Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create usePermissions UI hook #413

Merged
merged 20 commits into from
Mar 8, 2024
Merged
Show file tree
Hide file tree
Changes from 12 commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
546c222
move types and run license check
maffkipp Feb 12, 2024
084b73b
Merge branch 'main' of github.com:SpecterOps/BloodHound into use-perm…
maffkipp Feb 14, 2024
5d16e3c
pulling in most recent main
maffkipp Feb 14, 2024
d69b6e4
added useAppSelector
maffkipp Feb 14, 2024
d714999
ran license check
maffkipp Feb 14, 2024
b6f640e
updated from PR feedback
maffkipp Feb 15, 2024
eb13c33
Merge branch 'main' of github.com:SpecterOps/BloodHound into use-perm…
maffkipp Feb 15, 2024
90ec78b
Merge branch 'main' of github.com:SpecterOps/BloodHound into use-perm…
maffkipp Feb 15, 2024
ce64095
rewrote hook and permission structure based on feedback
maffkipp Feb 16, 2024
87ca3c5
added check for single permission
maffkipp Feb 16, 2024
3134099
persistent arg names
maffkipp Feb 16, 2024
f30a98b
additional refactor
maffkipp Feb 16, 2024
0548618
Merge branch 'main' of github.com:SpecterOps/BloodHound into use-perm…
maffkipp Feb 22, 2024
083e021
Merge branch 'main' of github.com:SpecterOps/BloodHound into use-perm…
maffkipp Feb 23, 2024
3638d03
Merge branch 'main' of github.com:SpecterOps/BloodHound into use-perm…
maffkipp Feb 25, 2024
b41c63b
refactored permissions definitions
maffkipp Feb 25, 2024
132a262
resolving merge conflict
maffkipp Feb 28, 2024
d649ab4
removed fake permission
maffkipp Feb 28, 2024
ba24a0d
Merge branch 'main' of github.com:SpecterOps/BloodHound into use-perm…
maffkipp Mar 5, 2024
e5f5fe2
Merge branch 'main' of github.com:SpecterOps/BloodHound into use-perm…
maffkipp Mar 7, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
90 changes: 90 additions & 0 deletions cmd/ui/src/hooks/usePermissions/usePermissions.test.tsx
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
// Copyright 2024 Specter Ops, Inc.
//
// Licensed under the Apache License, Version 2.0
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// SPDX-License-Identifier: Apache-2.0

import { Permission } from 'bh-shared-ui';
import { renderHook } from 'src/test-utils';
import usePermissions, { PermissionsFns } from './usePermissions';

describe('usePermissions', () => {
const getPermissionsWithUser = (permissions: Permission[]): PermissionsFns => {
return renderHook(() => usePermissions(), {
initialState: {
auth: {
user: {
roles: [
{
permissions: permissions.map((p) => p.get()),
},
],
},
},
},
}).result.current;
};

const allPermissions = [
Permission.CLIENTS_MANAGE,
Permission.AUTH_CREATE_TOKEN,
Permission.APP_READ_APPLICATION_CONFIGURATION,
];

it('permitted if the user has a required permission', () => {
const permissions = getPermissionsWithUser([Permission.CLIENTS_MANAGE]);

const has = permissions.checkPermission(Permission.CLIENTS_MANAGE);
const hasAll = permissions.checkAllPermissions([Permission.CLIENTS_MANAGE]);
const hasAtLeastOne = permissions.checkAtLeastOnePermission([Permission.CLIENTS_MANAGE]);

expect(has).toBe(true);
expect(hasAll).toBe(true);
expect(hasAtLeastOne).toBe(true);
});

it('permitted if the user has multiple required permissions', () => {
const permissions = getPermissionsWithUser(allPermissions);

const hasAll = permissions.checkAllPermissions(allPermissions);
const hasAtLeastOne = permissions.checkAtLeastOnePermission(allPermissions);

expect(hasAll).toBe(true);
expect(hasAtLeastOne).toBe(true);
});

it('denied if the user does not have a matching permission', () => {
const permissions = getPermissionsWithUser([Permission.CLIENTS_MANAGE]);

const has = permissions.checkPermission(Permission.AUTH_CREATE_TOKEN);
const hasAll = permissions.checkAllPermissions([Permission.AUTH_CREATE_TOKEN]);
const hasAtLeastOne = permissions.checkAtLeastOnePermission([Permission.AUTH_CREATE_TOKEN]);

expect(has).toBe(false);
expect(hasAll).toBe(false);
expect(hasAtLeastOne).toBe(false);
});

it('returns hasAtLeastOne if the user is missing one of many required permissions', () => {
const permissions = getPermissionsWithUser([
Permission.APP_READ_APPLICATION_CONFIGURATION,
Permission.AUTH_CREATE_TOKEN,
]);

const hasAll = permissions.checkAllPermissions(allPermissions);
const hasAtLeastOne = permissions.checkAtLeastOnePermission(allPermissions);

expect(hasAll).toBe(false);
expect(hasAtLeastOne).toBe(true);
});
});
63 changes: 63 additions & 0 deletions cmd/ui/src/hooks/usePermissions/usePermissions.tsx
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
// Copyright 2024 Specter Ops, Inc.
//
// Licensed under the Apache License, Version 2.0
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// SPDX-License-Identifier: Apache-2.0

import { Permission } from 'bh-shared-ui';
import { useCallback, useEffect, useState } from 'react';
import { useAppSelector } from 'src/store';

export type PermissionsFns = {
checkPermission: (permission: Permission) => boolean;
checkAllPermissions: (permissions: Permission[]) => boolean;
checkAtLeastOnePermission: (permissions: Permission[]) => boolean;
};

const usePermissions = () => {
const auth = useAppSelector((state) => state.auth);
const [userPermMap, setUserPermMap] = useState<Record<string, boolean>>({});

const formatKey = useCallback((p: { authority: string; name: string }) => `${p.authority}-${p.name}`, []);

useEffect(() => {
const userPermissions = auth.user?.roles.map((role) => role.permissions).flat();

if (userPermissions) {
const newPermMap: Record<string, boolean> = {};
userPermissions.forEach((perm) => (newPermMap[formatKey(perm)] = true));
setUserPermMap(newPermMap);
}
}, [auth.user, formatKey]);
maffkipp marked this conversation as resolved.
Show resolved Hide resolved

const checkPermission = (permission: Permission): boolean => {
return !!userPermMap[formatKey(permission.get())];
};

const checkAllPermissions = (permissions: Permission[]): boolean => {
for (const permission of permissions) {
if (!checkPermission(permission)) return false;
}
return true;
};

const checkAtLeastOnePermission = (permissions: Permission[]): boolean => {
for (const permission of permissions) {
if (checkPermission(permission)) return true;
}
return false;
};

return { checkPermission, checkAllPermissions, checkAtLeastOnePermission };
maffkipp marked this conversation as resolved.
Show resolved Hide resolved
};
export default usePermissions;
144 changes: 86 additions & 58 deletions cmd/ui/src/test-utils.jsx
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright 2023 Specter Ops, Inc.
// Copyright 2024 Specter Ops, Inc.
//
// Licensed under the Apache License, Version 2.0
// you may not use this file except in compliance with the License.
Expand All @@ -17,7 +17,7 @@
import { createTheme } from '@mui/material/styles';
import { CssBaseline, StyledEngineProvider, ThemeProvider } from '@mui/material';
import { configureStore } from '@reduxjs/toolkit';
import { render } from '@testing-library/react';
import { render, renderHook } from '@testing-library/react';
import { createMemoryHistory } from 'history';
import { SnackbarProvider } from 'notistack';
import { QueryClient, QueryClientProvider } from 'react-query';
Expand All @@ -27,75 +27,103 @@ import createSagaMiddleware from 'redux-saga';
import { rootReducer } from 'src/store';
import { NotificationsProvider } from 'bh-shared-ui';

const defaultTheme = {
palette: {
primary: {
main: '#406f8e',
light: '#709dbe',
dark: '#064460',
contrastText: '#ffffff',
},
neutral: {
main: '#e0e0e0',
light: '#ffffff',
dark: '#cccccc',
contrastText: '#000000',
},
background: {
paper: '#fafafa',
default: '#e4e9eb',
},
low: 'rgb(255, 195, 15)',
moderate: 'rgb(255, 97, 66)',
high: 'rgb(205, 0, 117)',
critical: 'rgb(76, 29, 143)',
},
}

const createDefaultQueryClient = () => {
return new QueryClient({
defaultOptions: {
queries: {
retry: false,
},
},
})
}

const createDefaultStore = (state) => {
return configureStore({
reducer: rootReducer,
preloadedState: state,
middleware: (getDefaultMiddleware) => {
return [...getDefaultMiddleware({ serializableCheck: false }), createSagaMiddleware()];
},
})
}

const createProviders = ({ queryClient, history, theme, store, children }) => {
return (
<Provider store={store}>
<QueryClientProvider client={queryClient}>
<StyledEngineProvider injectFirst>
<ThemeProvider theme={theme}>
<NotificationsProvider>
<CssBaseline />
<Router location={history.location} navigator={history}>
<SnackbarProvider>{children}</SnackbarProvider>
</Router>
</NotificationsProvider>
</ThemeProvider>
</StyledEngineProvider>
</QueryClientProvider>
</Provider>
)
}

const customRender = (
ui,
{
initialState = {},
queryClient = new QueryClient({
defaultOptions: {
queries: {
retry: false,
},
},
}),
queryClient = createDefaultQueryClient(),
history = createMemoryHistory(),
theme = createTheme({
palette: {
primary: {
main: '#406f8e',
light: '#709dbe',
dark: '#064460',
contrastText: '#ffffff',
},
neutral: {
main: '#e0e0e0',
light: '#ffffff',
dark: '#cccccc',
contrastText: '#000000',
},
background: {
paper: '#fafafa',
default: '#e4e9eb',
},
low: 'rgb(255, 195, 15)',
moderate: 'rgb(255, 97, 66)',
high: 'rgb(205, 0, 117)',
critical: 'rgb(76, 29, 143)',
},
}),
store = configureStore({
reducer: rootReducer,
preloadedState: initialState,
middleware: (getDefaultMiddleware) => {
return [...getDefaultMiddleware({ serializableCheck: false }), createSagaMiddleware()];
},
}),
theme = createTheme(defaultTheme),
store = createDefaultStore(initialState),
...renderOptions
} = {}
) => {
const AllTheProviders = ({ children }) => {
return (
<Provider store={store}>
<QueryClientProvider client={queryClient}>
<StyledEngineProvider injectFirst>
<ThemeProvider theme={theme}>
<NotificationsProvider>
<CssBaseline />
<Router location={history.location} navigator={history}>
<SnackbarProvider>{children}</SnackbarProvider>
</Router>
</NotificationsProvider>
</ThemeProvider>
</StyledEngineProvider>
</QueryClientProvider>
</Provider>
);
};
const AllTheProviders = ({ children }) => createProviders({ queryClient, history, theme, store, children });
return render(ui, { wrapper: AllTheProviders, ...renderOptions });
};

const customRenderHook = (
hook,
maffkipp marked this conversation as resolved.
Show resolved Hide resolved
{
initialState = {},
queryClient = createDefaultQueryClient(),
history = createMemoryHistory(),
theme = createTheme(defaultTheme),
store = createDefaultStore(initialState),
...renderOptions
maffkipp marked this conversation as resolved.
Show resolved Hide resolved
} = {}
) => {
const AllTheProviders = ({ children }) => createProviders({ queryClient, history, theme, store, children });
return renderHook(hook, { wrapper: AllTheProviders, ...renderOptions });
};

// re-export everything
// eslint-disable-next-line react-refresh/only-export-components
export * from '@testing-library/react';
// override render method
export { customRender as render };
export { customRenderHook as renderHook };
1 change: 1 addition & 0 deletions packages/javascript/bh-shared-ui/src/utils/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -22,3 +22,4 @@ export * from './entityInfoDisplay';
export * from './passwd';
export * from './user';
export * from './icons';
export * from './permissions';
53 changes: 53 additions & 0 deletions packages/javascript/bh-shared-ui/src/utils/permissions.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
// Copyright 2024 Specter Ops, Inc.
//
// Licensed under the Apache License, Version 2.0
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// SPDX-License-Identifier: Apache-2.0
export class Permission {
private constructor(private readonly authority: string, private readonly name: string) {
this.name = name;
this.authority = authority;
}

get() {
return {
name: this.name,
authority: this.authority,
};
}

static readonly APP_READ_APPLICATION_CONFIGURATION = new Permission('app', 'ReadAppConfig');
static readonly APP_WRITE_APPLICATION_CONFIGURATION = new Permission('app', 'WriteAppConfig');

static readonly APS_GENERATE_REPORT = new Permission('risks', 'GenerateReport');
static readonly APS_MANAGE_APS = new Permission('risks', 'ManageRisks');

static readonly AUTH_ACCEPT_EULA = new Permission('auth', 'AcceptEULA');
static readonly AUTH_CREATE_TOKEN = new Permission('auth', 'CreateToken');
static readonly AUTH_MANAGE_APPLICATION_CONFIGURATIONS = new Permission('auth', 'ManageAppConfig');
static readonly AUTH_MANAGE_PROVIDERS = new Permission('auth', 'ManageProviders');
static readonly AUTH_MANAGE_SELF = new Permission('auth', 'ManageSelf');
static readonly AUTH_MANAGE_USERS = new Permission('auth', 'ManageUsers');

static readonly CLIENTS_MANAGE = new Permission('clients', 'Manage');
static readonly CLIENTS_READ = new Permission('clients', 'Read');
static readonly CLIENTS_TASKING = new Permission('clients', 'Tasking');

static readonly COLLECTION_MANAGE_JOBS = new Permission('collection', 'ManageJobs');

static readonly GRAPH_DB_READ = new Permission('graphdb', 'Read');
static readonly GRAPH_DB_WRITE = new Permission('graphdb', 'Write');

static readonly SAVED_QUERIES_READ = new Permission('saved_queries', 'Read');
static readonly SAVED_QUERIES_WRITE = new Permission('saved_queries', 'Write');
}
Loading