private function checkPermissions($assessmentRun)
{
$tool = Tool::where('tool_uuid', '=', $assessmentRun->tool_uuid)->first();
if ($tool->policy_code) {
$user = User::getIndex(Session::get('user_uid'));
switch ($tool->policy_code) {
case 'parasoft-user-c-test-policy':
case 'parasoft-user-j-test-policy':
$permission = Permission::where('policy_code', '=', $tool->policy_code)->first();
$project = Project::where('project_uid', '=', $assessmentRun->project_uuid)->first();
$projectOwner = $project->owner;
if (!$permission || !$project || !$projectOwner) {
return Response::json(array('status' => 'error'), 404);
}
$userPermission = UserPermission::where('permission_code', '=', $permission->permission_code)->where('user_uid', '=', $projectOwner['user_uid'])->first();
$userPermissionProject = UserPermissionProject::where('user_permission_uid', '=', $userPermission->user_permission_uid)->where('project_uid', '=', $project->project_uid)->first();
// if the permission doesn't exist or isn't valid, return error
//
if (!$userPermission) {
return Response::json(array('status' => 'owner_no_permission', 'project_name' => $project->full_name, 'tool_name' => $tool->name), 404);
}
if ($userPermission->status !== 'granted') {
return Response::json(array('status' => 'owner_no_permission', 'project_name' => $project->full_name, 'tool_name' => $tool->name), 401);
}
// if the project hasn't been designated, return error
//
if (!$userPermissionProject) {
return Response::json(array('status' => 'no_project', 'project_name' => $project->full_name, 'tool_name' => $tool->name), 404);
}
$userPolicy = UserPolicy::where('policy_code', '=', $tool->policy_code)->where('user_uid', '=', $user->user_uid)->first();
// if the policy hasn't been accepted, return error
//
$policyResponse = Response::json(array('status' => 'no_policy', 'policy' => $tool->policy, 'policy_code' => $tool->policy_code, 'tool' => $tool), 404);
if ($userPolicy) {
if ($userPolicy->accept_flag != '1') {
return $policyResponse;
}
} else {
return $policyResponse;
}
break;
default:
break;
}
}
return true;
}
public function setPermissions($userUid)
{
// Lookup relevant data
//
$active_user = User::getIndex(Session::get('user_uid'));
if (!$active_user->isAdmin()) {
return Response::make('Non administrators may not alter permissions!', 401);
}
$user = User::getIndex($userUid);
$permissions = Permission::all();
$user_permissions = UserPermission::where('user_uid', '=', $userUid)->get();
// Requests for permissions the user already owns or do not exist should flag an error
//
$valid_permissions = [];
foreach ($permissions as $p) {
$valid_permissions[] = $p->permission_code;
}
if (!in_array(Input::get('permission_code'), $valid_permissions)) {
return Response::make('Invalid permission code detected.', 500);
}
$record = false;
foreach ($user_permissions as $up) {
if ($up->permission_code == Input::get('permission_code')) {
$record = $up;
break;
}
}
// an existing entry did for the permission did not exist for the user
//
if (Input::has('status')) {
if (!$record) {
$record = new UserPermission(array('user_permission_uid' => GUID::create(), 'user_uid' => $userUid, 'permission_code' => Input::get('permission_code'), 'request_date' => gmdate('Y-m-d H:i:s'), 'update_date' => gmdate('Y-m-d H:i:s'), 'admin_comment' => Input::get('comment')));
// we found an existing entry and update the information
} else {
$record->request_date = gmdate('Y-m-d H:i:s');
$record->delete_date = null;
$record->admin_comment = Input::get('comment');
}
// status application
switch (Input::get('status')) {
case 'revoked':
$record->delete_date = gmdate('Y-m-d H:i:s');
$record->expiration_date = null;
$record->grant_date = null;
$record->denial_date = null;
break;
case 'denied':
$record->delete_date = null;
$record->expiration_date = null;
$record->grant_date = null;
$record->denial_date = gmdate('Y-m-d H:i:s');
break;
case 'granted':
$record->delete_date = null;
$record->expiration_date = gmdate('Y-m-d H:i:s', time() + 60 * 60 * 24 * 365);
$record->grant_date = gmdate('Y-m-d H:i:s');
$record->denial_date = null;
break;
case 'expired':
$record->expiration_date = gmdate('Y-m-d H:i:s', time() - 60);
$record->denial_date = null;
break;
case 'pending':
$record->delete_date = null;
$record->expiration_date = null;
$record->grant_date = null;
$record->denial_date = null;
$record->request_date = gmdate('Y-m-d H:i:s');
break;
}
// status application
//
$record->save();
}
if ($user && $user->email && $user->getFullName()) {
$cfg = array('url' => Config::get('app.cors_url') ?: '', 'user' => $user, 'comment' => Input::get('comment'));
Mail::send('emails.permission-reviewed', $cfg, function ($message) use($user) {
$message->to($user->email, $user->getFullName());
$message->subject('SWAMP Permission Request');
});
}
}
public function getParasoftPermissionStatus($package, $project, $user)
{
// No project provided
//
if (!$project) {
return Response::json(array('status' => 'no_project'), 404);
}
// Current user is the project owner
//
if ($user->user_uid === $project->owner['user_uid']) {
$permission_code = $this->getParasoftPermissionCode();
// check for parasoft c test permission
//
$up = UserPermission::where('user_uid', '=', $user->user_uid)->where('permission_code', '=', $permission_code)->first();
// user has permission
//
if ($up && $up->status === 'granted') {
// user parasoft permission is bound to this project
//
if (UserPermissionProject::where('user_permission_uid', '=', $up->user_permission_uid)->where('project_uid', '=', $project->project_uid)->first()) {
$permission = Permission::where('permission_code', '=', $permission_code)->first();
if (UserPolicy::where('user_uid', '=', $user->user_uid)->where('policy_code', '=', $permission->policy_code)->where('accept_flag', '=', 1)->first()) {
return Response::json(array('status' => 'granted', 'user_permission_uid' => $up->user_permission_uid), 200);
} else {
return Response::json(array('status' => 'no_user_policy', 'policy' => $permission->policy, 'policy_code' => $permission->policy_code), 404);
}
} else {
// not bound, trigger user prompt on front end
//
return Response::json(array('status' => 'project_unbound', 'user_permission_uid' => $up->user_permission_uid), 404);
}
// user does not have permission
//
} else {
return Response::json(array('status' => 'no_permission'), 401);
}
// current user is not the project owner
//
} else {
// check that current user is a project member
//
$pm = ProjectMembership::where('user_uid', '=', $user->user_uid)->where('project_uid', '=', $project->project_uid)->first();
if (!$pm) {
return Response::json(array('status' => 'no_project_membership'), 401);
}
// c test
//
$permission_code = $this->getParasoftPermissionCode();
// check for parasoft c test permission
//
$op = UserPermission::where('user_uid', '=', $project->owner['user_uid'])->where('permission_code', '=', $permission_code)->first();
// owner has permission
//
if ($op && $op->status === 'granted') {
// user parasoft permission is bound to this project
//
if (UserPermissionProject::where('user_permission_uid', '=', $op->user_permission_uid)->where('project_uid', '=', $project->project_uid)->first()) {
$permission = Permission::where('permission_code', '=', $permission_code)->first();
if (UserPolicy::where('user_uid', '=', $user->user_uid)->where('policy_code', '=', $permission->policy_code)->where('accept_flag', '=', 1)->first()) {
return Response::json(array('status' => 'granted', 'user_permission_uid' => $op->user_permission_uid), 200);
} else {
return Response::json(array('status' => 'no_user_policy', 'policy' => $permission->policy, 'policy_code' => $permission->policy_code), 404);
}
} else {
// not bound, trigger user prompt on front end
//
return Response::json(array('status' => 'member_project_unbound'), 404);
}
// owner does not have permission
//
} else {
return Response::json(array('status' => 'owner_no_permission'), 401);
}
}
}