BED-5973: updating inaccurate documentation

[irshadaj]

Description

Describe your changes in detail

Motivation and Context

Resolves BED-5973

Documentation listed this as a PUT endpoint, it should be a GET

How Has This Been Tested?

Observed on test in RC4 v8.0.0:

Tested locally after the fix:

Types of changes

• Chore (a change that does not modify the application functionality)
• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Database Migrations

Checklist:

• I have met the contributing prerequisites
  • Assigned myself to this PR
  • Added the appropriate labels
  • Associated an issue: Issues and Pull Requests README #672
  • Read the Contributing guide: https://github.com/SpecterOps/BloodHound/wiki/Contributing
• I have ensured that related documentation is up-to-date
  • Open API docs
  • Code comments (GoDocs / JSDocs)
• I have followed proper test practices
  • Added/updated tests to cover my changes
  • All new and existing tests passed

Summary by CodeRabbit

• New Features

  • Added support for ACL inheritance exploration in the graph UI, including a dedicated panel to display inherited Access Control Entries (ACEs).
  • Introduced a new "Read-Only DC" property for Active Directory entities.
  • Enhanced table view in graph exploration with improved column management, sorting, and data cell rendering.

• Improvements

  • Updated help text for several abuse scenarios, clarifying GPO-based attack vectors and prerequisites.
  • Refined logic for parent node discovery and relationship handling in Active Directory graphs.
  • UI enhancements for table controls, layout selection, and feature flag handling.

• Bug Fixes

  • Fixed issues with query parameter validation and improved error handling for graph exploration features.

• Removals

  • Removed legacy GPO application logic and related test harnesses.
  • Deleted obsolete or redundant help text components and edge info panels for certain relationship types.

• Tests

  • Added and updated tests for new table features, ACL inheritance, and sorting logic.

• Chores

  • Updated dependencies and internal settings for improved development experience.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

This change set removes the GPO post-processing logic and related edge types (GPOAppliesTo, CanApplyGPO, PropagatesACEsTo, ContainsIdentity) from both backend and frontend, including code, tests, database migrations, and UI help texts. It also introduces the IsReadOnlyDC property to Active Directory schemas and updates various UI components and test data, while refactoring table and graph exploration features.

Changes

File(s) / Path(s)	Change Summary
cmd/api/src/analysis/ad/ad_integration_test.go, cmd/api/src/analysis/ad/post.go, cmd/api/src/test/integration/harnesses.go, cmd/api/src/test/integration/harnesses/CanApplyGPOHarness.json, cmd/api/src/test/integration/harnesses/GPOAppliesToHarness.json, packages/go/analysis/ad/gpos.go, packages/go/analysis/ad/ad.go, packages/go/analysis/ad/queries.go	Removed GPO post-processing logic, related tests, test harnesses, and edge composition handling for GPOAppliesTo/CanApplyGPO.
packages/javascript/bh-shared-ui/src/components/HelpTexts/CanApplyGPO/*, packages/javascript/bh-shared-ui/src/components/HelpTexts/ContainsIdentity/*, packages/javascript/bh-shared-ui/src/components/HelpTexts/GPOAppliesTo/*, packages/javascript/bh-shared-ui/src/components/HelpTexts/PropagatesACEsTo/*	Deleted all help text components for removed edge types.
packages/javascript/bh-shared-ui/src/components/HelpTexts/index.tsx, packages/javascript/bh-shared-ui/src/edgeTypes.tsx	Removed references to deleted edge types and help texts from UI.
cmd/api/src/daemons/datapipe/agt.go, cmd/api/src/daemons/datapipe/agt_test.go	Refactored parent node traversal logic to use Contains and GPLink relationships instead of removed edge types; updated tests accordingly.
cmd/api/src/database/migration/migrations/v7.4.0.sql, cmd/api/src/database/migration/migrations/v8.0.0.sql	Removed/added asset group tag selectors for "Incoming Forest Trust Builders"; added new columns and feature flags.
packages/go/ein/ad.go, packages/go/ein/ad_test.go, packages/go/ein/incoming_models.go, packages/go/graphschema/ad/ad.go, packages/cue/bh/ad/ad.cue, packages/javascript/bh-shared-ui/src/graphSchema.ts	Added IsReadOnlyDC property to AD schema, models, and tests; refactored container relationship parsing.
cmd/api/src/services/graphify/convertors.go	Refactored logic for container relationship parsing and group misc data handling.
cmd/api/src/auth/role.go	Added AppReadApplicationConfiguration permission to RolePowerUser.
cmd/ui/src/components/SigmaChart/SigmaChart.tsx, cmd/ui/src/hooks/useSigmaExploreGraph/useSigmaExploreGraph.tsx, cmd/ui/src/store.ts, cmd/ui/src/views/Explore/GraphView.test.tsx, cmd/ui/src/views/Explore/GraphView.tsx, cmd/ui/src/views/Explore/graph-view-test-data.ts	Enhanced graph/table exploration logic, added test IDs, updated hooks, and added test data.
packages/javascript/bh-shared-ui/src/components/ExploreTable/*, packages/javascript/bh-shared-ui/src/hooks/useExploreTableAutoDisplay/*, packages/javascript/bh-shared-ui/src/hooks/useExploreGraph/queries/*, packages/javascript/bh-shared-ui/src/hooks/useExploreGraph/useExploreGraph.tsx, packages/javascript/bh-shared-ui/src/hooks/useExploreParams/useExploreParams.tsx	Refactored table logic, sorting, and columns; added ACL inheritance support; updated hooks and query logic.
packages/javascript/bh-shared-ui/src/components/HelpTexts/GPLink/*, packages/javascript/bh-shared-ui/src/components/HelpTexts/WriteGPLink/*, packages/javascript/bh-shared-ui/src/components/HelpTexts/GenericAll/*, packages/javascript/bh-shared-ui/src/components/HelpTexts/GenericWrite/*, packages/javascript/bh-shared-ui/src/components/HelpTexts/Owns/*, packages/javascript/bh-shared-ui/src/components/HelpTexts/WriteDacl/*, packages/javascript/bh-shared-ui/src/components/HelpTexts/WriteOwner/*	Updated, consolidated, and expanded abuse help texts for remaining edge types, especially for GPO-related abuse scenarios.
packages/go/lab/arrows/graph.go	Stopped lowercasing property keys in property processing.
packages/go/stbernard/command/tag/tag.go, packages/go/stbernard/command/command.go	Added new CLI command for Docker tag printing.
cmd/ui/package.json, packages/javascript/bh-shared-ui/package.json, package.json	Updated dependencies and resolutions.
packages/go/cypher/test/cases/positive_tests.json	Added new Cypher query positive test cases.
Many test and utility files	Added/updated tests for table sorting, column management, ACL inheritance, and edge info.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant UI
    participant API
    participant DB

    User->>UI: Initiates graph/table view (cypher or ACL inheritance)
    UI->>API: Requests graph data (cypher or ACL inheritance)
    API->>DB: Queries for nodes/edges (uses Contains/GPLink, not GPOAppliesTo)
    DB-->>API: Returns graph data
    API-->>UI: Sends graph data (with new IsReadOnlyDC property)
    UI->>UI: Renders graph or table view
    UI->>UI: Shows help texts for supported edge types only

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• SpecterOps/BloodHound#1434: Removes the GPO post-processing logic and related edge types, directly undoing features introduced in this PR.
• SpecterOps/BloodHound#1702: Adds the IsReadOnlyDC property to the Active Directory schema, matching the main PR's addition of this property.

Suggested labels

documentation, bug

Poem

In the warren of code, a bunny did hop,
Pruning GPO edges, making old features stop.
New properties bloom—IsReadOnlyDC,
While tables and graphs now render with glee.
With help texts refreshed and tests all anew,
This rabbit says, “Ship it!”—the garden’s in view! 🐇✨

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch 5973_docs

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.