public function markAcceptance($policyCode, $userUid)
 {
     // get inputs
     //
     $policy = Policy::where('policy_code', '=', $policyCode)->first();
     $user = User::getIndex($userUid);
     $acceptFlag = Input::has('accept_flag');
     // check inputs
     //
     if (!$user || !$policy || !$acceptFlag) {
         return Response::make('Invalid input.', 404);
     }
     // check privileges
     //
     if (!$user->isAdmin() && $user->user_uid != Session::get('user_uid')) {
         return Response::make('Insufficient privileges to mark policy acceptance.', 401);
     }
     // get or create new user policy
     //
     $userPolicy = UserPolicy::where('user_uid', '=', $userUid)->where('policy_code', '=', $policyCode)->first();
     if (!$userPolicy) {
         $userPolicy = new UserPolicy(array('user_policy_uid' => GUID::create(), 'user_uid' => $userUid, 'policy_code' => $policyCode));
     }
     $userPolicy->accept_flag = $acceptFlag;
     $userPolicy->save();
     return $userPolicy;
 }
 private function checkPermissions($assessmentRun)
 {
     $tool = Tool::where('tool_uuid', '=', $assessmentRun->tool_uuid)->first();
     if ($tool->policy_code) {
         $user = User::getIndex(Session::get('user_uid'));
         switch ($tool->policy_code) {
             case 'parasoft-user-c-test-policy':
             case 'parasoft-user-j-test-policy':
                 $permission = Permission::where('policy_code', '=', $tool->policy_code)->first();
                 $project = Project::where('project_uid', '=', $assessmentRun->project_uuid)->first();
                 $projectOwner = $project->owner;
                 if (!$permission || !$project || !$projectOwner) {
                     return Response::json(array('status' => 'error'), 404);
                 }
                 $userPermission = UserPermission::where('permission_code', '=', $permission->permission_code)->where('user_uid', '=', $projectOwner['user_uid'])->first();
                 $userPermissionProject = UserPermissionProject::where('user_permission_uid', '=', $userPermission->user_permission_uid)->where('project_uid', '=', $project->project_uid)->first();
                 // if the permission doesn't exist or isn't valid, return error
                 //
                 if (!$userPermission) {
                     return Response::json(array('status' => 'owner_no_permission', 'project_name' => $project->full_name, 'tool_name' => $tool->name), 404);
                 }
                 if ($userPermission->status !== 'granted') {
                     return Response::json(array('status' => 'owner_no_permission', 'project_name' => $project->full_name, 'tool_name' => $tool->name), 401);
                 }
                 // if the project hasn't been designated, return error
                 //
                 if (!$userPermissionProject) {
                     return Response::json(array('status' => 'no_project', 'project_name' => $project->full_name, 'tool_name' => $tool->name), 404);
                 }
                 $userPolicy = UserPolicy::where('policy_code', '=', $tool->policy_code)->where('user_uid', '=', $user->user_uid)->first();
                 // if the policy hasn't been accepted, return error
                 //
                 $policyResponse = Response::json(array('status' => 'no_policy', 'policy' => $tool->policy, 'policy_code' => $tool->policy_code, 'tool' => $tool), 404);
                 if ($userPolicy) {
                     if ($userPolicy->accept_flag != '1') {
                         return $policyResponse;
                     }
                 } else {
                     return $policyResponse;
                 }
                 break;
             default:
                 break;
         }
     }
     return true;
 }
 public function requestPermissions($userUid)
 {
     // Lookup relevant data
     //
     $active_user = User::getIndex(Session::get('user_uid'));
     $user = User::getIndex($userUid);
     $permissions = Permission::all();
     $user_permissions = UserPermission::where('user_uid', '=', $userUid)->get();
     // Permission classification holders
     //
     $new_permissions = array();
     $updated_permissions = array();
     // Requests for permissions the user already owns or do not exist should flag an error
     //
     $valid_permissions = [];
     foreach ($permissions as $p) {
         $valid_permissions[] = $p->permission_code;
     }
     if (!in_array(Input::get('permission_code'), $valid_permissions)) {
         return Response::make('Invalid permission code detected.', 500);
     }
     $record = false;
     foreach ($user_permissions as $up) {
         if ($up->permission_code == Input::get('permission_code')) {
             $record = $up;
             break;
         }
     }
     // an existing entry did for the permission did not exist for the user
     //
     if (!$record) {
         $record = new UserPermission(array('user_permission_uid' => GUID::create(), 'user_uid' => $userUid, 'permission_code' => Input::get('permission_code'), 'request_date' => gmdate('Y-m-d H:i:s'), 'user_comment' => Input::get('comment')));
         if ($meta = $this->getMetaFields()) {
             $record->meta_information = $meta;
         }
         $record->save();
         $new_permissions[] = Input::get('title');
         // we found an existing entry and update the information
     } else {
         if ($record->status == 'denied') {
             return Response::make('You may not request denied permissions.  Please contact SWAMP support staff if you feel permissions have been denied in error.', 400);
         }
         if ($meta = $this->getMetaFields()) {
             $record->meta_information = $meta;
         }
         $record->request_date = gmdate('Y-m-d H:i:s');
         $record->user_comment = Input::get('comment');
         $record->save();
         $updated_permissions[] = Input::get('title');
     }
     $admins = UserAccount::where('admin_flag', '=', 1)->get();
     foreach ($admins as $admin) {
         $admin = User::getIndex($admin->user_uid);
         if ($admin && $admin->email && $admin->getFullName()) {
             $cfg = array('new_permissions' => $new_permissions, 'updated_permissions' => $updated_permissions, 'url' => Config::get('app.cors_url') ?: '', 'comment' => Input::get('comment'), 'meta_information' => json_decode($record->meta_information, true), 'user' => $user);
             Mail::send('emails.permission-request', $cfg, function ($message) use($admin) {
                 $message->to($admin->email, $admin->getFullName());
                 $message->subject('SWAMP Permission Request');
             });
         }
     }
     // record accepted policy
     $permission = Permission::where('permission_code', '=', Input::get('permission_code'))->first();
     if ($permission->policy_code) {
         $up = UserPolicy::where('user_uid', '=', $user->user_uid)->where('policy_code', '=', $permission->policy_code)->first();
         if (!$up) {
             $up = new UserPolicy(array('user_policy_uid' => GUID::create(), 'user_uid' => $user->user_uid, 'policy_code' => $permission->policy_code));
         }
         $up->accept_flag = 1;
         $up->save();
     }
 }
Example #4
0
 public function getParasoftPermissionStatus($package, $project, $user)
 {
     // No project provided
     //
     if (!$project) {
         return Response::json(array('status' => 'no_project'), 404);
     }
     // Current user is the project owner
     //
     if ($user->user_uid === $project->owner['user_uid']) {
         $permission_code = $this->getParasoftPermissionCode();
         // check for parasoft c test permission
         //
         $up = UserPermission::where('user_uid', '=', $user->user_uid)->where('permission_code', '=', $permission_code)->first();
         // user has permission
         //
         if ($up && $up->status === 'granted') {
             // user parasoft permission is bound to this project
             //
             if (UserPermissionProject::where('user_permission_uid', '=', $up->user_permission_uid)->where('project_uid', '=', $project->project_uid)->first()) {
                 $permission = Permission::where('permission_code', '=', $permission_code)->first();
                 if (UserPolicy::where('user_uid', '=', $user->user_uid)->where('policy_code', '=', $permission->policy_code)->where('accept_flag', '=', 1)->first()) {
                     return Response::json(array('status' => 'granted', 'user_permission_uid' => $up->user_permission_uid), 200);
                 } else {
                     return Response::json(array('status' => 'no_user_policy', 'policy' => $permission->policy, 'policy_code' => $permission->policy_code), 404);
                 }
             } else {
                 // not bound, trigger user prompt on front end
                 //
                 return Response::json(array('status' => 'project_unbound', 'user_permission_uid' => $up->user_permission_uid), 404);
             }
             // user does not have permission
             //
         } else {
             return Response::json(array('status' => 'no_permission'), 401);
         }
         // current user is not the project owner
         //
     } else {
         // check that current user is a project member
         //
         $pm = ProjectMembership::where('user_uid', '=', $user->user_uid)->where('project_uid', '=', $project->project_uid)->first();
         if (!$pm) {
             return Response::json(array('status' => 'no_project_membership'), 401);
         }
         // c test
         //
         $permission_code = $this->getParasoftPermissionCode();
         // check for parasoft c test permission
         //
         $op = UserPermission::where('user_uid', '=', $project->owner['user_uid'])->where('permission_code', '=', $permission_code)->first();
         // owner has permission
         //
         if ($op && $op->status === 'granted') {
             // user parasoft permission is bound to this project
             //
             if (UserPermissionProject::where('user_permission_uid', '=', $op->user_permission_uid)->where('project_uid', '=', $project->project_uid)->first()) {
                 $permission = Permission::where('permission_code', '=', $permission_code)->first();
                 if (UserPolicy::where('user_uid', '=', $user->user_uid)->where('policy_code', '=', $permission->policy_code)->where('accept_flag', '=', 1)->first()) {
                     return Response::json(array('status' => 'granted', 'user_permission_uid' => $op->user_permission_uid), 200);
                 } else {
                     return Response::json(array('status' => 'no_user_policy', 'policy' => $permission->policy, 'policy_code' => $permission->policy_code), 404);
                 }
             } else {
                 // not bound, trigger user prompt on front end
                 //
                 return Response::json(array('status' => 'member_project_unbound'), 404);
             }
             // owner does not have permission
             //
         } else {
             return Response::json(array('status' => 'owner_no_permission'), 401);
         }
     }
 }