[FR] Architecture improvements - Githubissues

dfir-iris / iris-web

Collaborative Incident Response platform

GNU Lesser General Public License v3.0

1.02k stars 158 forks source link

[FR] Architecture improvements #516

Open Elise17 opened 1 month ago

Elise17 commented 1 month ago

This issue is about the future improvements to be made on the architecture.

Raise the permissions checks present in the layer business to graphql, to avoid it being executed twice in layer rest.
Create architecture.md at the root level and start to give import that we can execute by layer :
- blueprints : conversion from the public API to business objects (REST, GraphQL, flask templates)
- business : work in memory with business objects (should not have adhesion with app.model, should not have adhesion with db from app )
- datamgmt : persistence, adhesion with the database
Add a new rule in coding style sheet : "Function names should be prefixed by the module name they belong to, example: iocs_create_instead of create" and apply the rule in the business layer

c8y3 commented 1 month ago

I believe the business layer should be able to import from app.models (if only to type the methods arguments). The business layer should not concern itself with persistence details, but still manipulates business objects which are described in app.models.

c8y3 commented 1 month ago

An alternative to moving up permissions checks from the business layer into the blueprint layer, would be to have them only in the business layer (that is remove checks that are performed in the REST endpoints annotations) If graphQL is there to stay, then that would probably be a preferable alternative, since otherwise we are coding the same checks, but in different ways (annotations for the REST endpoints and calls for the graphQL queries)

c8y3 commented 1 month ago

We should add issues to clean up the forbidden imports described in the architecture.md file and currently in violation.

c8y3 commented 1 month ago

Should from app.schema.marshables imports be forbidden from the persistence layer (datamgmt)?

c8y3 commented 1 month ago

We should really rename app.datamgmt into app.persistence: it clearer.

c8y3 commented 1 month ago

Moving up permissions_check_current_user_has_some_case_access_stricter ended up into into endpoints /case/report/generate-activities/ and /case/report/generate-investigation/. Shouldn't these endpoints rather be annotated with @ac_api_case_requires(CaseAccessLevel.read_only, CaseAccessLevel.full_access)?

c8y3 commented 1 month ago

Should permissions and PermissionDeniedError be moved up into the blueprint namespace?