't access authors list to edit entity (#5848)
d13bb84
@SarahBocognano SarahBocognano added the solved use to identify issue that has been solved (must be linked to the solving PR) label Feb 8, 2024
SamuelHassine pushed a commit that referenced this issue Feb 16, 2024
@SarahBocognano @SamuelHassine
[frontend] User can't access authors list to edit entity (#5848)
d1d9194
Archidoit pushed a commit that referenced this issue Jun 6, 2024
@SarahBocognano @Archidoit
[frontend] User can't access authors list to edit entity (#5848)
7b22d1e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@SarahBocognano SarahBocognano

Labels
bug use for describing something not working as expected critical use to identify critical bug to fix ASAP solved use to identify issue that has been solved (must be linked to the solving PR)
Projects
None yet
Milestone
Release 5.12.32
Development

No branches or pull requests
4 participants
@SamuelHassine @yassine-ouaamou @SarahBocognano @nino-filigran