Skip to content

Commit

Permalink
Hotfix for vulnerabilities card with the number of vulnerabilities (#…
Browse files Browse the repository at this point in the history 
…2501)

### What's done: 
- small fixes to fix The 405 Method Not Allowed error
- changes in API: removed get-public-vulnerabilities endpoint
  • Loading branch information
@orchestr7
orchestr7 authored Aug 29, 2023
1 parent f06bc48 commit f8e1394
Show file tree
Hide file tree
Showing 6 changed files with 66 additions and 47 deletions.
2 changes: 1 addition & 1 deletion ...tion-service/src/main/kotlin/com/saveourtool/save/authservice/config/WebSecurityConfig.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,7 @@ class WebSecurityConfig(
"/api/$v1/contests/*/scores",
"/api/$v1/contests/*/*/best",
"/api/demo/*/run",
"/api/$v1/vulnerabilities/get-all-public",
"/api/$v1/vulnerabilities/by-filters",
// `fossGraphView` is public page
"/api/$v1/vulnerabilities/by-name-with-description",
"/api/$v1/comments/get-all",
Expand Down
24 changes: 11 additions & 13 deletions .../kotlin/com/saveourtool/save/backend/controllers/vulnerability/VulnerabilityController.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,23 +57,17 @@ class VulnerabilityController(
@RequestBody filters: VulnerabilityFilter,
authentication: Authentication?,
): Mono<VulnerabilityDtoList> = blockingToMono {
if (authentication?.hasRole(Role.SUPER_ADMIN) != true && filters.status != VulnerabilityStatus.APPROVED && !filters.isOwner) {
if (
// if user is not authenticated, he will have authentication = null and will not get other's submitted vulnerabilities
filters.status != VulnerabilityStatus.APPROVED && authentication?.name != filters.authorName &&
// only if user is NOT admin, if admin - everything is fine
authentication?.hasRole(Role.SUPER_ADMIN) == false
) {
throw ResponseStatusException(HttpStatus.FORBIDDEN)
}
vulnerabilityService.getFilteredWithUserInfos(filters, authentication)
}

@PostMapping("/get-all-public")
@Operation(
method = "GET",
summary = "Get all public vulnerabilities with author info.",
description = "Get all public vulnerabilities with author UserInfo.",
)
@ApiResponse(responseCode = "200", description = "Successfully fetched all public vulnerabilities with author UserInfo.")
fun getAllPublicVulnerabilities(
@RequestBody filters: VulnerabilityFilter,
): Flux<VulnerabilityDto> = blockingToFlux { vulnerabilityService.getFilteredWithUserInfos(filters) }

@GetMapping("/by-name-and-status")
@Operation(
method = "GET",
Expand Down Expand Up @@ -147,7 +141,10 @@ class VulnerabilityController(
summary = "Get list of vulnerabilities by organization name.",
description = "Get list of vulnerabilities by organization name.",
)
@ApiResponse(responseCode = "200", description = "Successfully fetched list of vulnerabilities by organization name")
@ApiResponse(
responseCode = "200",
description = "Successfully fetched list of vulnerabilities by organization name"
)
fun getVulnerabilityByOrganization(
@RequestParam organizationName: String,
@RequestParam status: VulnerabilityStatus,
Expand Down Expand Up @@ -430,6 +427,7 @@ class VulnerabilityController(
HttpStatus.CONFLICT,
"Tag $tagName is already linked with $vulnerabilityName vulnerability",
)

else -> throw error
}
}
Expand Down
11 changes: 7 additions & 4 deletions ...com/saveourtool/save/frontend/components/basic/table/filters/VulnerabilitiesFiltersRow.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,9 +129,10 @@ val vulnerabilitiesFiltersRow: FC<VulnerabilitiesFiltersProps> = FC { props ->
buttonBuilder(faSearch, classes = "btn mr-1", isOutline = props.filter == filter, style = "secondary") {
props.onChangeFilter(filter)
}
buttonBuilder(faWindowClose, classes = "btn mr-1", isOutline = true, style = "secondary") {
buttonBuilder(faWindowClose, classes = "btn mr-1", title = "Drop filters", isOutline = true, style = "secondary") {
props.onChangeFilter(null)
setFilter { props.filter }
// need to drop all tags
setFilter { props.filter.copy(tags = emptySet()) }
setTagPrefix("")
setOrganization(OrganizationDto.empty)
setUser(UserInfo(""))
Expand All @@ -149,11 +150,13 @@ val vulnerabilitiesFiltersRow: FC<VulnerabilitiesFiltersProps> = FC { props ->
filter.tags.forEach { tag ->
buttonBuilder(
tag,
if (tag !in props.filter.tags) "info" else "primary",
"info",
isOutline = true,
classes = "rounded-pill text-sm btn-sm mx-1 px-2"
) {
setFilter { oldFilter -> oldFilter.copy(tags = filter.tags - tag) }
val newFilter = filter.copy(tags = filter.tags - tag)
setFilter { newFilter }
props.onChangeFilter(newFilter)
}
}
}
Expand Down
19 changes: 13 additions & 6 deletions ...kotlin/com/saveourtool/save/frontend/components/views/vuln/VulnerabilityCollectionView.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@

package com.saveourtool.save.frontend.components.views.vuln

import com.saveourtool.save.domain.Role
import com.saveourtool.save.entities.vulnerability.VulnerabilityDto
import com.saveourtool.save.entities.vulnerability.VulnerabilityStatus
import com.saveourtool.save.filters.VulnerabilityFilter
Expand Down Expand Up @@ -168,23 +167,25 @@ val vulnerabilityCollectionView: FC<VulnerabilityCollectionViewProps> = FC { pro
div {
@Suppress("TOO_MANY_LINES_IN_LAMBDA")
props.currentUserInfo?.globalRole?.let { role ->
val tabList = if (role.isHigherOrEqualThan(Role.SUPER_ADMIN)) {
val tabList = if (role.isSuperAdmin()) {
VulnerabilityListTab.values().map { it.name }
} else {
VulnerabilityListTab.values().filter { it != VulnerabilityListTab.ADMIN }
.map { it.name }
}
tab(selectedMenu.name, tabList, "nav nav-tabs mt-3") { value ->
setSelectedMenu { VulnerabilityListTab.valueOf(value) }
setVulnerabilityFilters { getFiltersByTab(VulnerabilityListTab.valueOf(value), setPublicTable) }
setVulnerabilityFilters {
getFiltersByTab(VulnerabilityListTab.valueOf(value), setPublicTable, props.currentUserInfo)
}
}
}

vulnerabilityListTable {
filters = vulnerabilityFilters
getData = { _, _ ->
post(
url = "$apiUrl/vulnerabilities/${props.currentUserInfo?.globalRole?.let { "by-filters" } ?: "get-all-public"}",
url = "$apiUrl/vulnerabilities/by-filters",
headers = jsonHeaders,
body = Json.encodeToString(vulnerabilityFilters),
loadingHandler = ::loadingHandler,
Expand All @@ -206,7 +207,8 @@ val vulnerabilityCollectionView: FC<VulnerabilityCollectionViewProps> = FC { pro
setVulnerabilityFilters {
getFiltersByTab(
selectedMenu,
setPublicTable
setPublicTable,
props.currentUserInfo
)
}
}
Expand Down Expand Up @@ -269,7 +271,11 @@ external interface FiltersProps : TableProps<VulnerabilityDto> {
var filters: VulnerabilityFilter?
}

private fun getFiltersByTab(selectedMenu: VulnerabilityListTab, setPublicTable: StateSetter<Boolean>) = when (selectedMenu) {
private fun getFiltersByTab(
selectedMenu: VulnerabilityListTab,
setPublicTable: StateSetter<Boolean>,
currentUserInfo: UserInfo?
) = when (selectedMenu) {
VulnerabilityListTab.PUBLIC -> {
setPublicTable(true)
VulnerabilityFilter.approved
Expand All @@ -287,6 +293,7 @@ private fun getFiltersByTab(selectedMenu: VulnerabilityListTab, setPublicTable:
prefixName = "",
status = null,
isOwner = true,
authorName = currentUserInfo?.name
)
}
}
55 changes: 33 additions & 22 deletions ...kotlin/com/saveourtool/save/frontend/components/views/welcome/VulnerabilityWelcomeView.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
package com.saveourtool.save.frontend.components.views.welcome

import com.saveourtool.save.entities.vulnerability.VulnerabilityDto
import com.saveourtool.save.filters.VulnerabilityFilter
import com.saveourtool.save.frontend.components.views.welcome.pagers.vuln.renderVulnerabilityGeneralInfo
import com.saveourtool.save.frontend.externals.fontawesome.*
import com.saveourtool.save.frontend.themes.Colors
Expand All @@ -28,11 +29,13 @@ import react.dom.html.ReactHTML.span
import react.dom.html.ReactHTML.strong
import web.cssom.*
import kotlinx.browser.window
import kotlinx.serialization.encodeToString
import kotlinx.serialization.json.Json

val vulnWelcomeView: FC<WelcomeProps> = FC { props ->
useBackground(Style.VULN_DARK)
val (oauthProviders, setOauthProviders) = useState<List<OauthProviderInfo>>(emptyList())

val (oauthProviders, setOauthProviders) = useState<List<OauthProviderInfo>>(emptyList())
useRequest {
val oauthProviderInfoList: List<OauthProviderInfo>? = get(
"${window.location.origin}/sec/oauth-providers",
Expand All @@ -45,11 +48,15 @@ val vulnWelcomeView: FC<WelcomeProps> = FC { props ->

val (vulnerabilities, setVulnerabilities) = useState<List<VulnerabilityDto>>(emptyList())
useRequest {
val vuln: List<VulnerabilityDto> = get(
url = "$apiUrl/vulnerabilities/get-all-public",
val vuln = post(
url = "$apiUrl/vulnerabilities/by-filters",
headers = jsonHeaders,
loadingHandler = ::loadingHandler
).unsafeMap { it.decodeFromJsonString() }
body = Json.encodeToString(VulnerabilityFilter.approved),
loadingHandler = ::loadingHandler,
responseHandler = ::noopResponseHandler,
).unsafeMap {
it.decodeFromJsonString<List<VulnerabilityDto>>()
}
setVulnerabilities(vuln)
}

Expand Down Expand Up @@ -88,7 +95,11 @@ val vulnWelcomeView: FC<WelcomeProps> = FC { props ->
hrNoMargin()
menuTextAndLink("Top rating", FrontendRoutes.VULN_TOP_RATING, faTrophy)
}
} ?: inputCredentialsView(oauthProviders, Colors.VULN_PRIMARY, "/${FrontendRoutes.VULNERABILITIES}")
} ?: inputCredentialsView(
oauthProviders,
Colors.VULN_PRIMARY,
"/${FrontendRoutes.VULNERABILITIES}"
)
}
stats(vulnerabilities)
}
Expand All @@ -109,25 +120,25 @@ val vulnWelcomeView: FC<WelcomeProps> = FC { props ->
*/
fun ChildrenBuilder.stats(vulnerabilities: List<VulnerabilityDto>) {
div {
className = ClassName("card mt-3")
className = ClassName("card border border-primary rounded rounded-pill col mt-4 justify-content-center")
style = jso {
height = 15.rem
}
div {
className = ClassName("mt-5 mb-5")
style = jso {
height = 15.rem
}
div {
className = ClassName("row justify-content-center")
strong {
className = ClassName("d-inline-block mb-2 card-text")
+"total vulnerabilities"
className = ClassName("row justify-content-center")
h1 {
className = ClassName("text-primary")
+vulnerabilities.size.toString()
style = jso {
fontSize = 4.rem
}
}
div {
className = ClassName("row justify-content-center")
h1 {
className = ClassName("text-dark")
+vulnerabilities.size.toString()
}
}
div {
className = ClassName("row justify-content-center")
strong {
className = ClassName("d-inline-block mb-2 card-text")
+"Total number of submitted vulnerabilities"
}
}
}
Expand Down
2 changes: 1 addition & 1 deletion save-frontend/src/main/kotlin/com/saveourtool/save/frontend/utils/LoginUtils.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ private fun ChildrenBuilder.oauthLoginForKnownAwesomeIcons(
awesomeIcon: dynamic
) {
div {
className = ClassName("animated-provider col animate__animated ${oauthProvidersFeConfig.animate}")
className = ClassName("animated-provider col animate__animated ${oauthProvidersFeConfig.animate} mb-4")
a {
href = oauthProvidersFeConfig.provider.authorizationLink
className = ClassName("text-center")
Expand Down

0 comments on commit f8e1394

Please sign in to comment.