241 lines
11 KiB
Python
241 lines
11 KiB
Python
from django.contrib.auth.models import Permission
|
|
from django.db import models
|
|
from django.utils.translation import gettext_noop
|
|
|
|
|
|
class Perm:
|
|
# Users
|
|
can_view_user_list = 'can_view_user_list'
|
|
can_view_user = 'can_view_user'
|
|
can_edit_user = 'can_edit_user'
|
|
can_delete_user = 'can_delete_user'
|
|
can_add_user = 'can_add_user'
|
|
|
|
# Groups
|
|
can_add_group = 'can_add_group'
|
|
|
|
# Dashboard
|
|
can_add_widgets = 'can_add_widgets'
|
|
|
|
# Incidents
|
|
can_view_incidents_list = 'can_view_incidents_list'
|
|
can_view_incidents = 'can_view_incidents'
|
|
can_assign_incidents = 'can_assign_incidents'
|
|
can_work_with_incidents = 'can_work_with_incidents'
|
|
can_change_closed_incidents = 'can_change_closed_incidents'
|
|
can_view_sys_info = 'can_view_sys_info'
|
|
can_view_network = 'can_view_network'
|
|
can_export_incidents_list = 'can_export_incidents_list'
|
|
|
|
# Events
|
|
can_view_events_list = 'can_view_events_list'
|
|
can_view_events = 'can_view_events'
|
|
can_export_events = 'can_export_events'
|
|
|
|
# Assets
|
|
can_view_assets_list = 'can_view_assets_list'
|
|
can_view_asset = 'can_view_asset'
|
|
can_edit_assets_catalogs = 'can_edit_assets_catalogs'
|
|
can_edit_asset = 'can_edit_asset'
|
|
can_add_asset = 'can_add_asset'
|
|
can_delete_asset = 'can_delete_asset'
|
|
can_view_vulnerabilities = 'can_view_vulnerabilities'
|
|
can_export_assets = 'can_export_assets'
|
|
|
|
# Sensors
|
|
can_view_sensors_list = 'can_view_sensors_list'
|
|
can_view_sensors = 'can_view_sensors'
|
|
can_add_sensors = 'can_add_sensors'
|
|
can_edit_sensor = 'can_edit_sensor'
|
|
can_delete_sensors = 'can_delete_sensors'
|
|
can_control_sensors = 'can_control_sensors'
|
|
|
|
# Journals
|
|
can_change_rotation_settings = 'can_change_rotation_settings'
|
|
can_download_rotation_files = 'can_download_rotation_files'
|
|
|
|
# Logstash
|
|
can_view_input_list = 'can_view_input_list'
|
|
can_add_input = 'can_add_input'
|
|
can_edit_input = 'can_edit_input'
|
|
can_delete_input = 'can_delete_input'
|
|
can_view_correlation_rules_list = 'can_view_correlation_rules_list'
|
|
can_view_correlation_rule_card = 'can_view_correlation_rule_card'
|
|
can_create_and_edit_correlation_rule = 'can_create_and_edit_correlation_rule'
|
|
can_delete_correlation_rules = 'can_delete_correlation_rules'
|
|
can_edit_correlation_groups = 'can_edit_correlation_groups'
|
|
|
|
# Endpoint
|
|
can_view_endpoints_list = 'can_view_endpoints_list'
|
|
can_add_endpoint = 'can_add_endpoint'
|
|
can_delete_endpoint = 'can_delete_endpoint'
|
|
can_edit_endpoint = 'can_edit_endpoint'
|
|
can_download_endpoint_config = 'can_download_endpoint_config'
|
|
|
|
# Store
|
|
can_view_storage = 'can_view_storage'
|
|
|
|
# Settings
|
|
can_view_system_settings = 'can_view_system_settings'
|
|
can_change_system_settings = 'can_change_system_settings'
|
|
|
|
# NCIRCC
|
|
can_view_company_card = 'can_view_company_card'
|
|
can_edit_company_card = 'can_edit_company_card'
|
|
can_view_message_list = 'can_view_message_list'
|
|
can_view_message_card = 'can_view_message_card'
|
|
can_edit_message_card = 'can_edit_message_card'
|
|
|
|
@staticmethod
|
|
def get_rights(right):
|
|
""" Method for getting valid permission from the string
|
|
:param right: permission string from class attribute
|
|
:return: valid console permission
|
|
"""
|
|
return Permission.objects.get(content_type__app_label='perms', codename=right)
|
|
|
|
@staticmethod
|
|
def perm_req(right):
|
|
return f'perms.{right}'
|
|
|
|
|
|
class ConsolePermissions(models.Model):
|
|
class Meta:
|
|
permissions = [
|
|
(Perm.can_view_user_list, gettext_noop('Can view users list')),
|
|
(Perm.can_view_user, gettext_noop('Can view user')),
|
|
(Perm.can_edit_user, gettext_noop('Can edit user')),
|
|
(Perm.can_delete_user, gettext_noop('Can delete user')),
|
|
(Perm.can_add_user, gettext_noop('Can add user')),
|
|
|
|
(Perm.can_add_group, gettext_noop('Can add group')),
|
|
|
|
(Perm.can_add_widgets, gettext_noop('Can add widgets')),
|
|
|
|
(Perm.can_view_incidents_list, gettext_noop('Can view incident list')),
|
|
(Perm.can_view_incidents, gettext_noop('Can view incidents')),
|
|
(Perm.can_assign_incidents, gettext_noop('Can assign incidents')),
|
|
(Perm.can_work_with_incidents, gettext_noop('Can work with incidents')),
|
|
(Perm.can_change_closed_incidents, gettext_noop('Can change resolved incidents')),
|
|
(Perm.can_view_sys_info, gettext_noop('Can view system information')),
|
|
(Perm.can_view_network, gettext_noop('Can view network')),
|
|
(Perm.can_export_incidents_list, gettext_noop('Can export incident list')),
|
|
|
|
(Perm.can_view_events_list, gettext_noop('Can view events list')),
|
|
(Perm.can_view_events, gettext_noop('Can view events')),
|
|
(Perm.can_export_events, gettext_noop('Can export events')),
|
|
|
|
(Perm.can_view_assets_list, gettext_noop('Can view list actives')),
|
|
(Perm.can_view_asset, gettext_noop('Can view actives')),
|
|
(Perm.can_edit_assets_catalogs, gettext_noop('Can edit actives groups')),
|
|
(Perm.can_edit_asset, gettext_noop('Can edit active')),
|
|
(Perm.can_add_asset, gettext_noop('Can add active')),
|
|
(Perm.can_delete_asset, gettext_noop('Can delete active')),
|
|
(Perm.can_view_vulnerabilities, gettext_noop('Can view vulnerabilities')),
|
|
(Perm.can_export_assets, gettext_noop('Can export actives')),
|
|
|
|
(Perm.can_view_sensors_list, gettext_noop('Can view sensors list')),
|
|
(Perm.can_view_sensors, gettext_noop('Can view sensor')),
|
|
(Perm.can_add_sensors, gettext_noop('Can add sensors')),
|
|
(Perm.can_edit_sensor, gettext_noop('Can edit sensor')),
|
|
(Perm.can_control_sensors, gettext_noop('Can control sensors')),
|
|
(Perm.can_delete_sensors, gettext_noop('Can delete sensors')),
|
|
|
|
(Perm.can_change_rotation_settings, gettext_noop('Can change rotation settings')),
|
|
(Perm.can_download_rotation_files, gettext_noop('Can download rotation files')),
|
|
|
|
(Perm.can_view_input_list, gettext_noop('Can view input list')),
|
|
(Perm.can_add_input, gettext_noop('Can add input')),
|
|
(Perm.can_edit_input, gettext_noop('Can edit input')),
|
|
(Perm.can_delete_input, gettext_noop('Can delete input')),
|
|
(Perm.can_view_correlation_rules_list, gettext_noop('Can view correlation rules list')),
|
|
(Perm.can_view_correlation_rule_card, gettext_noop('Can view the correlation rule card')),
|
|
(Perm.can_create_and_edit_correlation_rule, gettext_noop('Can create and edit correlation rules')),
|
|
(Perm.can_delete_correlation_rules, gettext_noop('Can delete correlation rules')),
|
|
(Perm.can_edit_correlation_groups, gettext_noop('Can edit correlation groups')),
|
|
|
|
(Perm.can_view_endpoints_list, gettext_noop('Can view list of endpoints')),
|
|
(Perm.can_add_endpoint, gettext_noop('Can add endpoint')),
|
|
(Perm.can_delete_endpoint, gettext_noop('Can delete endpoint')),
|
|
(Perm.can_edit_endpoint, gettext_noop('Can edit endpoint')),
|
|
(Perm.can_download_endpoint_config, gettext_noop('Can download endpoint config')),
|
|
|
|
(Perm.can_view_storage, gettext_noop('Can view store')),
|
|
|
|
(Perm.can_view_system_settings, gettext_noop('Can view system settings')),
|
|
(Perm.can_change_system_settings, gettext_noop('Can change system settings')),
|
|
|
|
(Perm.can_view_company_card, gettext_noop('Can view company card')),
|
|
(Perm.can_edit_company_card, gettext_noop('Can edit company card')),
|
|
(Perm.can_view_message_list, gettext_noop('Can view message list')),
|
|
(Perm.can_view_message_card, gettext_noop('Can_view message card')),
|
|
(Perm.can_edit_message_card, gettext_noop('Can edit message card')),
|
|
|
|
]
|
|
default_permissions = ()
|
|
|
|
|
|
permissions_together_map = {
|
|
|
|
# user perms includes
|
|
Perm.can_view_user: {Perm.can_view_user_list},
|
|
Perm.can_edit_user: {Perm.can_view_user, Perm.can_view_user_list},
|
|
Perm.can_delete_user: {Perm.can_view_user_list},
|
|
Perm.can_add_user: {Perm.can_view_user, Perm.can_view_user_list, Perm.can_edit_user},
|
|
|
|
# incident
|
|
Perm.can_view_incidents: {Perm.can_view_incidents_list},
|
|
Perm.can_assign_incidents: {Perm.can_view_incidents, Perm.can_view_incidents_list},
|
|
Perm.can_work_with_incidents: {Perm.can_view_incidents, Perm.can_view_incidents_list},
|
|
Perm.can_change_closed_incidents: {Perm.can_view_incidents, Perm.can_view_incidents_list},
|
|
Perm.can_export_incidents_list: {Perm.can_view_incidents_list, Perm.can_view_storage},
|
|
|
|
# Events
|
|
Perm.can_view_events: {Perm.can_view_events_list},
|
|
Perm.can_export_events: {Perm.can_view_events_list},
|
|
|
|
# Assets
|
|
Perm.can_view_asset: {Perm.can_view_assets_list},
|
|
Perm.can_edit_asset: {Perm.can_view_asset, Perm.can_view_assets_list},
|
|
Perm.can_add_asset: {Perm.can_edit_asset, Perm.can_view_asset, Perm.can_view_assets_list},
|
|
Perm.can_delete_asset: {Perm.can_view_asset, Perm.can_view_assets_list},
|
|
Perm.can_export_assets: {Perm.can_view_assets_list, Perm.can_view_storage, Perm.can_view_input_list},
|
|
Perm.can_edit_assets_catalogs: {Perm.can_view_assets_list},
|
|
|
|
# Endpoint
|
|
Perm.can_edit_endpoint: {Perm.can_view_endpoints_list},
|
|
Perm.can_add_endpoint: {Perm.can_edit_endpoint, Perm.can_view_endpoints_list, Perm.can_view_storage},
|
|
Perm.can_delete_endpoint: {Perm.can_view_endpoints_list},
|
|
Perm.can_download_endpoint_config: {Perm.can_view_endpoints_list},
|
|
|
|
# correlation
|
|
Perm.can_view_correlation_rule_card: {Perm.can_view_correlation_rules_list},
|
|
Perm.can_create_and_edit_correlation_rule: {Perm.can_view_correlation_rules_list,
|
|
Perm.can_view_correlation_rule_card},
|
|
Perm.can_delete_correlation_rules: {Perm.can_view_correlation_rules_list},
|
|
Perm.can_edit_correlation_groups: {Perm.can_view_correlation_rules_list},
|
|
|
|
# input
|
|
Perm.can_edit_input: {Perm.can_view_input_list},
|
|
Perm.can_add_input: {Perm.can_edit_input, Perm.can_view_input_list},
|
|
Perm.can_delete_input: {Perm.can_view_input_list},
|
|
|
|
# sys settings
|
|
Perm.can_change_system_settings: {Perm.can_view_system_settings},
|
|
|
|
# sensor
|
|
Perm.can_view_sensors: {Perm.can_view_sensors_list},
|
|
Perm.can_edit_sensor: {Perm.can_view_sensors, Perm.can_view_sensors_list},
|
|
Perm.can_add_sensors: {Perm.can_edit_sensor, Perm.can_view_sensors, Perm.can_view_sensors_list},
|
|
Perm.can_delete_sensors: {Perm.can_view_sensors, Perm.can_view_sensors_list},
|
|
Perm.can_control_sensors: {Perm.can_view_sensors, Perm.can_view_sensors_list},
|
|
|
|
# journals
|
|
Perm.can_download_rotation_files: {Perm.can_view_storage},
|
|
|
|
#NCIRCC
|
|
Perm.can_edit_company_card: {Perm.can_view_company_card},
|
|
Perm.can_view_message_card: {Perm.can_view_incidents, Perm.can_view_incidents_list, Perm.can_view_message_list},
|
|
Perm.can_edit_message_card: {Perm.can_view_incidents, Perm.can_view_incidents_list, Perm.can_view_message_card,
|
|
Perm.can_view_message_list},
|
|
}
|