Hello,
it seems that there is discrepancy between rules returned via /api/v3/rules API endpoint and rules visible in the UI.
It seem like it is caused by additional filtering done in the API endpoint in
|
rules4 = validators.filter_rules_in_network(net_ranges, rules4) |
|
rules6 = validators.filter_rules_in_network(net_ranges, rules6) |
|
rules_rtbh = validators.filter_rtbh_rules(net_ranges, rules_rtbh) |
which completely filters out rules that do not belong to any subnet owned by the organization.
In comparison, fetching via UI does not filter out these rules but only splits them to "read-only" and "editable".
|
if rtype == "rtbh": |
|
rules_editable, read_only_rules = validators.split_rtbh_rules_for_user(net_ranges, rules) |
|
else: |
|
user_rules, read_only_rules = validators.split_rules_for_user(net_ranges, rules) |
|
user_actions = models.get_user_actions(session["user_role_ids"]) |
|
user_actions = [act[0] for act in user_actions] |
|
rules_editable, rules_visible = flowspec.filter_rules_action(user_actions, user_rules) |
|
read_only_rules = read_only_rules + rules_visible |
Is there any reason why this discrepancy exist? I believe it should be consistent.
Hello,
it seems that there is discrepancy between rules returned via
/api/v3/rulesAPI endpoint and rules visible in the UI.It seem like it is caused by additional filtering done in the API endpoint in
exafs/flowapp/views/api_common.py
Lines 141 to 143 in 82e5e38
which completely filters out rules that do not belong to any subnet owned by the organization.
In comparison, fetching via UI does not filter out these rules but only splits them to "read-only" and "editable".
exafs/flowapp/views/dashboard.py
Lines 491 to 498 in 82e5e38
Is there any reason why this discrepancy exist? I believe it should be consistent.