diff --git a/changes/33127175adaff42214b2e19af4688fab.yaml b/changes/33127175adaff42214b2e19af4688fab.yaml new file mode 100644 index 0000000000..762799b955 --- /dev/null +++ b/changes/33127175adaff42214b2e19af4688fab.yaml @@ -0,0 +1,6 @@ +--- +desc: Fix an issue where the default permission level specified when adding a graph + projection was overwritten. +prs: [] +type: bug +... diff --git a/changes/44763e312940ac2d6b448d82442020c4.yaml b/changes/44763e312940ac2d6b448d82442020c4.yaml new file mode 100644 index 0000000000..c7a4b61d1d --- /dev/null +++ b/changes/44763e312940ac2d6b448d82442020c4.yaml @@ -0,0 +1,5 @@ +--- +desc: Add ``$lib.graph.revoke()`` API for revoking user/role permissions on a graph projection. +prs: [] +type: feat +... diff --git a/changes/d4c6fdc96cc6347ebcef68d8fa6b0131.yaml b/changes/d4c6fdc96cc6347ebcef68d8fa6b0131.yaml new file mode 100644 index 0000000000..a212235751 --- /dev/null +++ b/changes/d4c6fdc96cc6347ebcef68d8fa6b0131.yaml @@ -0,0 +1,6 @@ +--- +desc: Deprecate ``$lib.inet.whois.guid``. +prs: +- 3951 +type: deprecation +... diff --git a/synapse/lib/cell.py b/synapse/lib/cell.py index 919bac5695..528dfe6f3e 100644 --- a/synapse/lib/cell.py +++ b/synapse/lib/cell.py @@ -3560,7 +3560,7 @@ def _initEasyPerm(self, item, default=PERM_READ): item.setdefault('permissions', {}) item['permissions'].setdefault('users', {}) item['permissions'].setdefault('roles', {}) - item['permissions']['default'] = default + item['permissions'].setdefault('default', default) async def getTeleApi(self, link, mesg, path): diff --git a/synapse/lib/stormlib/graph.py b/synapse/lib/stormlib/graph.py index fa998513d1..6da8c91300 100644 --- a/synapse/lib/stormlib/graph.py +++ b/synapse/lib/stormlib/graph.py @@ -157,6 +157,15 @@ class GraphLib(s_stormtypes.Lib): ), 'returns': {'type': 'null', }}}, + {'name': 'revoke', 'desc': 'Revoke permissions granted to users/roles on a graph projection.', + 'type': {'type': 'function', '_funcname': '_methGraphRevoke', + 'args': ( + {'name': 'gden', 'type': 'str', 'desc': 'Iden of the graph projection to modify.'}, + {'name': 'scope', 'type': 'str', 'desc': 'The scope, either "users" or "roles".'}, + {'name': 'iden', 'type': 'str', 'desc': 'The user/role iden depending on scope.'}, + ), + 'returns': {'type': 'null'}}}, + {'name': 'activate', 'desc': 'Set the graph projection to use for the top level Storm Runtime.', 'type': {'type': 'function', '_funcname': '_methGraphActivate', 'args': ( @@ -174,6 +183,7 @@ def getObjLocals(self): 'mod': self._methGraphMod, 'list': self._methGraphList, 'grant': self._methGraphGrant, + 'revoke': self._methGraphRevoke, 'activate': self._methGraphActivate, } @@ -219,6 +229,13 @@ async def _methGraphGrant(self, gden, scope, iden, level): await self.runt.snap.core.setStormGraphPerm(gden, scope, iden, level, user=self.runt.user) + async def _methGraphRevoke(self, gden, scope, iden): + gden = await s_stormtypes.tostr(gden) + scope = await s_stormtypes.tostr(scope) + iden = await s_stormtypes.tostr(iden) + + await self.runt.snap.core.setStormGraphPerm(gden, scope, iden, None, user=self.runt.user) + async def _methGraphActivate(self, iden): gdef = await self._methGraphGet(iden) self.runt.setGraph(gdef) diff --git a/synapse/lib/stormwhois.py b/synapse/lib/stormwhois.py index b038ab9671..eab422bfa3 100644 --- a/synapse/lib/stormwhois.py +++ b/synapse/lib/stormwhois.py @@ -16,6 +16,7 @@ class LibWhois(s_stormtypes.Lib): Raises: StormRuntimeError: If form is not supported in this method.''', + 'deprecated': {'eolvers': 'v3.0.0', 'mesg': 'Please use the GUID constructor syntax.'}, 'type': {'type': 'function', '_funcname': '_whoisGuid', 'args': ( {'name': 'props', 'type': 'dict', 'desc': 'Dictionary of properties used to create the form.', }, @@ -31,6 +32,8 @@ def getObjLocals(self): } async def _whoisGuid(self, props, form): + s_common.deprecated('$lib.inet.whois.guid()', curv='2.183.0') + await self.runt.snap.warnonce('$lib.inet.whois.guid() is deprecated. Use the GUID constructor syntax.') form = await s_stormtypes.tostr(form) props = await s_stormtypes.toprim(props) if form == 'iprec': diff --git a/synapse/tests/test_cortex.py b/synapse/tests/test_cortex.py index f91f7268e9..44da7ec9c1 100644 --- a/synapse/tests/test_cortex.py +++ b/synapse/tests/test_cortex.py @@ -3885,6 +3885,15 @@ def checkGraph(seeds, alldefs): opts['vars']['useriden'] = visi.iden await self.asyncraises(s_exc.AuthDeny, core.nodes('$lib.graph.del($iden2)', opts=uopts)) + await core.nodes('$lib.graph.grant($iden2, users, $useriden, 3)', opts=opts) + + await core.nodes('$lib.graph.mod($iden2, ({"name": "newname"}))', opts=uopts) + gdef = await core.callStorm('return($lib.graph.get($iden2))', opts=opts) + self.eq(gdef['name'], 'newname') + + await core.nodes('$lib.graph.revoke($iden2, users, $useriden)', opts=opts) + await self.asyncraises(s_exc.AuthDeny, core.nodes('$lib.graph.mod($iden2, ({"name": "newp"}))', opts=uopts)) + await core.nodes('$lib.graph.grant($iden2, users, $useriden, 3)', opts=opts) await core.nodes('$lib.graph.del($iden2)', opts=uopts) @@ -3974,6 +3983,12 @@ def checkGraph(seeds, alldefs): async with self.getTestCore(dirn=dirn) as core: self.len(3, await core.callStorm('return($lib.graph.list())', opts=opts)) + gdef = await core.callStorm('return($lib.graph.add(({"name": "nodef"})))') + self.eq(1, gdef['permissions']['default']) + + gdef = await core.callStorm('return($lib.graph.add(({"name": "def", "permissions": {"default": 0}})))') + self.eq(0, gdef['permissions']['default']) + async def test_storm_two_level_assignment(self): async with self.getTestCore() as core: q = '$foo=baz $bar=$foo [test:str=$bar]' diff --git a/synapse/tests/test_lib_storm.py b/synapse/tests/test_lib_storm.py index f49e35dc1a..1ea3ce812f 100644 --- a/synapse/tests/test_lib_storm.py +++ b/synapse/tests/test_lib_storm.py @@ -3917,6 +3917,11 @@ async def test_storm_help_cmd(self): self.stormIsInPrint('Warning', msgs) self.stormIsInPrint('``$lib.infosec.cvss.saveVectToNode`` has been deprecated and will be removed in version v3.0.0.', msgs) + msgs = await core.stormlist('help --verbose $lib.inet.whois.guid') + self.stormIsInPrint('Warning', msgs) + self.stormIsInPrint('``$lib.inet.whois.guid`` has been deprecated and will be removed in version v3.0.0.', msgs) + self.stormIsInPrint('Please use the GUID constructor syntax.', msgs) + msgs = await core.stormlist('help $lib.inet') self.stormIsInPrint('The following libraries are available:\n\n' '$lib.inet.http : A Storm Library exposing an HTTP client API.\n' diff --git a/synapse/tests/test_lib_stormwhois.py b/synapse/tests/test_lib_stormwhois.py index f0bcd6e284..c83413d2d9 100644 --- a/synapse/tests/test_lib_stormwhois.py +++ b/synapse/tests/test_lib_stormwhois.py @@ -84,8 +84,8 @@ async def test_storm_whois_guid(self): ''' opts = {'vars': {'props': props}} mesgs = await core.stormlist(stormcmd, opts=opts) - warn = [m[1]['mesg'] for m in mesgs if m[0] == 'warn'] - self.isin('Insufficient guid vals identified, using random guid:', warn[0]) + self.stormIsInWarn('$lib.inet.whois.guid() is deprecated', mesgs) + self.stormIsInWarn('Insufficient guid vals identified, using random guid:', mesgs) self.len(1, await core.nodes(f'inet:whois:ipquery:fqdn={props["fqdn"]}')) props = { @@ -97,8 +97,8 @@ async def test_storm_whois_guid(self): ''' opts = {'vars': {'props': props}} mesgs = await core.stormlist(stormcmd, opts=opts) - warn = [m[1]['mesg'] for m in mesgs if m[0] == 'warn'] - self.isin('Insufficient guid vals identified, using random guid:', warn[0]) + self.stormIsInWarn('$lib.inet.whois.guid() is deprecated', mesgs) + self.stormIsInWarn('Insufficient guid vals identified, using random guid:', mesgs) self.len(1, await core.nodes(f'inet:whois:ipcontact:asn={props["asn"]}')) # Failure cases