public function markAcceptance($policyCode, $userUid) { // get inputs // $policy = Policy::where('policy_code', '=', $policyCode)->first(); $user = User::getIndex($userUid); $acceptFlag = Input::has('accept_flag'); // check inputs // if (!$user || !$policy || !$acceptFlag) { return Response::make('Invalid input.', 404); } // check privileges // if (!$user->isAdmin() && $user->user_uid != Session::get('user_uid')) { return Response::make('Insufficient privileges to mark policy acceptance.', 401); } // get or create new user policy // $userPolicy = UserPolicy::where('user_uid', '=', $userUid)->where('policy_code', '=', $policyCode)->first(); if (!$userPolicy) { $userPolicy = new UserPolicy(array('user_policy_uid' => GUID::create(), 'user_uid' => $userUid, 'policy_code' => $policyCode)); } $userPolicy->accept_flag = $acceptFlag; $userPolicy->save(); return $userPolicy; }
private function checkPermissions($assessmentRun) { $tool = Tool::where('tool_uuid', '=', $assessmentRun->tool_uuid)->first(); if ($tool->policy_code) { $user = User::getIndex(Session::get('user_uid')); switch ($tool->policy_code) { case 'parasoft-user-c-test-policy': case 'parasoft-user-j-test-policy': $permission = Permission::where('policy_code', '=', $tool->policy_code)->first(); $project = Project::where('project_uid', '=', $assessmentRun->project_uuid)->first(); $projectOwner = $project->owner; if (!$permission || !$project || !$projectOwner) { return Response::json(array('status' => 'error'), 404); } $userPermission = UserPermission::where('permission_code', '=', $permission->permission_code)->where('user_uid', '=', $projectOwner['user_uid'])->first(); $userPermissionProject = UserPermissionProject::where('user_permission_uid', '=', $userPermission->user_permission_uid)->where('project_uid', '=', $project->project_uid)->first(); // if the permission doesn't exist or isn't valid, return error // if (!$userPermission) { return Response::json(array('status' => 'owner_no_permission', 'project_name' => $project->full_name, 'tool_name' => $tool->name), 404); } if ($userPermission->status !== 'granted') { return Response::json(array('status' => 'owner_no_permission', 'project_name' => $project->full_name, 'tool_name' => $tool->name), 401); } // if the project hasn't been designated, return error // if (!$userPermissionProject) { return Response::json(array('status' => 'no_project', 'project_name' => $project->full_name, 'tool_name' => $tool->name), 404); } $userPolicy = UserPolicy::where('policy_code', '=', $tool->policy_code)->where('user_uid', '=', $user->user_uid)->first(); // if the policy hasn't been accepted, return error // $policyResponse = Response::json(array('status' => 'no_policy', 'policy' => $tool->policy, 'policy_code' => $tool->policy_code, 'tool' => $tool), 404); if ($userPolicy) { if ($userPolicy->accept_flag != '1') { return $policyResponse; } } else { return $policyResponse; } break; default: break; } } return true; }
public function requestPermissions($userUid) { // Lookup relevant data // $active_user = User::getIndex(Session::get('user_uid')); $user = User::getIndex($userUid); $permissions = Permission::all(); $user_permissions = UserPermission::where('user_uid', '=', $userUid)->get(); // Permission classification holders // $new_permissions = array(); $updated_permissions = array(); // Requests for permissions the user already owns or do not exist should flag an error // $valid_permissions = []; foreach ($permissions as $p) { $valid_permissions[] = $p->permission_code; } if (!in_array(Input::get('permission_code'), $valid_permissions)) { return Response::make('Invalid permission code detected.', 500); } $record = false; foreach ($user_permissions as $up) { if ($up->permission_code == Input::get('permission_code')) { $record = $up; break; } } // an existing entry did for the permission did not exist for the user // if (!$record) { $record = new UserPermission(array('user_permission_uid' => GUID::create(), 'user_uid' => $userUid, 'permission_code' => Input::get('permission_code'), 'request_date' => gmdate('Y-m-d H:i:s'), 'user_comment' => Input::get('comment'))); if ($meta = $this->getMetaFields()) { $record->meta_information = $meta; } $record->save(); $new_permissions[] = Input::get('title'); // we found an existing entry and update the information } else { if ($record->status == 'denied') { return Response::make('You may not request denied permissions. Please contact SWAMP support staff if you feel permissions have been denied in error.', 400); } if ($meta = $this->getMetaFields()) { $record->meta_information = $meta; } $record->request_date = gmdate('Y-m-d H:i:s'); $record->user_comment = Input::get('comment'); $record->save(); $updated_permissions[] = Input::get('title'); } $admins = UserAccount::where('admin_flag', '=', 1)->get(); foreach ($admins as $admin) { $admin = User::getIndex($admin->user_uid); if ($admin && $admin->email && $admin->getFullName()) { $cfg = array('new_permissions' => $new_permissions, 'updated_permissions' => $updated_permissions, 'url' => Config::get('app.cors_url') ?: '', 'comment' => Input::get('comment'), 'meta_information' => json_decode($record->meta_information, true), 'user' => $user); Mail::send('emails.permission-request', $cfg, function ($message) use($admin) { $message->to($admin->email, $admin->getFullName()); $message->subject('SWAMP Permission Request'); }); } } // record accepted policy $permission = Permission::where('permission_code', '=', Input::get('permission_code'))->first(); if ($permission->policy_code) { $up = UserPolicy::where('user_uid', '=', $user->user_uid)->where('policy_code', '=', $permission->policy_code)->first(); if (!$up) { $up = new UserPolicy(array('user_policy_uid' => GUID::create(), 'user_uid' => $user->user_uid, 'policy_code' => $permission->policy_code)); } $up->accept_flag = 1; $up->save(); } }
public function getParasoftPermissionStatus($package, $project, $user) { // No project provided // if (!$project) { return Response::json(array('status' => 'no_project'), 404); } // Current user is the project owner // if ($user->user_uid === $project->owner['user_uid']) { $permission_code = $this->getParasoftPermissionCode(); // check for parasoft c test permission // $up = UserPermission::where('user_uid', '=', $user->user_uid)->where('permission_code', '=', $permission_code)->first(); // user has permission // if ($up && $up->status === 'granted') { // user parasoft permission is bound to this project // if (UserPermissionProject::where('user_permission_uid', '=', $up->user_permission_uid)->where('project_uid', '=', $project->project_uid)->first()) { $permission = Permission::where('permission_code', '=', $permission_code)->first(); if (UserPolicy::where('user_uid', '=', $user->user_uid)->where('policy_code', '=', $permission->policy_code)->where('accept_flag', '=', 1)->first()) { return Response::json(array('status' => 'granted', 'user_permission_uid' => $up->user_permission_uid), 200); } else { return Response::json(array('status' => 'no_user_policy', 'policy' => $permission->policy, 'policy_code' => $permission->policy_code), 404); } } else { // not bound, trigger user prompt on front end // return Response::json(array('status' => 'project_unbound', 'user_permission_uid' => $up->user_permission_uid), 404); } // user does not have permission // } else { return Response::json(array('status' => 'no_permission'), 401); } // current user is not the project owner // } else { // check that current user is a project member // $pm = ProjectMembership::where('user_uid', '=', $user->user_uid)->where('project_uid', '=', $project->project_uid)->first(); if (!$pm) { return Response::json(array('status' => 'no_project_membership'), 401); } // c test // $permission_code = $this->getParasoftPermissionCode(); // check for parasoft c test permission // $op = UserPermission::where('user_uid', '=', $project->owner['user_uid'])->where('permission_code', '=', $permission_code)->first(); // owner has permission // if ($op && $op->status === 'granted') { // user parasoft permission is bound to this project // if (UserPermissionProject::where('user_permission_uid', '=', $op->user_permission_uid)->where('project_uid', '=', $project->project_uid)->first()) { $permission = Permission::where('permission_code', '=', $permission_code)->first(); if (UserPolicy::where('user_uid', '=', $user->user_uid)->where('policy_code', '=', $permission->policy_code)->where('accept_flag', '=', 1)->first()) { return Response::json(array('status' => 'granted', 'user_permission_uid' => $op->user_permission_uid), 200); } else { return Response::json(array('status' => 'no_user_policy', 'policy' => $permission->policy, 'policy_code' => $permission->policy_code), 404); } } else { // not bound, trigger user prompt on front end // return Response::json(array('status' => 'member_project_unbound'), 404); } // owner does not have permission // } else { return Response::json(array('status' => 'owner_no_permission'), 401); } } }