Mark object as TLP:RED for limited sharing (restricted objects)

[psrok1]

Describe the problem

In current sharing model we have everything group with access_all_objects capability and all objects are automatically shared with that group. The main use-case for that feature is to make all objects in MWDB visible for repository owner. That group is created by default in new MWDB installations.

But sometimes we want to share all objects with some other participants as well, but still be able to limit sharing for some objects that are too sensitive to be shared with broader community (e.g. TLP:RED).

Marking object as TLP:RED will turn off all of additional sharing features and will share object during upload only with specified group. No shares will be removed during this operation, so if object was already shared with e.g. public, it won't be unshared during upload operation with tlp:red mark.

Describe the solution you'd like

Initial steps:

• Create additional capability to give chosen users access to that feature e.g. adding_restricted_objects
• Add additional argument in upload form restricted that limits sharing only to the chosen group
• Don't allow to share with * and public when restricted is turned on

Sharing rules:

• If uploaded object already exists in MWDB, just make sure if it's shared with chosen group and do nothing special
• If uploaded object doesn't exist, share only with chosen group excluding access_all_objects groups

The tricky part is with children of restricted objects, because they can be uploaded without restriction options and be added to everything group. But if we're aware of these restriction options, we can upload artifacts from karton restricted by default. Shares to everything and other groups will be inherited in that case. If the only parent is restricted, descendant objects will be restricted as well.

We may also need special option in https://github.com/CERT-Polska/karton-mwdb-reporter to make it fully functional.

In frontend: option should be presented as additional checkbox under Share with. After checking that checkbox, the only possible Share with options should be Single group... and Only me.

So the other things in todo are:

• Support in frontend part
• Documentation
• Automated tests

Describe alternatives you've considered

None

[Repumba]

If I understand correctly - you want to mark some objects as restricted so users who have access to the object won't be able to share it? And only uploader would be able to share it with someone?

If yes:

• Should we allow marking and unmarking objects as restricted after upload?
• How would it work if one sample was uploaded by two different users and one would mark it as restricted and the other one didn't?

Instead of marking objects, I think it would be better to mark shares as restricted. In this scenario we would be able to determine if users access to the object is restricted or not:

• if every share with the user is marked as restricted, the object cannot be shared further
• if at least one share is not marked as restricted, the object can be shared further
  In this scenario the checkbox should be visible when object is being uploaded or shared.