Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API Spec: identify endpoints and projections that are valid only for elevated requests (ie. Collections projection for GET user-groups) #1473

Open
Tracked by #1289
Matte22 opened this issue Jan 14, 2025 · 0 comments
Open
Tracked by #1289

API Spec: identify endpoints and projections that are valid only for elevated requests (ie. Collections projection for GET user-groups) #1473

Matte22 opened this issue Jan 14, 2025 · 0 comments
Labels
API OAS

Comments

@Matte22
Copy link
Collaborator

Matte22 commented Jan 14, 2025
edited by cd-rite
Loading

The following endpoints require elevation to be used under any circumstances:

  • createUser
  • getUserByUserId
  • updateUser
  • replaceUser
  • deleteUser
  • createUserGroup
  • patchUserGroup
  • putUserGroup
  • deleteUserGroup
  • importBenchmark
  • deleteRevisionByString
  • deleteStigById
  • getUsers: Requires elevation to use any projections.
  • getUserGroups: Elevation required for "collections" projection.
  • getUserGroup: Elevation required for "collections" projection.

Notes about how elevation effects other endpoints (please dont take this as 100% correct):

  1. getCollections

    • "statistics" projection: Response data changes, object is the same.
    • output varies depending on elevation.

  2. createCollection

    • Requires elevation if the user lacks the create_collection privilege.

  3. getCollection

    • Projections whos output is affected by elevation:
      • "statistics"
      • "assets"
      • "stigs"
      • "labels"

  4. updateCollection

    • Requires elevation for:
      • Modifying owner grants.
      • same rules for projections as getCollection

  5. replaceCollection

    • Same elevation requirements as updateCollection.
    • same rules for projections as getCollection

  6. deleteCollection

    • Elevation affects functionality in the same way as getCollection.

  7. getGrantsByCollection

    • Requires elevation for users with access level < 3.

  8. postGrantsByCollection

    • Requires elevation for users with access level < 3.
    • Requires elevation and level 4 access to create level 4 grants.

  9. getGrantByCollectionGrant

    • Requires elevation for users with access level < 3.

  10. putGrantByCollectionGrant

    • Requires elevation for users with access level < 3.
    • Requires elevation and level 4 access to modify level 4 grants.

  11. deleteGrantByCollectionGrant

    • Requires elevation for users with access level < 3.
    • Requires elevation and level 4 access to remove level 4 grants.

  12. getSTIGs

    • Elevation alters the output.

  13. getStigById

    • Elevation alters the output.

  14. getRevisionsByBenchmarkId

    • Elevation alters the output.

  15. getRevisionByString

    • Elevation alters the output.

These endpoints specify elevate as a parameter in the OAS, but elevate is ignored in implementation. They require level 3 or 4 access though it is an option in the api:

  • getCollectionMetadata
  • patchCollectionMetadata
  • putCollectionMetadata
  • getCollectionMetadataKeys
  • getCollectionMetadataValue
  • putCollectionMetadataValue
  • deleteCollectionMetadataKey
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
API OAS
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cd-rite @Matte22