diff --git a/opencti-platform/opencti-front/src/private/components/common/danger_zone/DangerZoneBlock.tsx b/opencti-platform/opencti-front/src/private/components/common/danger_zone/DangerZoneBlock.tsx index 8509314e506d..75b6f236fd0f 100644 --- a/opencti-platform/opencti-front/src/private/components/common/danger_zone/DangerZoneBlock.tsx +++ b/opencti-platform/opencti-front/src/private/components/common/danger_zone/DangerZoneBlock.tsx @@ -28,7 +28,7 @@ const DangerZoneBlock: FunctionComponent = ({ title, compo if (isSensitive) { currentTitle = ( <> - {title} + {title} ); } diff --git a/opencti-platform/opencti-front/src/private/components/settings/RulesList.jsx b/opencti-platform/opencti-front/src/private/components/settings/RulesList.jsx index e24bf839ea68..d6e5625d65b6 100644 --- a/opencti-platform/opencti-front/src/private/components/settings/RulesList.jsx +++ b/opencti-platform/opencti-front/src/private/components/settings/RulesList.jsx @@ -459,7 +459,7 @@ const RulesListComponent = ({ relay, data, keyword }) => { ( {
diff --git a/opencti-platform/opencti-front/src/private/components/settings/groups/Group.tsx b/opencti-platform/opencti-front/src/private/components/settings/groups/Group.tsx index 4dbdd939c38f..83d69255f91a 100644 --- a/opencti-platform/opencti-front/src/private/components/settings/groups/Group.tsx +++ b/opencti-platform/opencti-front/src/private/components/settings/groups/Group.tsx @@ -467,7 +467,7 @@ const Group = ({ groupData }: { groupData: Group_group$key }) => {
); diff --git a/opencti-platform/opencti-front/src/private/components/settings/roles/Role.tsx b/opencti-platform/opencti-front/src/private/components/settings/roles/Role.tsx index 65b7b996859e..275cbe1a0213 100644 --- a/opencti-platform/opencti-front/src/private/components/settings/roles/Role.tsx +++ b/opencti-platform/opencti-front/src/private/components/settings/roles/Role.tsx @@ -177,7 +177,7 @@ const Role = ({ return ( ); } diff --git a/opencti-platform/opencti-front/src/utils/hooks/useSensitiveModifications.test.ts b/opencti-platform/opencti-front/src/utils/hooks/useSensitiveModifications.test.ts index 715b40a0bc1f..3ef880f032d9 100644 --- a/opencti-platform/opencti-front/src/utils/hooks/useSensitiveModifications.test.ts +++ b/opencti-platform/opencti-front/src/utils/hooks/useSensitiveModifications.test.ts @@ -1,42 +1,15 @@ -import { describe, it, vi, expect, afterAll } from 'vitest'; +import { describe, it, expect } from 'vitest'; import { UserContextType } from './useAuth'; import { createMockUserContext, testRenderHook } from '../tests/test-render'; import useSensitiveModifications from './useSensitiveModifications'; -let FEATURE_ENABLED = false; - -vi.mock('./useHelper.ts', () => { - return { - default: () => { - return { - isFeatureEnable: vi.fn().mockReturnValue(FEATURE_ENABLED), - }; - }, - }; -}); - describe('Hook: useSensitiveModifications', () => { const baseUserContext = { me: { can_manage_sensitive_config: false }, settings: { platform_protected_sensitive_config: { enabled: true } }, } as unknown as UserContextType; - afterAll(() => { - vi.restoreAllMocks(); - }); - - it('should be allowed if sensitive feature disabled', () => { - const { hook } = testRenderHook( - () => useSensitiveModifications(), - { userContext: createMockUserContext(baseUserContext) }, - ); - const { isAllowed, isSensitive } = hook.result.current; - expect(isAllowed).toEqual(true); - expect(isSensitive).toEqual(false); - }); it('should be allowed if sensitive config disabled', () => { - FEATURE_ENABLED = true; - const { hook } = testRenderHook( () => useSensitiveModifications(), { diff --git a/opencti-platform/opencti-front/src/utils/hooks/useSensitiveModifications.ts b/opencti-platform/opencti-front/src/utils/hooks/useSensitiveModifications.ts index 477d792a29ff..97531ae87dc0 100644 --- a/opencti-platform/opencti-front/src/utils/hooks/useSensitiveModifications.ts +++ b/opencti-platform/opencti-front/src/utils/hooks/useSensitiveModifications.ts @@ -1,7 +1,4 @@ import useAuth from './useAuth'; -import useHelper from './useHelper'; - -const PROTECT_SENSITIVE_CHANGES_FF = 'PROTECT_SENSITIVE_CHANGES'; export type SensitiveConfigType = 'ce_ee_toggle' | 'file_indexing' | 'groups' | 'markings' | 'platform_organization' | 'roles' | 'rules'; @@ -9,8 +6,7 @@ const useSensitiveModifications = (type?: SensitiveConfigType, id?: string) => { const { me, settings } = useAuth(); const sensitiveConfig = settings.platform_protected_sensitive_config; - const { isFeatureEnable } = useHelper(); - const isSensitiveConfigEnabled = isFeatureEnable(PROTECT_SENSITIVE_CHANGES_FF) && sensitiveConfig.enabled; + const isSensitiveConfigEnabled = sensitiveConfig.enabled; if (!isSensitiveConfigEnabled) { return { diff --git a/opencti-platform/opencti-graphql/config/default.json b/opencti-platform/opencti-graphql/config/default.json index a3ee4c38b648..d08efcc721cc 100644 --- a/opencti-platform/opencti-graphql/config/default.json +++ b/opencti-platform/opencti-graphql/config/default.json @@ -13,7 +13,6 @@ "FILIGRAN_LOADER", "CONTAINERS_AUTHORIZED_MEMBERS", "TELEMETRY_COUNT_ACTIVE_USERS", - "PROTECT_SENSITIVE_CHANGES", "CONTENT_FROM_TEMPLATE" ], "https_cert": { diff --git a/opencti-platform/opencti-graphql/src/database/data-initialization.js b/opencti-platform/opencti-graphql/src/database/data-initialization.js index a5c1be95dd8d..6e78a5b10793 100644 --- a/opencti-platform/opencti-graphql/src/database/data-initialization.js +++ b/opencti-platform/opencti-graphql/src/database/data-initialization.js @@ -1,4 +1,4 @@ -import { isFeatureEnabled, logApp } from '../config/conf'; +import { logApp } from '../config/conf'; import { addSettings } from '../domain/settings'; import { BYPASS, ROLE_ADMINISTRATOR, ROLE_DEFAULT, SYSTEM_USER } from '../utils/access'; import { initCreateEntitySettings } from '../modules/entitySetting/entitySetting-domain'; @@ -10,7 +10,7 @@ import { VocabularyCategory } from '../generated/graphql'; import { builtInOv, openVocabularies } from '../modules/vocabulary/vocabulary-utils'; import { addVocabulary } from '../modules/vocabulary/vocabulary-domain'; import { addAllowedMarkingDefinition } from '../domain/markingDefinition'; -import { addCapability, addGroup, addRole, PROTECT_SENSITIVE_CHANGES_FF } from '../domain/grant'; +import { addCapability, addGroup, addRole } from '../domain/grant'; import { GROUP_DEFAULT, groupAddRelation } from '../domain/group'; import { TAXIIAPI } from '../domain/user'; import { KNOWLEDGE_COLLABORATION, KNOWLEDGE_DELETE, KNOWLEDGE_FRONTEND_EXPORT, KNOWLEDGE_MANAGE_AUTH_MEMBERS, KNOWLEDGE_UPDATE } from '../schema/general'; @@ -244,17 +244,12 @@ const createBasicRolesAndCapabilities = async (context) => { await createCapabilities(context, CAPABILITIES); // Create Default(s) Role and Group - let defaultRoleInput = await addRole(context, SYSTEM_USER, { + const defaultRoleInput = await addRole(context, SYSTEM_USER, { name: ROLE_DEFAULT, description: 'Default role associated to the default group', capabilities: [KNOWLEDGE_CAPABILITY], + can_manage_sensitive_config: false, }); - if (isFeatureEnabled((PROTECT_SENSITIVE_CHANGES_FF))) { - defaultRoleInput = { - ...defaultRoleInput, - can_manage_sensitive_config: false - }; - } const defaultGroup = await addGroup(context, SYSTEM_USER, { name: GROUP_DEFAULT, @@ -268,17 +263,13 @@ const createBasicRolesAndCapabilities = async (context) => { await groupAddRelation(context, SYSTEM_USER, defaultGroup.id, defaultRoleRelationInput); // Create Administrator(s) Role and Group - let administratorRoleInput = { + const administratorRoleInput = { name: ROLE_ADMINISTRATOR, description: 'Administrator role that bypass every capabilities', capabilities: [BYPASS], + can_manage_sensitive_config: false, }; - if (isFeatureEnabled((PROTECT_SENSITIVE_CHANGES_FF))) { - administratorRoleInput = { - ...administratorRoleInput, - can_manage_sensitive_config: false - }; - } + const administratorRole = await addRole(context, SYSTEM_USER, administratorRoleInput); const administratorGroup = await addGroup(context, SYSTEM_USER, { @@ -293,7 +284,7 @@ const createBasicRolesAndCapabilities = async (context) => { await groupAddRelation(context, SYSTEM_USER, administratorGroup.id, administratorRoleRelationInput); // Create Connector(s) Role and Group - let connectorRoleInput = { + const connectorRoleInput = { name: 'Connector', description: 'Connector role that has the recommended capabilities', capabilities: [ @@ -311,15 +302,9 @@ const createBasicRolesAndCapabilities = async (context) => { 'SETTINGS_SETMARKINGS', 'SETTINGS_SETLABELS', ], + can_manage_sensitive_config: false }; - if (isFeatureEnabled((PROTECT_SENSITIVE_CHANGES_FF))) { - connectorRoleInput = { - ...connectorRoleInput, - can_manage_sensitive_config: false - }; - } - const connectorRole = await addRole(context, SYSTEM_USER, connectorRoleInput); // Create default group with default role diff --git a/opencti-platform/opencti-graphql/src/domain/grant.js b/opencti-platform/opencti-graphql/src/domain/grant.js index fd50d4595ef5..818dfd7ad28f 100644 --- a/opencti-platform/opencti-graphql/src/domain/grant.js +++ b/opencti-platform/opencti-graphql/src/domain/grant.js @@ -5,9 +5,6 @@ import { ENTITY_TYPE_CAPABILITY, ENTITY_TYPE_GROUP, ENTITY_TYPE_ROLE } from '../ import { RELATION_HAS_CAPABILITY } from '../schema/internalRelationship'; import { generateStandardId } from '../schema/identifier'; import { publishUserAction } from '../listener/UserActionListener'; -import { isFeatureEnabled } from '../config/conf'; - -export const PROTECT_SENSITIVE_CHANGES_FF = 'PROTECT_SENSITIVE_CHANGES'; export const addCapability = async (context, user, capability) => { return createEntity(context, user, capability, ENTITY_TYPE_CAPABILITY); @@ -20,17 +17,11 @@ export const addRole = async (context, user, role) => { dissoc('capabilities'), )(role); - let completeRoleToCreate; - if (isFeatureEnabled(PROTECT_SENSITIVE_CHANGES_FF)) { - completeRoleToCreate = { - ...roleToCreate, - can_manage_sensitive_config: role.can_manage_sensitive_config ?? false, // default when undefined is false - }; - } else { - completeRoleToCreate = { - ...roleToCreate - }; - } + const completeRoleToCreate = { + ...roleToCreate, + can_manage_sensitive_config: role.can_manage_sensitive_config ?? false, // default when undefined is false + }; + const { element, isCreation } = await createEntity(context, user, completeRoleToCreate, ENTITY_TYPE_ROLE, { complete: true }); for (let index = 0; index < capabilities.length; index += 1) { const capability = capabilities[index]; diff --git a/opencti-platform/opencti-graphql/src/domain/user.js b/opencti-platform/opencti-graphql/src/domain/user.js index 4d5b6318a143..79fe1d0ca493 100644 --- a/opencti-platform/opencti-graphql/src/domain/user.js +++ b/opencti-platform/opencti-graphql/src/domain/user.js @@ -64,7 +64,7 @@ import { } from '../utils/access'; import { ASSIGNEE_FILTER, CREATOR_FILTER, PARTICIPANT_FILTER } from '../utils/filtering/filtering-constants'; import { now, utcDate } from '../utils/format'; -import { addGroup, PROTECT_SENSITIVE_CHANGES_FF } from './grant'; +import { addGroup } from './grant'; import { defaultMarkingDefinitionsFromGroups, findAll as findGroups } from './group'; import { addIndividual } from './individual'; import { ENTITY_TYPE_IDENTITY_ORGANIZATION } from '../modules/organization/organization-types'; @@ -1376,10 +1376,7 @@ export const buildCompleteUser = async (context, client) => { const no_creators = groups.filter((g) => g.no_creators).length === groups.length; const restrict_delete = !isByPass && groups.filter((g) => g.restrict_delete).length === groups.length; - let canManageSensitiveConfig = null; - if (isFeatureEnabled(PROTECT_SENSITIVE_CHANGES_FF)) { - canManageSensitiveConfig = { can_manage_sensitive_config: isSensitiveChangesAllowed(client.id, roles) }; - } + const canManageSensitiveConfig = { can_manage_sensitive_config: isSensitiveChangesAllowed(client.id, roles) }; return { ...client, diff --git a/opencti-platform/opencti-graphql/src/modules/attributes/internalObject-registrationAttributes.ts b/opencti-platform/opencti-graphql/src/modules/attributes/internalObject-registrationAttributes.ts index 3092afac9648..e63a8c8d8d0c 100644 --- a/opencti-platform/opencti-graphql/src/modules/attributes/internalObject-registrationAttributes.ts +++ b/opencti-platform/opencti-graphql/src/modules/attributes/internalObject-registrationAttributes.ts @@ -351,7 +351,7 @@ const internalObjectsAttributes: { [k: string]: Array } = { [ENTITY_TYPE_ROLE]: [ { name: 'name', label: 'Name', type: 'string', format: 'short', mandatoryType: 'external', editDefault: true, multiple: false, upsert: false, isFilterable: true }, { name: 'description', label: 'Description', type: 'string', format: 'text', mandatoryType: 'no', editDefault: false, multiple: false, upsert: false, isFilterable: true }, - { name: 'can_manage_sensitive_config', label: 'Is sensitive changes allowed', type: 'boolean', mandatoryType: 'no', editDefault: false, multiple: false, upsert: false, isFilterable: false, featureFlag: 'PROTECT_SENSITIVE_CHANGES' }, + { name: 'can_manage_sensitive_config', label: 'Is sensitive changes allowed', type: 'boolean', mandatoryType: 'no', editDefault: false, multiple: false, upsert: false, isFilterable: false }, ], [ENTITY_TYPE_RULE]: [ { name: 'active', label: 'Status', type: 'boolean', mandatoryType: 'no', editDefault: false, multiple: false, upsert: true, isFilterable: true } diff --git a/opencti-platform/opencti-graphql/tests/02-integration/02-resolvers/role-test.js b/opencti-platform/opencti-graphql/tests/02-integration/02-resolvers/role-test.js index be213745a0e9..ef444e871169 100644 --- a/opencti-platform/opencti-graphql/tests/02-integration/02-resolvers/role-test.js +++ b/opencti-platform/opencti-graphql/tests/02-integration/02-resolvers/role-test.js @@ -4,8 +4,6 @@ import { ADMIN_USER, testContext, queryAsAdmin, TESTING_ROLES } from '../../util import { elLoadById } from '../../../src/database/engine'; import { ENTITY_TYPE_CAPABILITY } from '../../../src/schema/internalObject'; import { generateStandardId } from '../../../src/schema/identifier'; -import { isFeatureEnabled } from '../../../src/config/conf'; -import { PROTECT_SENSITIVE_CHANGES_FF } from '../../../src/domain/grant'; const LIST_QUERY = gql` query roles($first: Int, $after: ID, $orderBy: RolesOrdering, $orderMode: OrderingMode, $search: String) { @@ -59,11 +57,7 @@ describe('Role resolver standard behavior', () => { expect(role).not.toBeNull(); expect(role.data.roleAdd).not.toBeNull(); expect(role.data.roleAdd.name).toEqual('Role'); - if (isFeatureEnabled(PROTECT_SENSITIVE_CHANGES_FF)) { - expect(role.data.roleAdd.can_manage_sensitive_config).toBeFalsy('New role should have the can_manage_sensitive_config to false by default'); - } else { - expect(role.data.roleAdd.can_manage_sensitive_config).toBeUndefined('New role should not have the can_manage_sensitive_config when it is not enabled'); - } + expect(role.data.roleAdd.can_manage_sensitive_config).toBeFalsy('New role should have the can_manage_sensitive_config to false by default'); roleInternalId = role.data.roleAdd.id; });