diff --git a/bin/lib/ail_orgs.py b/bin/lib/ail_orgs.py
index b10cf191..8dad34f9 100755
--- a/bin/lib/ail_orgs.py
+++ b/bin/lib/ail_orgs.py
@@ -151,6 +151,13 @@ class Organisation:
meta['creator'] = self._get_field('creator')
if 'date_created' in options:
meta['date_created'] = self._get_field('date_created')
+ if 'users' in options:
+ meta['users'] = self.get_users()
+ if 'nb_users' in options:
+ if 'users' in meta:
+ meta['nb_users'] = len(meta['users'])
+ else:
+ meta['nb_users'] = self.get_nb_users()
return meta
def is_user(self, user_id):
@@ -228,7 +235,7 @@ def check_access_acl(obj, user_org, is_admin=False):
# view
# edit
-# delete -> coordinator or admin
+# delete -> org_admin or admin
def check_obj_access_acl(obj, user_org, user_id, user_role, action):
if user_role == 'admin':
return True
@@ -243,7 +250,7 @@ def check_obj_access_acl(obj, user_org, user_id, user_role, action):
return True
# edit + delete
else: # TODO allow user to edit same org global
- if user_role == 'coordinator':
+ if user_role == 'org_admin':
creator_org = obj.get_creator_org()
if user_org == creator_org:
return True
@@ -258,7 +265,7 @@ def check_obj_access_acl(obj, user_org, user_id, user_role, action):
elif action == 'edit':
return obj.get_org() == user_org
elif action == 'delete':
- if user_role == 'coordinator':
+ if user_role == 'org_admin':
if user_org == obj.get_org():
return True
else:
@@ -285,14 +292,14 @@ def check_acl_edit_level(obj, user_org, user_id, user_role, new_level):
elif new_level == 1:
if level == 0 and obj.get_id() == user_id:
return True
- elif level == 2 and user_role == 'coordinator':
+ elif level == 2 and user_role == 'org_admin':
if obj.get_creator_org() == user_org:
return True
# Organisation
elif new_level == 2:
if level == 0 and obj.get_id() == user_id:
return True
- elif level == 1 and user_role == 'coordinator':
+ elif level == 1 and user_role == 'org_admin':
if obj.get_creator_org() == user_org:
return True
return False
@@ -308,6 +315,15 @@ def api_get_orgs_meta():
meta['orgs'].append(org.get_meta(options=options))
return meta
+def api_get_org_meta(org_uuid):
+ if not is_valid_uuid_v4(org_uuid):
+ return {'status': 'error', 'reason': 'Invalid UUID'}, 400
+ if not exists_org(org_uuid):
+ return {'status': 'error', 'reason': 'Unknown org'}, 404
+ org = Organisation(org_uuid)
+ meta = org.get_meta(options={'date_created', 'description', 'name', 'users', 'nb_users'})
+ return meta, 200
+
def api_create_org(creator, org_uuid, name, ip_address, user_agent, description=None):
if not is_valid_uuid_v4(org_uuid):
return {'status': 'error', 'reason': 'Invalid UUID'}, 400
diff --git a/bin/lib/ail_users.py b/bin/lib/ail_users.py
index 7bdf5826..72e3b689 100755
--- a/bin/lib/ail_users.py
+++ b/bin/lib/ail_users.py
@@ -270,6 +270,13 @@ def disable_user_2fa(user_id):
def get_users():
return r_serv_db.hkeys('ail:users:all')
+def get_users_meta(users):
+ meta = []
+ for user_id in users:
+ user = AILUser(user_id)
+ meta.append(user.get_meta({'role'}))
+ return meta
+
def get_user_role(user_id):
return r_serv_db.hget(f'ail:user:metadata:{user_id}', 'role')
@@ -733,15 +740,15 @@ def is_in_role(user_id, role):
return r_serv_db.sismember(f'ail:users:role:{role}', user_id)
def _get_users_roles_list():
- return ['read_only', 'user_no_api', 'user', 'coordinator', 'admin']
+ return ['read_only', 'user_no_api', 'user', 'org_admin', 'admin']
def _get_users_roles_dict():
return {
'read_only': ['read_only'],
'user_no_api': ['read_only', 'user_no_api'],
'user': ['read_only', 'user_no_api', 'user'],
- 'coordinator': ['read_only', 'user_no_api', 'user', 'coordinator'],
- 'admin': ['read_only', 'user_no_api', 'user', 'coordinator', 'admin'],
+ 'org_admin': ['read_only', 'user_no_api', 'user', 'org_admin'],
+ 'admin': ['read_only', 'user_no_api', 'user', 'org_admin', 'admin'],
}
def set_user_role(user_id, role):
diff --git a/var/www/blueprints/hunters.py b/var/www/blueprints/hunters.py
index 1233f75e..8644b8e6 100644
--- a/var/www/blueprints/hunters.py
+++ b/var/www/blueprints/hunters.py
@@ -16,7 +16,7 @@ sys.path.append('modules')
import Flask_config
# Import Role_Manager
-from Role_Manager import login_admin, login_coordinator, login_user, login_user_no_api, login_read_only
+from Role_Manager import login_admin, login_org_admin, login_user, login_user_no_api, login_read_only
sys.path.append(os.environ['AIL_BIN'])
##################################
@@ -669,7 +669,7 @@ def retro_hunt_resume_task():
@hunters.route('/retro_hunt/task/delete', methods=['GET'])
@login_required
-@login_coordinator
+@login_org_admin
def retro_hunt_delete_task():
user_org = current_user.get_org()
user_id = current_user.get_id()
diff --git a/var/www/blueprints/import_export.py b/var/www/blueprints/import_export.py
index a26d636d..45e44d88 100644
--- a/var/www/blueprints/import_export.py
+++ b/var/www/blueprints/import_export.py
@@ -15,7 +15,7 @@ from flask_login import login_required, current_user
sys.path.append('modules')
# Import Role_Manager
-from Role_Manager import login_admin, login_coordinator, login_read_only, login_user_no_api
+from Role_Manager import login_admin, login_org_admin, login_read_only, login_user_no_api
sys.path.append(os.environ['AIL_BIN'])
##################################
@@ -216,7 +216,7 @@ def delete_object_id_to_export():
@import_export.route("/investigation/misp/export", methods=['GET'])
@login_required
-@login_coordinator
+@login_org_admin
def export_investigation():
investigation_uuid = request.args.get("uuid")
investigation = Investigation(investigation_uuid)
diff --git a/var/www/blueprints/settings_b.py b/var/www/blueprints/settings_b.py
index 5059df50..5f1b6d2c 100644
--- a/var/www/blueprints/settings_b.py
+++ b/var/www/blueprints/settings_b.py
@@ -318,6 +318,18 @@ def organisations_list():
meta = ail_orgs.api_get_orgs_meta()
return render_template("orgs_list.html", meta=meta, acl_admin=True)
+@settings_b.route("/settings/organisation", methods=['GET'])
+@login_required
+@login_admin
+def organisation():
+ org_uuid = request.args.get('uuid')
+ meta, r = ail_orgs.api_get_org_meta(org_uuid)
+ if r != 200:
+ return create_json_response(meta, r)
+ if 'users' in meta:
+ meta['users'] = ail_users.get_users_meta(meta['users'])
+ return render_template("view_organisation.html", meta=meta, acl_admin=True)
+
@settings_b.route("/settings/create_organisation", methods=['GET'])
@login_required
@login_admin
diff --git a/var/www/modules/Role_Manager.py b/var/www/modules/Role_Manager.py
index 138e7bcb..835fff1a 100644
--- a/var/www/modules/Role_Manager.py
+++ b/var/www/modules/Role_Manager.py
@@ -41,12 +41,12 @@ def login_admin(func):
return func(*args, **kwargs)
return decorated_view
-def login_coordinator(func):
+def login_org_admin(func):
@wraps(func)
def decorated_view(*args, **kwargs):
if not current_user.is_authenticated:
return login_manager.unauthorized()
- elif not current_user.is_in_role('coordinator'):
+ elif not current_user.is_in_role('org_admin'):
return login_manager.unauthorized()
return func(*args, **kwargs)
return decorated_view
diff --git a/var/www/templates/settings/orgs_list.html b/var/www/templates/settings/orgs_list.html
index bae806bf..a5cddfc5 100644
--- a/var/www/templates/settings/orgs_list.html
+++ b/var/www/templates/settings/orgs_list.html
@@ -42,7 +42,7 @@
{% for org in meta['orgs'] %}
{{org['name']}} |
- {{org['uuid']}} |
+ {{ org['uuid'] }} |
{{org['description']}} |
{% if org['date_created'] %}
diff --git a/var/www/templates/settings/view_organisation.html b/var/www/templates/settings/view_organisation.html
new file mode 100644
index 00000000..72af1e3f
--- /dev/null
+++ b/var/www/templates/settings/view_organisation.html
@@ -0,0 +1,147 @@
+
+
+
+
+ AIL-Framework
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ {% include 'nav_bar.html' %}
+
+
+
+
+ {% include 'sidebars/sidebar_objects.html' %}
+
+
+
+
+
+
+
+
+
+
+
+
+ UUID |
+ {{meta['uuid']}} |
+
+
+ Creator |
+ {{meta['creator']}} |
+
+
+ Date |
+ {{meta['date_created']}} |
+
+
+ NB Users |
+
+ {{ meta['nb_users'] }}
+ |
+
+
+ Tags |
+
+ {% for tag in meta['tags'] %}
+ {{ tag }}
+ {% endfor %}
+ |
+
+
+ Description |
+ {{meta['descriptions']}} |
+
+
+
+
+
+
+
+
+
+
+
+ Users
+
+
+
+
+ User |
+ Role |
+ |
+
+
+
+ {% for user in meta['users'] %}
+
+
+ {{ user['id'] }}
+ |
+
+ {{ user['role'] }}
+ |
+
+{# #}
+{# #}
+{# #}
+ |
+
+ {% endfor %}
+
+
+
+
+
+
+
+
+
+
+
+
|