from django.contrib.auth.models import Permission from django.db import models from django.utils.translation import gettext_noop class Perm: # Users can_view_user_list = 'can_view_user_list' can_view_user = 'can_view_user' can_edit_user = 'can_edit_user' can_delete_user = 'can_delete_user' can_add_user = 'can_add_user' # Groups can_add_group = 'can_add_group' # Dashboard can_add_widgets = 'can_add_widgets' # Incidents can_view_incidents_list = 'can_view_incidents_list' can_view_incidents = 'can_view_incidents' can_assign_incidents = 'can_assign_incidents' can_work_with_incidents = 'can_work_with_incidents' can_change_closed_incidents = 'can_change_closed_incidents' can_view_sys_info = 'can_view_sys_info' can_view_network = 'can_view_network' can_export_incidents_list = 'can_export_incidents_list' # Events can_view_events_list = 'can_view_events_list' can_view_events = 'can_view_events' can_export_events = 'can_export_events' # Assets can_view_assets_list = 'can_view_assets_list' can_view_asset = 'can_view_asset' can_edit_assets_catalogs = 'can_edit_assets_catalogs' can_edit_asset = 'can_edit_asset' can_add_asset = 'can_add_asset' can_delete_asset = 'can_delete_asset' can_view_vulnerabilities = 'can_view_vulnerabilities' can_export_assets = 'can_export_assets' # Sensors can_view_sensors_list = 'can_view_sensors_list' can_view_sensors = 'can_view_sensors' can_add_sensors = 'can_add_sensors' can_edit_sensor = 'can_edit_sensor' can_delete_sensors = 'can_delete_sensors' can_control_sensors = 'can_control_sensors' # Journals can_change_rotation_settings = 'can_change_rotation_settings' can_download_rotation_files = 'can_download_rotation_files' # Logstash can_view_input_list = 'can_view_input_list' can_add_input = 'can_add_input' can_edit_input = 'can_edit_input' can_delete_input = 'can_delete_input' can_view_correlation_rules_list = 'can_view_correlation_rules_list' can_view_correlation_rule_card = 'can_view_correlation_rule_card' can_create_and_edit_correlation_rule = 'can_create_and_edit_correlation_rule' can_delete_correlation_rules = 'can_delete_correlation_rules' can_edit_correlation_groups = 'can_edit_correlation_groups' # Endpoint can_view_endpoints_list = 'can_view_endpoints_list' can_add_endpoint = 'can_add_endpoint' can_delete_endpoint = 'can_delete_endpoint' can_edit_endpoint = 'can_edit_endpoint' can_download_endpoint_config = 'can_download_endpoint_config' # Store can_view_storage = 'can_view_storage' # Settings can_view_system_settings = 'can_view_system_settings' can_change_system_settings = 'can_change_system_settings' # NCIRCC can_view_company_card = 'can_view_company_card' can_edit_company_card = 'can_edit_company_card' can_view_message_list = 'can_view_message_list' can_view_message_card = 'can_view_message_card' can_edit_message_card = 'can_edit_message_card' @staticmethod def get_rights(right): """ Method for getting valid permission from the string :param right: permission string from class attribute :return: valid console permission """ return Permission.objects.get(content_type__app_label='perms', codename=right) @staticmethod def perm_req(right): return f'perms.{right}' class ConsolePermissions(models.Model): class Meta: permissions = [ (Perm.can_view_user_list, gettext_noop('Can view users list')), (Perm.can_view_user, gettext_noop('Can view user')), (Perm.can_edit_user, gettext_noop('Can edit user')), (Perm.can_delete_user, gettext_noop('Can delete user')), (Perm.can_add_user, gettext_noop('Can add user')), (Perm.can_add_group, gettext_noop('Can add group')), (Perm.can_add_widgets, gettext_noop('Can add widgets')), (Perm.can_view_incidents_list, gettext_noop('Can view incident list')), (Perm.can_view_incidents, gettext_noop('Can view incidents')), (Perm.can_assign_incidents, gettext_noop('Can assign incidents')), (Perm.can_work_with_incidents, gettext_noop('Can work with incidents')), (Perm.can_change_closed_incidents, gettext_noop('Can change resolved incidents')), (Perm.can_view_sys_info, gettext_noop('Can view system information')), (Perm.can_view_network, gettext_noop('Can view network')), (Perm.can_export_incidents_list, gettext_noop('Can export incident list')), (Perm.can_view_events_list, gettext_noop('Can view events list')), (Perm.can_view_events, gettext_noop('Can view events')), (Perm.can_export_events, gettext_noop('Can export events')), (Perm.can_view_assets_list, gettext_noop('Can view list actives')), (Perm.can_view_asset, gettext_noop('Can view actives')), (Perm.can_edit_assets_catalogs, gettext_noop('Can edit actives groups')), (Perm.can_edit_asset, gettext_noop('Can edit active')), (Perm.can_add_asset, gettext_noop('Can add active')), (Perm.can_delete_asset, gettext_noop('Can delete active')), (Perm.can_view_vulnerabilities, gettext_noop('Can view vulnerabilities')), (Perm.can_export_assets, gettext_noop('Can export actives')), (Perm.can_view_sensors_list, gettext_noop('Can view sensors list')), (Perm.can_view_sensors, gettext_noop('Can view sensor')), (Perm.can_add_sensors, gettext_noop('Can add sensors')), (Perm.can_edit_sensor, gettext_noop('Can edit sensor')), (Perm.can_control_sensors, gettext_noop('Can control sensors')), (Perm.can_delete_sensors, gettext_noop('Can delete sensors')), (Perm.can_change_rotation_settings, gettext_noop('Can change rotation settings')), (Perm.can_download_rotation_files, gettext_noop('Can download rotation files')), (Perm.can_view_input_list, gettext_noop('Can view input list')), (Perm.can_add_input, gettext_noop('Can add input')), (Perm.can_edit_input, gettext_noop('Can edit input')), (Perm.can_delete_input, gettext_noop('Can delete input')), (Perm.can_view_correlation_rules_list, gettext_noop('Can view correlation rules list')), (Perm.can_view_correlation_rule_card, gettext_noop('Can view the correlation rule card')), (Perm.can_create_and_edit_correlation_rule, gettext_noop('Can create and edit correlation rules')), (Perm.can_delete_correlation_rules, gettext_noop('Can delete correlation rules')), (Perm.can_edit_correlation_groups, gettext_noop('Can edit correlation groups')), (Perm.can_view_endpoints_list, gettext_noop('Can view list of endpoints')), (Perm.can_add_endpoint, gettext_noop('Can add endpoint')), (Perm.can_delete_endpoint, gettext_noop('Can delete endpoint')), (Perm.can_edit_endpoint, gettext_noop('Can edit endpoint')), (Perm.can_download_endpoint_config, gettext_noop('Can download endpoint config')), (Perm.can_view_storage, gettext_noop('Can view store')), (Perm.can_view_system_settings, gettext_noop('Can view system settings')), (Perm.can_change_system_settings, gettext_noop('Can change system settings')), (Perm.can_view_company_card, gettext_noop('Can view company card')), (Perm.can_edit_company_card, gettext_noop('Can edit company card')), (Perm.can_view_message_list, gettext_noop('Can view message list')), (Perm.can_view_message_card, gettext_noop('Can_view message card')), (Perm.can_edit_message_card, gettext_noop('Can edit message card')), ] default_permissions = () permissions_together_map = { # user perms includes Perm.can_view_user: {Perm.can_view_user_list}, Perm.can_edit_user: {Perm.can_view_user, Perm.can_view_user_list}, Perm.can_delete_user: {Perm.can_view_user_list}, Perm.can_add_user: {Perm.can_view_user, Perm.can_view_user_list, Perm.can_edit_user}, # incident Perm.can_view_incidents: {Perm.can_view_incidents_list}, Perm.can_assign_incidents: {Perm.can_view_incidents, Perm.can_view_incidents_list}, Perm.can_work_with_incidents: {Perm.can_view_incidents, Perm.can_view_incidents_list}, Perm.can_change_closed_incidents: {Perm.can_view_incidents, Perm.can_view_incidents_list}, Perm.can_export_incidents_list: {Perm.can_view_incidents_list, Perm.can_view_storage}, # Events Perm.can_view_events: {Perm.can_view_events_list}, Perm.can_export_events: {Perm.can_view_events_list}, # Assets Perm.can_view_asset: {Perm.can_view_assets_list}, Perm.can_edit_asset: {Perm.can_view_asset, Perm.can_view_assets_list}, Perm.can_add_asset: {Perm.can_edit_asset, Perm.can_view_asset, Perm.can_view_assets_list}, Perm.can_delete_asset: {Perm.can_view_asset, Perm.can_view_assets_list}, Perm.can_export_assets: {Perm.can_view_assets_list, Perm.can_view_storage, Perm.can_view_input_list}, Perm.can_edit_assets_catalogs: {Perm.can_view_assets_list}, # Endpoint Perm.can_edit_endpoint: {Perm.can_view_endpoints_list}, Perm.can_add_endpoint: {Perm.can_edit_endpoint, Perm.can_view_endpoints_list, Perm.can_view_storage}, Perm.can_delete_endpoint: {Perm.can_view_endpoints_list}, Perm.can_download_endpoint_config: {Perm.can_view_endpoints_list}, # correlation Perm.can_view_correlation_rule_card: {Perm.can_view_correlation_rules_list}, Perm.can_create_and_edit_correlation_rule: {Perm.can_view_correlation_rules_list, Perm.can_view_correlation_rule_card}, Perm.can_delete_correlation_rules: {Perm.can_view_correlation_rules_list}, Perm.can_edit_correlation_groups: {Perm.can_view_correlation_rules_list}, # input Perm.can_edit_input: {Perm.can_view_input_list}, Perm.can_add_input: {Perm.can_edit_input, Perm.can_view_input_list}, Perm.can_delete_input: {Perm.can_view_input_list}, # sys settings Perm.can_change_system_settings: {Perm.can_view_system_settings}, # sensor Perm.can_view_sensors: {Perm.can_view_sensors_list}, Perm.can_edit_sensor: {Perm.can_view_sensors, Perm.can_view_sensors_list}, Perm.can_add_sensors: {Perm.can_edit_sensor, Perm.can_view_sensors, Perm.can_view_sensors_list}, Perm.can_delete_sensors: {Perm.can_view_sensors, Perm.can_view_sensors_list}, Perm.can_control_sensors: {Perm.can_view_sensors, Perm.can_view_sensors_list}, # journals Perm.can_download_rotation_files: {Perm.can_view_storage}, #NCIRCC Perm.can_edit_company_card: {Perm.can_view_company_card}, Perm.can_view_message_card: {Perm.can_view_incidents, Perm.can_view_incidents_list, Perm.can_view_message_list}, Perm.can_edit_message_card: {Perm.can_view_incidents, Perm.can_view_incidents_list, Perm.can_view_message_card, Perm.can_view_message_list}, }