empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 08:55:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
71dbb71df4
fleet/server/service/team_schedule.go
Lucas Manuel Rodriguez da171d3b8d
Merge pull request from GHSA-pr2g-j78h-84cr 
* Fix access control issues with users

* Fix access control issues with packs

* Fix access control issues with software

* Changes suggested by Martin

* All users can access the global schedule

* Restrict access to activities

* Add explicit test for team admin escalation vuln

* All global users should be able to read all software

* Handbook editor pass - Security - GitHub Security (#5108)

* Update security.md

All edits are recorded by line:

395 replaced “open-source” with “open source”
411 replaced “open-source” with “open source”
439 added “the” before “comment”; replaced “repositories,” with “repositories”
445 deleted “being” before “located”
458 added “and” after “PR”
489 replaced “on” with “in”
493 replaced “open-source” with “open source”; Replaced “privileges,” with “privileges”

* Update security.md

line 479

* Update security.md

added (static analysis tools used to identify problems in code) to line 479

* Fix UI

* Fix UI

* revert api v1 to latest in documentation (#5149)

* revert api v1 to latest in documentation

* Update fleetctl doc page

Co-authored-by: Noah Talerman <noahtal@umich.edu>

* Add team admin team policy automation; fix e2e

* Update to company page of the handbook (#5164)

Updated "Why do we use a wireframe-first approach?" section of company.md

* removed extra data on smaller screens (#5154)

* Update for team automations; e2e

* Jira Integration: Cypress e2e tests only (#5055)

* Update company.md (#5170)

This is to update the formatting under "empathy" and to fix the spelling of "help text."
This was done as per @mikermcneil .
This is related to #https://github.com/fleetdm/fleet/pull/4941 and https://github.com/fleetdm/fleet/issues/4902

* fix update updated_at for aggregated_stats (#5112)

Update the updated_at column when using ON DUPLICATE UPDATE so that
the counts_updated_at is up to date

* basic sql formatting in code ie whitespace around operators

* Fix e2e test

* Fix tests in server/authz

Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
Co-authored-by: Desmi-Dizney <99777687+Desmi-Dizney@users.noreply.github.com>
Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com>
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Martavis Parker <47053705+martavis@users.noreply.github.com>
Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>
2022-04-18 10:27:30 -07:00

196 lines
5.8 KiB
Go
Raw Blame History

package service
import (
"context"
"fmt"
"github.com/fleetdm/fleet/v4/server/fleet"
"github.com/fleetdm/fleet/v4/server/ptr"
"gopkg.in/guregu/null.v3"
)
type getTeamScheduleRequest struct {
TeamID uint `url:"team_id"`
ListOptions fleet.ListOptions `url:"list_options"`
}
type getTeamScheduleResponse struct {
Scheduled []scheduledQueryResponse `json:"scheduled"`
Err error `json:"error,omitempty"`
}
func (r getTeamScheduleResponse) error() error { return r.Err }
func getTeamScheduleEndpoint(ctx context.Context, request interface{}, svc fleet.Service) (interface{}, error) {
req := request.(*getTeamScheduleRequest)
resp := getTeamScheduleResponse{Scheduled: []scheduledQueryResponse{}}
queries, err := svc.GetTeamScheduledQueries(ctx, req.TeamID, req.ListOptions)
if err != nil {
return getTeamScheduleResponse{Err: err}, nil
}
for _, q := range queries {
resp.Scheduled = append(resp.Scheduled, scheduledQueryResponse{
ScheduledQuery: *q,
})
}
return resp, nil
}
func (svc Service) GetTeamScheduledQueries(ctx context.Context, teamID uint, opts fleet.ListOptions) ([]*fleet.ScheduledQuery, error) {
if err := svc.authz.Authorize(ctx, &fleet.Pack{
Type: ptr.String(fmt.Sprintf("team-%d", teamID)),
}, fleet.ActionRead); err != nil {
return nil, err
}
gp, err := svc.ds.EnsureTeamPack(ctx, teamID)
if err != nil {
return nil, err
}
return svc.ds.ListScheduledQueriesInPackWithStats(ctx, gp.ID, opts)
}
/////////////////////////////////////////////////////////////////////////////////
// Add
/////////////////////////////////////////////////////////////////////////////////
type teamScheduleQueryRequest struct {
TeamID uint `url:"team_id"`
fleet.ScheduledQueryPayload
}
type teamScheduleQueryResponse struct {
Scheduled *fleet.ScheduledQuery `json:"scheduled,omitempty"`
Err error `json:"error,omitempty"`
}
func (r teamScheduleQueryResponse) error() error { return r.Err }
func uintValueOrZero(v *uint) uint {
if v == nil {
return 0
}
return *v
}
func nullIntToPtrUint(v *null.Int) *uint {
if v == nil {
return nil
}
return ptr.Uint(uint(v.ValueOrZero()))
}
func teamScheduleQueryEndpoint(ctx context.Context, request interface{}, svc fleet.Service) (interface{}, error) {
req := request.(*teamScheduleQueryRequest)
resp, err := svc.TeamScheduleQuery(ctx, req.TeamID, &fleet.ScheduledQuery{
QueryID: uintValueOrZero(req.QueryID),
Interval: uintValueOrZero(req.Interval),
Snapshot: req.Snapshot,
Removed: req.Removed,
Platform: req.Platform,
Version: req.Version,
Shard: nullIntToPtrUint(req.Shard),
})
if err != nil {
return teamScheduleQueryResponse{Err: err}, nil
}
return teamScheduleQueryResponse{
Scheduled: resp,
}, nil
}
func (svc Service) TeamScheduleQuery(ctx context.Context, teamID uint, q *fleet.ScheduledQuery) (*fleet.ScheduledQuery, error) {
if err := svc.authz.Authorize(ctx, &fleet.Pack{
Type: ptr.String(fmt.Sprintf("team-%d", teamID)),
}, fleet.ActionWrite); err != nil {
return nil, err
}
gp, err := svc.ds.EnsureTeamPack(ctx, teamID)
if err != nil {
return nil, err
}
q.PackID = gp.ID
return svc.unauthorizedScheduleQuery(ctx, q)
}
/////////////////////////////////////////////////////////////////////////////////
// Modify
/////////////////////////////////////////////////////////////////////////////////
type modifyTeamScheduleRequest struct {
TeamID uint `url:"team_id"`
ScheduledQueryID uint `url:"scheduled_query_id"`
fleet.ScheduledQueryPayload
}
type modifyTeamScheduleResponse struct {
Scheduled *fleet.ScheduledQuery `json:"scheduled,omitempty"`
Err error `json:"error,omitempty"`
}
func (r modifyTeamScheduleResponse) error() error { return r.Err }
func modifyTeamScheduleEndpoint(ctx context.Context, request interface{}, svc fleet.Service) (interface{}, error) {
req := request.(*modifyTeamScheduleRequest)
resp, err := svc.ModifyTeamScheduledQueries(ctx, req.TeamID, req.ScheduledQueryID, req.ScheduledQueryPayload)
if err != nil {
return modifyTeamScheduleResponse{Err: err}, nil
}
_ = resp
return modifyTeamScheduleResponse{}, nil
}
func (svc Service) ModifyTeamScheduledQueries(ctx context.Context, teamID uint, scheduledQueryID uint, query fleet.ScheduledQueryPayload) (*fleet.ScheduledQuery, error) {
if err := svc.authz.Authorize(ctx, &fleet.Pack{
Type: ptr.String(fmt.Sprintf("team-%d", teamID)),
}, fleet.ActionWrite); err != nil {
return nil, err
}
gp, err := svc.ds.EnsureTeamPack(ctx, teamID)
if err != nil {
return nil, err
}
query.PackID = ptr.Uint(gp.ID)
return svc.unauthorizedModifyScheduledQuery(ctx, scheduledQueryID, query)
}
/////////////////////////////////////////////////////////////////////////////////
// Delete
/////////////////////////////////////////////////////////////////////////////////
type deleteTeamScheduleRequest struct {
TeamID uint `url:"team_id"`
ScheduledQueryID uint `url:"scheduled_query_id"`
}
type deleteTeamScheduleResponse struct {
Scheduled *fleet.ScheduledQuery `json:"scheduled,omitempty"`
Err error `json:"error,omitempty"`
}
func (r deleteTeamScheduleResponse) error() error { return r.Err }
func deleteTeamScheduleEndpoint(ctx context.Context, request interface{}, svc fleet.Service) (interface{}, error) {
req := request.(*deleteTeamScheduleRequest)
err := svc.DeleteTeamScheduledQueries(ctx, req.TeamID, req.ScheduledQueryID)
if err != nil {
return deleteTeamScheduleResponse{Err: err}, nil
}
return deleteTeamScheduleResponse{}, nil
}
func (svc Service) DeleteTeamScheduledQueries(ctx context.Context, teamID uint, scheduledQueryID uint) error {
if err := svc.authz.Authorize(ctx, &fleet.Pack{
Type: ptr.String(fmt.Sprintf("team-%d", teamID)),
}, fleet.ActionWrite); err != nil {
return err
}
return svc.ds.DeleteScheduledQuery(ctx, scheduledQueryID)
}
Reference in New Issue View Git Blame Copy Permalink