Skip to content

BED-6441 - Adding back Aces to Domain Object Collection #172

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mykeelium merged 1 commit into from
Sep 18, 2025
Merged

BED-6441 - Adding back Aces to Domain Object Collection #172

mykeelium merged 1 commit into from
Sep 18, 2025

Conversation

@mykeelium
Copy link
Contributor

@mykeelium mykeelium commented Sep 11, 2025
edited by coderabbitai bot
Loading

Description

A small fix to add back some logic that was accidentally removed.

Motivation and Context

Resolves BED-6441

How Has This Been Tested?

This has been tested by running collection with the current version, and a build created using this change. The Aces were then collected for domain objects

Screenshots (if appropriate):

image

Types of changes

  • Chore (a change that does not modify the application functionality)
  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • Documentation updates are needed, and have been made accordingly.
  • I have added and/or updated tests to cover my changes.
  • All new and existing tests passed.
  • My changes include a database migration.

Summary by CodeRabbit

  • Bug Fixes
    • Domain items now include their full permission entries, ensuring permission details display accurately.
    • Improves reliability of permission-aware views, audits, and reports by consistently reflecting current access settings.
    • Ownership and inheritance indicators remain unchanged but now align with the populated permission data.

@mykeelium mykeelium self-assigned this Sep 11, 2025
@mykeelium mykeelium added the bug Something isn't working label Sep 11, 2025
@coderabbitai
Copy link

coderabbitai bot commented Sep 11, 2025
edited
Loading

Walkthrough

The Domain object processing now assigns the computed ACE array to the Domain’s Aces property. After collecting ACEs from _aclProcessor.ProcessACL(...).ToArrayAsync(...), the result is stored in ret.Aces. No other control-flow or flag computations were changed.

Changes

Cohort / File(s) Summary
Domain ACL population
src/Runtime/ObjectProcessors.cs		 After obtaining ACEs via _aclProcessor.ProcessACL(...).ToArrayAsync(...), assign the array to ret.Aces. Existing logic for owner-rights checks, inheritance flags, and hashes remains unchanged.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    participant OP as ObjectProcessor
    participant ACL as ACLProcessor
    participant D as Domain

    OP->>ACL: ProcessACL(domainDn, cancellationToken)
    ACL-->>OP: IAsyncEnumerable<ACE>
    OP->>OP: ToArrayAsync(...) → aces[]
    OP->>D: set Aces = aces[]
    note right of D: Existing flag computations remain unchanged\n(e.g., owner rights, inheritance, protection)
Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

Suggested reviewers

  • ktstrader
  • definitelynotagoblin

Poem

I sift through ACEs, hop by hop,
A pocket full of perms I drop.
Domain now keeps the list I found,
Little carrots neatly bound.
With flags unchanged, I thump with glee—
Aces tucked where they should be. 🥕🐇

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
✅ Passed checks (2 passed)
Check name Status Explanation
Title Check ✅ Passed The title "BED-6441 - Adding back Aces to Domain Object Collection" directly and concisely describes the primary change (reintroducing ACE population for domain objects) and is specific enough for a teammate scanning history.
Description Check ✅ Passed The PR description follows the repository template: it includes a Description, Motivation with an issue link, a Testing summary, a screenshot, the Types of changes selection, and a completed checklist, so it is mostly complete and on-topic.
✨ Finishing touches
  • 📝 Generate Docstrings
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch mcuomo/BED-6441

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

  • Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
  • Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@mykeelium mykeelium marked this pull request as ready for review September 16, 2025 18:42
coderabbitai[bot]
coderabbitai bot reviewed Sep 16, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (1)
src/Runtime/ObjectProcessors.cs (1)

493-501: Nit: keep ACL block ordering consistent with other processors

Everywhere else (User/Computer/Group/OU/GPO/Container/CA types) we add the owner-rights booleans first, then assign ret.Aces. Consider reordering for consistency.

 var aces = await _aclProcessor.ProcessACL(resolvedSearchResult, entry, true)
     .ToArrayAsync(cancellationToken: _cancellationToken);
-ret.Aces = aces;
 ret.Properties.Add("doesanyacegrantownerrights", aces.Any(ace => ace.IsPermissionForOwnerRightsSid));
 ret.Properties.Add("doesanyinheritedacegrantownerrights", aces.Any(ace => ace.IsInheritedPermissionForOwnerRightsSid));
+ret.Aces = aces;
 ret.IsACLProtected = _aclProcessor.IsACLProtected(entry);
 ret.Properties.Add("isaclprotected", ret.IsACLProtected);
 ret.InheritanceHashes = _aclProcessor.GetInheritedAceHashes(entry, resolvedSearchResult).ToArray();
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a073f1a and c7a919a.

📒 Files selected for processing (1)
  • src/Runtime/ObjectProcessors.cs (1 hunks)
🔇 Additional comments (1)
src/Runtime/ObjectProcessors.cs (1)

492-501: Domain.Aces assignment restored — good fix

ret.Aces is set for Domain in src/Runtime/ObjectProcessors.cs (~line 495), matching other processors. Confirm the Domain type (likely in SharpHoundCommonLib.OutputTypes) declares an Aces property and that it is included in JSON serialization (check JsonDataWriter.cs and JsonExtensions.cs).

@mykeelium mykeelium merged commit d543995 into 2.X Sep 18, 2025
2 checks passed
@mykeelium mykeelium deleted the mcuomo/BED-6441 branch September 18, 2025 19:13
@github-actions github-actions bot locked and limited conversation to collaborators Sep 18, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@definitelynotagoblin definitelynotagoblin definitelynotagoblin approved these changes

Assignees

@mykeelium mykeelium

Labels

bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mykeelium @definitelynotagoblin