Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMax Magorsch <arzano@gentoo.org>2020-04-20 13:57:08 +0200
committerMax Magorsch <arzano@gentoo.org>2020-04-20 13:57:08 +0200
commit22d233dcc865326ff9b04726ef3c5f32a414dda4 (patch)
tree84208cd3d22951b4dd7f606a8105146bd8353835
parentAdd a page to manually enter a cve (diff)
downloadglsamaker-22d233dcc865326ff9b04726ef3c5f32a414dda4.tar.gz
glsamaker-22d233dcc865326ff9b04726ef3c5f32a414dda4.tar.bz2
glsamaker-22d233dcc865326ff9b04726ef3c5f32a414dda4.zip
Add permission for manually creating CVEs
Signed-off-by: Max Magorsch <arzano@gentoo.org>
Diffstat
-rw-r--r--pkg/app/handler/admin/edit.go2
-rw-r--r--pkg/app/handler/cvetool/new.go2
-rw-r--r--pkg/app/utils.go1
-rw-r--r--pkg/models/users/user.go1
-rw-r--r--web/templates/admin/components/permissions.tmpl20
5 files changed, 23 insertions, 3 deletions
diff --git a/pkg/app/handler/admin/edit.go b/pkg/app/handler/admin/edit.go
index 8cf9291..c618678 100644
--- a/pkg/app/handler/admin/edit.go
+++ b/pkg/app/handler/admin/edit.go
@@ -152,6 +152,7 @@ func EditPermissions(w http.ResponseWriter, r *http.Request) {
cveView := getArrayParam("cve-view", r)
cveUpdateCVEs := getArrayParam("cve-updateCVEs", r)
cveComment := getArrayParam("cve-comment", r)
+ cveAddCVE := getArrayParam("cve-addCVE", r)
cveAddPackage := getArrayParam("cve-addPackage", r)
cveChangeState := getArrayParam("cve-changeState", r)
cveAssignBug := getArrayParam("cve-assignBug", r)
@@ -181,6 +182,7 @@ func EditPermissions(w http.ResponseWriter, r *http.Request) {
View: containsInt(cveView, changedUser.Id),
UpdateCVEs: containsInt(cveUpdateCVEs, changedUser.Id),
Comment: containsInt(cveComment, changedUser.Id),
+ AddCVE: containsInt(cveAddCVE, changedUser.Id),
AddPackage: containsInt(cveAddPackage, changedUser.Id),
ChangeState: containsInt(cveChangeState, changedUser.Id),
AssignBug: containsInt(cveAssignBug, changedUser.Id),
diff --git a/pkg/app/handler/cvetool/new.go b/pkg/app/handler/cvetool/new.go
index 782efd7..10a1f23 100644
--- a/pkg/app/handler/cvetool/new.go
+++ b/pkg/app/handler/cvetool/new.go
@@ -16,7 +16,7 @@ func New(w http.ResponseWriter, r *http.Request) {
user := utils.GetAuthenticatedUser(r)
- if !user.Permissions.Glsa.View {
+ if !user.Permissions.CVETool.AddCVE {
authentication.AccessDenied(w, r)
return
}
diff --git a/pkg/app/utils.go b/pkg/app/utils.go
index 9d66c13..e442d12 100644
--- a/pkg/app/utils.go
+++ b/pkg/app/utils.go
@@ -27,6 +27,7 @@ func defaultAdminPermissions() users.Permissions {
View: true,
UpdateCVEs: true,
Comment: true,
+ AddCVE: true,
AddPackage: true,
ChangeState: true,
AssignBug: true,
diff --git a/pkg/models/users/user.go b/pkg/models/users/user.go
index b8a60d6..e4b4e4b 100644
--- a/pkg/models/users/user.go
+++ b/pkg/models/users/user.go
@@ -111,6 +111,7 @@ type CVEToolPermissions struct {
View bool
UpdateCVEs bool
Comment bool
+ AddCVE bool
AddPackage bool
ChangeState bool
AssignBug bool
diff --git a/web/templates/admin/components/permissions.tmpl b/web/templates/admin/components/permissions.tmpl
index 32b7dc6..b3b3cf4 100644
--- a/web/templates/admin/components/permissions.tmpl
+++ b/web/templates/admin/components/permissions.tmpl
@@ -11,7 +11,7 @@
<tr>
<td style="border-top:none;"></td>
<th colspan="11" class="border-0">GLSA</th>
- <th colspan="6" class="border-0">CVE</th>
+ <th colspan="7" class="border-0">CVE</th>
<th colspan="4" class="border-0">Admin</th>
</tr>
<tr>
@@ -60,6 +60,9 @@
<th title="Add comments to CVEs">
<i class="fa fa-commenting-o" aria-hidden="true"></i>
</th>
+ <th title="Manually create CVEs">
+ <i class="fa fa-plus" aria-hidden="true"></i>
+ </th>
<th title="Add packages to CVEs">
<i class="fa fa-hdd-o" aria-hidden="true"></i>
</th>
@@ -189,6 +192,13 @@
{{end}}
</td>
<td>
+ {{if .Permissions.CVETool.AddCVE}}
+ <i class="fa fa-check" style="color: green;" aria-hidden="true"></i>
+ {{else}}
+ <i class="fa fa-times" style="color: darkred;" aria-hidden="true"></i>
+ {{end}}
+ </td>
+ <td>
{{if .Permissions.CVETool.AddPackage}}
<i class="fa fa-check" style="color: green;" aria-hidden="true"></i>
{{else}}
@@ -265,7 +275,7 @@
<tr>
<td style="border-top:none;"></td>
<th colspan="11" class="border-0">GLSA</th>
- <th colspan="6" class="border-0">CVE</th>
+ <th colspan="7" class="border-0">CVE</th>
<th colspan="4" class="border-0">Admin</th>
</tr>
<tr>
@@ -314,6 +324,9 @@
<th title="Add comments to CVEs">
<i class="fa fa-commenting-o" aria-hidden="true"></i>
</th>
+ <th title="Manually create CVEs">
+ <i class="fa fa-plus" aria-hidden="true"></i>
+ </th>
<th title="Add packages to CVEs">
<i class="fa fa-hdd-o" aria-hidden="true"></i>
</th>
@@ -390,6 +403,9 @@
<input name="cve-comment" type="checkbox" value="{{.Id}}" {{if .Permissions.CVETool.Comment}}checked{{end}}/>
</td>
<td>
+ <input name="cve-addCVE" type="checkbox" value="{{.Id}}" {{if .Permissions.CVETool.AddCVE}}checked{{end}}/>
+ </td>
+ <td>
<input name="cve-addPackage" type="checkbox" value="{{.Id}}" {{if .Permissions.CVETool.AddPackage}}checked{{end}}/>
</td>
<td>