def get_authorized_engagement_presets(permission): user = get_current_user() if user is None: return Engagement_Presets.objects.none() if user.is_superuser: return Engagement_Presets.objects.all().order_by('title') if settings.FEATURE_AUTHORIZATION_V2: if user.is_staff and settings.AUTHORIZATION_STAFF_OVERRIDE: return Engagement_Presets.objects.all().order_by('title') if hasattr( user, 'global_role' ) and user.global_role.role is not None and role_has_permission( user.global_role.role.id, permission): return Engagement_Presets.objects.all().order_by('title') for group in get_groups(user): if hasattr( group, 'global_role' ) and group.global_role.role is not None and role_has_permission( group.global_role.role.id, permission): return Engagement_Presets.objects.all().order_by('title') roles = get_roles_for_permission(permission) authorized_product_type_roles = Product_Type_Member.objects.filter( product_type=OuterRef('product__prod_type_id'), user=user, role__in=roles) authorized_product_roles = Product_Member.objects.filter( product=OuterRef('product_id'), user=user, role__in=roles) authorized_product_type_groups = Product_Type_Group.objects.filter( product_type=OuterRef('product__prod_type_id'), group__users=user, role__in=roles) authorized_product_groups = Product_Group.objects.filter( product=OuterRef('product_id'), group__users=user, role__in=roles) engagement_presets = Engagement_Presets.objects.annotate( product__prod_type__member=Exists(authorized_product_type_roles), product__member=Exists(authorized_product_roles), product__prod_type__authorized_group=Exists( authorized_product_type_groups), product__authorized_group=Exists( authorized_product_groups)).order_by('title') engagement_presets = engagement_presets.filter( Q(product__prod_type__member=True) | Q(product__member=True) | Q(product__prod_type__authorized_group=True) | Q(product__authorized_group=True)) else: if user.is_staff: engagement_presets = Engagement_Presets.objects.all().order_by( 'title') else: engagement_presets = Engagement_Presets.objects.filter( Q(product__authorized_users__in=[user]) | Q(product__prod_type__authorized_users__in=[user])).order_by( 'title') return engagement_presets
def get_authorized_groups(permission): user = get_current_user() if user is None: return Dojo_Group.objects.none() if user.is_superuser: return Dojo_Group.objects.all().order_by('name') if user.is_staff and settings.AUTHORIZATION_STAFF_OVERRIDE: return Dojo_Group.objects.all().order_by('name') if hasattr(user, 'global_role' ) and user.global_role.role is not None and role_has_permission( user.global_role.role.id, permission): return Dojo_Group.objects.all().order_by('name') for group in get_groups(user): if hasattr( group, 'global_role' ) and group.global_role.role is not None and role_has_permission( group.global_role.role.id, permission): return Dojo_Group.objects.all().order_by('name') roles = get_roles_for_permission(permission) authorized_roles = Dojo_Group_Member.objects.filter(group=OuterRef('pk'), user=user, role__in=roles) groups = Dojo_Group.objects.annotate( user=Exists(authorized_roles)).order_by('name') return groups.filter(user=True)
def get_authorized_product_api_scan_configurations(permission): user = get_current_user() if user is None: return Product_API_Scan_Configuration.objects.none() if user.is_superuser: return Product_API_Scan_Configuration.objects.all() if settings.FEATURE_AUTHORIZATION_V2: if user.is_staff and settings.AUTHORIZATION_STAFF_OVERRIDE: return Product_API_Scan_Configuration.objects.all() if hasattr(user, 'global_role') and user.global_role.role is not None and role_has_permission(user.global_role.role.id, permission): return Product_API_Scan_Configuration.objects.all() for group in get_groups(user): if hasattr(group, 'global_role') and group.global_role.role is not None and role_has_permission(group.global_role.role.id, permission): return Product_API_Scan_Configuration.objects.all() roles = get_roles_for_permission(permission) authorized_product_type_roles = Product_Type_Member.objects.filter( product_type=OuterRef('product__prod_type_id'), user=user, role__in=roles) authorized_product_roles = Product_Member.objects.filter( product=OuterRef('product_id'), user=user, role__in=roles) authorized_product_type_groups = Product_Type_Group.objects.filter( product_type=OuterRef('product__prod_type_id'), group__users=user, role__in=roles) authorized_product_groups = Product_Group.objects.filter( product=OuterRef('product_id'), group__users=user, role__in=roles) product_api_scan_configurations = Product_API_Scan_Configuration.objects.annotate( product__prod_type__member=Exists(authorized_product_type_roles), product__member=Exists(authorized_product_roles), product__prod_type__authorized_group=Exists(authorized_product_type_groups), product__authorized_group=Exists(authorized_product_groups)) product_api_scan_configurations = product_api_scan_configurations.filter( Q(product__prod_type__member=True) | Q(product__member=True) | Q(product__prod_type__authorized_group=True) | Q(product__authorized_group=True)) else: if user.is_staff: product_api_scan_configurations = Product_API_Scan_Configuration.objects.all() else: product_api_scan_configurations = Product_API_Scan_Configuration.objects.filter( Q(product__authorized_users__in=[user]) | Q(product__prod_type__authorized_users__in=[user])) return product_api_scan_configurations
def get_authorized_findings(permission, queryset=None, user=None): if user is None: user = get_current_user() if user is None: return Finding.objects.none() if queryset is None: findings = Finding.objects.all() else: findings = queryset if user.is_superuser: return findings if settings.FEATURE_AUTHORIZATION_V2: if user.is_staff and settings.AUTHORIZATION_STAFF_OVERRIDE: return findings if hasattr( user, 'global_role' ) and user.global_role.role is not None and role_has_permission( user.global_role.role.id, permission): return findings for group in get_groups(user): if hasattr( group, 'global_role' ) and group.global_role.role is not None and role_has_permission( group.global_role.role.id, permission): return findings roles = get_roles_for_permission(permission) authorized_product_type_roles = Product_Type_Member.objects.filter( product_type=OuterRef('test__engagement__product__prod_type_id'), user=user, role__in=roles) authorized_product_roles = Product_Member.objects.filter( product=OuterRef('test__engagement__product_id'), user=user, role__in=roles) authorized_product_type_groups = Product_Type_Group.objects.filter( product_type=OuterRef('test__engagement__product__prod_type_id'), group__users=user, role__in=roles) authorized_product_groups = Product_Group.objects.filter( product=OuterRef('test__engagement__product_id'), group__users=user, role__in=roles) findings = findings.annotate( test__engagement__product__prod_type__member=Exists( authorized_product_type_roles), test__engagement__product__member=Exists(authorized_product_roles), test__engagement__product__prod_type__authorized_group=Exists( authorized_product_type_groups), test__engagement__product__authorized_group=Exists( authorized_product_groups)) findings = findings.filter( Q(test__engagement__product__prod_type__member=True) | Q(test__engagement__product__member=True) | Q(test__engagement__product__prod_type__authorized_group=True) | Q(test__engagement__product__authorized_group=True)) else: if not user.is_staff: findings = findings.filter( Q(test__engagement__product__authorized_users__in=[user]) | Q(test__engagement__product__prod_type__authorized_users__in=[ user ])) return findings
def get_authorized_dojo_meta(permission): user = get_current_user() if user is None: return DojoMeta.objects.none() if user.is_superuser: return DojoMeta.objects.all().order_by('name') if settings.FEATURE_AUTHORIZATION_V2: if user.is_staff and settings.AUTHORIZATION_STAFF_OVERRIDE: return DojoMeta.objects.all().order_by('name') if hasattr( user, 'global_role' ) and user.global_role.role is not None and role_has_permission( user.global_role.role.id, permission): return DojoMeta.objects.all().order_by('name') for group in get_groups(user): if hasattr( group, 'global_role' ) and group.global_role.role is not None and role_has_permission( group.global_role.role.id, permission): return DojoMeta.objects.all().order_by('name') roles = get_roles_for_permission(permission) product_authorized_product_type_roles = Product_Type_Member.objects.filter( product_type=OuterRef('product__prod_type_id'), user=user, role__in=roles) product_authorized_product_roles = Product_Member.objects.filter( product=OuterRef('product_id'), user=user, role__in=roles) product_authorized_product_type_groups = Product_Type_Group.objects.filter( product_type=OuterRef('product__prod_type_id'), group__users=user, role__in=roles) product_authorized_product_groups = Product_Group.objects.filter( product=OuterRef('product_id'), group__users=user, role__in=roles) endpoint_authorized_product_type_roles = Product_Type_Member.objects.filter( product_type=OuterRef('endpoint__product__prod_type_id'), user=user, role__in=roles) endpoint_authorized_product_roles = Product_Member.objects.filter( product=OuterRef('endpoint__product_id'), user=user, role__in=roles) endpoint_authorized_product_type_groups = Product_Type_Group.objects.filter( product_type=OuterRef('endpoint__product__prod_type_id'), group__users=user, role__in=roles) endpoint_authorized_product_groups = Product_Group.objects.filter( product=OuterRef('endpoint__product_id'), group__users=user, role__in=roles) finding_authorized_product_type_roles = Product_Type_Member.objects.filter( product_type=OuterRef( 'finding__test__engagement__product__prod_type_id'), user=user, role__in=roles) finding_authorized_product_roles = Product_Member.objects.filter( product=OuterRef('finding__test__engagement__product_id'), user=user, role__in=roles) finding_authorized_product_type_groups = Product_Type_Group.objects.filter( product_type=OuterRef( 'finding__test__engagement__product__prod_type_id'), group__users=user, role__in=roles) finding_authorized_product_groups = Product_Group.objects.filter( product=OuterRef('finding__test__engagement__product_id'), group__users=user, role__in=roles) dojo_meta = DojoMeta.objects.annotate( product__prod_type__member=Exists( product_authorized_product_type_roles), product__member=Exists(product_authorized_product_roles), product__prod_type__authorized_group=Exists( product_authorized_product_type_groups), product__authorized_group=Exists( product_authorized_product_groups), endpoint__product__prod_type__member=Exists( endpoint_authorized_product_type_roles), endpoint__product__member=Exists( endpoint_authorized_product_roles), endpoint__product__prod_type__authorized_group=Exists( endpoint_authorized_product_type_groups), endpoint__product__authorized_group=Exists( endpoint_authorized_product_groups), finding__test__engagement__product__prod_type__member=Exists( finding_authorized_product_type_roles), finding__test__engagement__product__member=Exists( finding_authorized_product_roles), finding__test__engagement__product__prod_type__authorized_group= Exists(finding_authorized_product_type_groups), finding__test__engagement__product__authorized_group=Exists( finding_authorized_product_groups)).order_by('name') dojo_meta = dojo_meta.filter( Q(product__prod_type__member=True) | Q(product__member=True) | Q(product__prod_type__authorized_group=True) | Q(product__authorized_group=True) | Q(endpoint__product__prod_type__member=True) | Q(endpoint__product__member=True) | Q(endpoint__product__prod_type__authorized_group=True) | Q(endpoint__product__authorized_group=True) | Q(finding__test__engagement__product__prod_type__member=True) | Q(finding__test__engagement__product__member=True) | Q(finding__test__engagement__product__prod_type__authorized_group =True) | Q(finding__test__engagement__product__authorized_group=True)) else: if user.is_staff: dojo_meta = DojoMeta.objects.all().order_by('name') else: dojo_meta = DojoMeta.objects.filter( Q(product__authorized_users__in=[user]) | Q(product__prod_type__authorized_users__in=[user]) | Q(endpoint__product__authorized_users__in=[user]) | Q(endpoint__product__prod_type__authorized_users__in=[user]) | Q(finding__test__engagement__product__authorized_users__in=[ user ]) | Q(finding__test__engagement__product__prod_type__authorized_users__in =[user])).order_by('name') return dojo_meta