public function deleteIndex($membershipUid)
{
$projectMembership = ProjectMembership::where('membership_uid', '=', $membershipUid)->first();
// get user and project associated with this email
//
$user = User::getIndex($projectMembership->user_uid);
$project = Project::where('project_uid', '=', $projectMembership->project_uid)->first();
// send notification email
//
$data = array('user' => $user, 'project' => $project);
$this->user = $user;
Mail::send('emails.project-membership-deleted', $data, function ($message) {
$message->to($this->user->email, $this->user->getFullName());
$message->subject('SWAMP Project Membership Deleted');
});
$projectMembership->delete();
return $projectMembership;
}
/**
* invitation sending / emailing method
*/
public function send($confirmRoute, $registerRoute)
{
$user = User::getByEmail($this->email);
if ($user != null) {
// send invitation to existing user
//
$data = array('invitation' => $this, 'inviter' => User::getIndex($this->inviter_uid), 'project' => Project::where('project_uid', '=', $this->project_uid)->first(), 'confirm_url' => Config::get('app.cors_url') . '/' . $confirmRoute);
Mail::send('emails.project-invitation', $data, function ($message) {
$message->to($this->email, $this->name);
$message->subject('SWAMP Project Invitation');
});
} else {
// send invitation to new / future user
//
$data = array('invitation' => $this, 'inviter' => User::getIndex($this->inviter_uid), 'project' => Project::where('project_uid', '=', $this->project_uid)->first(), 'confirm_url' => Config::get('app.cors_url') . '/' . $confirmRoute, 'register_url' => Config::get('app.cors_url') . '/' . $registerRoute);
Mail::send('emails.project-new-user-invitation', $data, function ($message) {
$message->to($this->email, $this->name);
$message->subject('SWAMP Project Invitation');
});
}
}
public static function getNumUserProjectEvents($userUid)
{
$num = 0;
// get optional project paramter
//
$projectUid = Input::get('project_uuid');
if ($projectUid != '') {
$project = Project::where('project_uid', '=', $projectUid)->first();
// get events for a specific project
//
$userProjectEventsQuery = $project->getUserEventsQuery();
// apply filters
//
$userProjectEventsQuery = EventDateFilter::apply($userProjectEventsQuery);
$userProjectEventsQuery = LimitFilter::apply($userProjectEventsQuery);
$num = $userProjectEventsQuery->count();
} else {
$userProjectEvents = new Collection();
// collect events of user's projects
//
$user = User::getIndex($userUid);
if ($user) {
$projects = $user->getProjects();
for ($i = 0; $i < sizeOf($projects); $i++) {
if ($projects[$i] != null) {
$userProjectEventsQuery = $projects[$i]->getUserEventsQuery();
// apply filters
//
$userProjectEventsQuery = EventDateFilter::apply($userProjectEventsQuery);
$userProjectEventsQuery = LimitFilter::apply($userProjectEventsQuery);
$num += $userProjectEventsQuery->count();
}
}
}
}
return $num;
}
public function getByProject($projectUuid)
{
if (!strpos($projectUuid, '+')) {
// check for inactive or non-existant project
//
$project = Project::where('project_uid', '=', $projectUuid)->first();
if (!$project || !$project->isActive()) {
return array();
}
// get by a single project
//
$executionRecordsQuery = ExecutionRecord::where('project_uuid', '=', $projectUuid);
// add filters
//
$executionRecordsQuery = DateFilter::apply($executionRecordsQuery);
$executionRecordsQuery = TripletFilter2::apply($executionRecordsQuery, $projectUuid);
} else {
// get by multiple projects
//
$projectUuids = explode('+', $projectUuid);
foreach ($projectUuids as $projectUuid) {
// check for inactive or non-existant project
//
$project = Project::where('project_uid', '=', $projectUuid)->first();
if (!$project || !$project->isActive()) {
continue;
}
if (!isset($executionRecordsQuery)) {
$executionRecordsQuery = ExecutionRecord::where('project_uuid', '=', $projectUuid);
} else {
$executionRecordsQuery = $executionRecordsQuery->orWhere('project_uuid', '=', $projectUuid);
}
// add filters
//
$executionRecordsQuery = DateFilter::apply($executionRecordsQuery);
$executionRecordsQuery = TripletFilter2::apply($executionRecordsQuery, $projectUuid);
}
}
// order results before applying filter
//
$executionRecordsQuery = $executionRecordsQuery->orderBy('create_date', 'DESC');
// add limit filter
//
$executionRecordsQuery = LimitFilter::apply($executionRecordsQuery);
// allow soft delete
//
$executionRecordsQuery = $executionRecordsQuery->whereNull('delete_date');
// execute query
//
return $executionRecordsQuery->get();
}
public function designateProject($userPermissionUid, $projectUid)
{
$up = UserPermission::where('user_permission_uid', '=', $userPermissionUid)->first();
$p = Project::where('project_uid', '=', $projectUid)->first();
$user = User::getIndex(Session::get('user_uid'));
if (!($up && $p && $user)) {
return Response::make('Unable to find permission information.', 404);
}
if (!$user->isAdmin() && $user->user_uid != $p->owner['user_uid']) {
return Response::make('User does not have permission to designate a project.', 401);
}
$upp = new UserPermissionProject(array('user_permission_project_uid' => GUID::create(), 'user_permission_uid' => $userPermissionUid, 'project_uid' => $projectUid));
$upp->save();
return $upp;
}
public function getByProject($projectUuid)
{
if (!strpos($projectUuid, '+')) {
// check for inactive or non-existant project
//
$project = Project::where('project_uid', '=', $projectUuid)->first();
if (!$project || !$project->isActive()) {
return array();
}
// get by a single project
//
$runRequestsQuery = RunRequest::where('project_uuid', '=', $projectUuid);
} else {
// get by multiple projects
//
$projectUuids = explode('+', $projectUuid);
foreach ($projectUuids as $projectUuid) {
// check for inactive or non-existant project
//
$project = Project::where('project_uid', '=', $projectUuid)->first();
if (!$project || !$project->isActive()) {
continue;
}
if (!isset($runRequestsQuery)) {
$runRequestsQuery = RunRequest::where('project_uuid', '=', $projectUuid);
} else {
$runRequestsQuery = $runRequestsQuery->orWhere('project_uuid', '=', $projectUuid);
}
}
}
// add limit filter
//
$runRequestsQuery = LimitFilter::apply($runRequestsQuery);
return $runRequestsQuery->get();
}
private function PDOListProjectByMember()
{
// create stored procedure call
//
$connection = DB::connection('mysql');
$pdo = $connection->getPdo();
$userUuidIn = $this->user_uid;
$stmt = $pdo->prepare("CALL list_projects_by_member(:userUuidIn, @returnString);");
$stmt->bindParam(':userUuidIn', $userUuidIn, PDO::PARAM_STR, 45);
$stmt->execute();
$results = array();
do {
foreach ($stmt->fetchAll(PDO::FETCH_ASSOC) as $row) {
$results[] = $row;
}
} while ($stmt->nextRowset());
$select = $pdo->query('SELECT @returnString;');
$returnString = $select->fetchAll(PDO::FETCH_ASSOC)[0]['@returnString'];
$select->nextRowset();
$projects = new Collection();
if ($returnString == 'SUCCESS') {
foreach ($results as $result) {
$project = Project::where('project_uid', '=', $result['project_uid'])->first();
$projects->push($project);
}
}
return $projects;
}
private function checkPermissions($assessmentRun)
{
// return if no assessment run
//
if (!$assessmentRun) {
return Response::make('approved', 200);
}
$tool = Tool::where('tool_uuid', '=', $assessmentRun->tool_uuid)->first();
// return if no tool
//
if (!$tool) {
return Response::make('approved', 200);
}
if ($tool->policy_code) {
$user = User::getIndex(Session::get('user_uid'));
switch ($tool->policy_code) {
case 'parasoft-user-c-test-policy':
case 'parasoft-user-j-test-policy':
// check for no tool permission
//
$permission = Permission::where('policy_code', '=', $tool->policy_code)->first();
if (!$permission) {
return Response::json(array('status' => 'tool_no_permission'), 404);
}
// check for no project
//
$project = Project::where('project_uid', '=', $assessmentRun->project_uuid)->first();
if (!$project) {
return Response::json(array('status' => 'no_project'), 404);
}
// check for owner permission
//
$owner = User::getIndex($project->project_owner_uid);
$userPermission = UserPermission::where('permission_code', '=', $permission->permission_code)->where('user_uid', '=', $owner->user_uid)->first();
$userPermissionProject = UserPermissionProject::where('user_permission_uid', '=', $userPermission->user_permission_uid)->where('project_uid', '=', $assessmentRun->project_uuid)->first();
// if the permission doesn't exist or isn't valid, return error
//
if (!$userPermission) {
return Response::json(array('status' => 'owner_no_permission', 'project_name' => $project->full_name, 'tool_name' => $tool->name), 404);
}
if ($userPermission->status !== 'granted') {
return Response::json(array('status' => 'owner_no_permission', 'project_name' => $project->full_name, 'tool_name' => $tool->name), 401);
}
// if the project hasn't been designated
//
if (!$userPermissionProject) {
return Response::json(array('status' => 'no_project', 'project_name' => $project->full_name, 'tool_name' => $tool->name), 404);
}
$userPolicy = UserPolicy::where('policy_code', '=', $tool->policy_code)->where('user_uid', '=', $user->user_uid)->first();
// if the policy hasn't been accepted, return error
//
$policyResponse = Response::json(array('status' => 'no_policy', 'policy' => $tool->policy, 'policy_code' => $tool->policy_code, 'tool' => $tool), 404);
if ($userPolicy) {
if ($userPolicy->accept_flag != '1') {
return $policyResponse;
}
} else {
return $policyResponse;
}
break;
default:
break;
}
}
return true;
}
public function getToolPermissionStatus($toolUuid)
{
$tool = Tool::where('tool_uuid', '=', $toolUuid)->first();
$package = Input::has('package_uuid') ? Package::where('package_uuid', '=', Input::get('package_uuid'))->first() : null;
$project = Input::has('project_uid') ? Project::where('project_uid', '=', Input::get('project_uid'))->first() : null;
$user = Input::has('user_uid') ? User::getIndex(Input::get('user_uid')) : User::getIndex(Session::get('user_uid'));
// Parasoft tool
//
if ($tool->isParasoftTool()) {
return $tool->getParasoftPermissionStatus($package, $project, $user);
}
return Response::json(array('success', true));
}
public function getEvents($projectUid)
{
$project = Project::where('project_uid', '=', $projectUid)->first();
return $project->getEvents();
}
public function project()
{
return Project::where('project_uuid', '=', $this->project_uuid)->first();
}
public function getQueryByProject($projectUuid)
{
if (!strpos($projectUuid, '+')) {
// check for inactive or non-existant project
//
$project = Project::where('project_uid', '=', $projectUuid)->first();
if (!$project || !$project->isActive()) {
return AssessmentRun::getQuery();
}
// get by a single project
//
$assessmentRunsQuery = AssessmentRun::where('project_uuid', '=', $projectUuid);
// add filters
//
$assessmentRunsQuery = TripletFilter::apply($assessmentRunsQuery, $projectUuid);
} else {
// get by multiple projects
//
$projectUuids = explode('+', $projectUuid);
foreach ($projectUuids as $projectUuid) {
// check for inactive or non-existant project
//
$project = Project::where('project_uid', '=', $projectUuid)->first();
if (!$project || !$project->isActive()) {
continue;
}
if (!isset($assessmentRunsQuery)) {
$assessmentRunsQuery = AssessmentRun::where('project_uuid', '=', $projectUuid);
} else {
$assessmentRunsQuery = $assessmentRunsQuery->orWhere('project_uuid', '=', $projectUuid);
}
// add filters
//
$assessmentRunsQuery = TripletFilter::apply($assessmentRunsQuery, $projectUuid);
}
}
return $assessmentRunsQuery;
}
*/
Route::filter('filter_project_invitations', function ($route, $request) {
switch (FiltersHelper::method()) {
case 'get':
case 'put':
case 'delete':
break;
case 'post':
$user = User::getIndex(Session::get('user_uid'));
if (!$user || !$request->input('project_uid')) {
return Response::make('Unable to change project membership. Insufficient privilages.', 401);
}
if (!$user->isAdmin() && !$user->isProjectAdmin($request->input('project_uid'))) {
return Response::make('Unable to change project membership. Insufficient privilages.', 401);
}
$project = Project::where('project_uid', '=', $request->input('project_uid'))->first();
if ($project->trial_project_flag) {
return Response::make('Unable to change project membership. Insufficient privilages.', 401);
}
break;
}
});
Route::when('invitations*', 'filter_project_invitations');
/**
* Validation of restricted domain paths.
*/
Route::filter('filter_restricted_domains', function ($route, $request) {
switch (FiltersHelper::method()) {
case 'post':
case 'put':
case 'delete':
