Skip to content

Commit

Permalink
[backend/frontend] Prevent users from deleting SP logos (#1660)
Browse files Browse the repository at this point in the history
  • Loading branch information
Dimfacion committed Oct 17, 2024
1 parent 033f92b commit 9715df6
Show file tree
Hide file tree
Showing 5 changed files with 21 additions and 3 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -269,13 +269,18 @@ public List<RawDocument> documents() {
@PostMapping("/api/documents/search")
public Page<RawPaginationDocument> searchDocuments(@RequestBody @Valid final SearchPaginationInput searchPaginationInput) {
OpenBASPrincipal user = currentUser();
List<Document> securityPlatformLogos = securityPlatformRepository.securityPlatformLogo();

Check warning on line 272 in openbas-api/src/main/java/io/openbas/rest/document/DocumentApi.java

View check run for this annotation

Codecov / codecov/patch

openbas-api/src/main/java/io/openbas/rest/document/DocumentApi.java#L272

Added line #L272 was not covered by tests
if (user.isAdmin()) {
return buildPaginationJPA(
(Specification<Document> specification, Pageable pageable) -> this.documentRepository.findAll(
specification, pageable),
searchPaginationInput,
Document.class
).map(RawPaginationDocument::new);
).map((document) -> {
var rawPaginationDocument = new RawPaginationDocument(document);

Check warning on line 280 in openbas-api/src/main/java/io/openbas/rest/document/DocumentApi.java

View check run for this annotation

Codecov / codecov/patch

openbas-api/src/main/java/io/openbas/rest/document/DocumentApi.java#L279-L280

Added lines #L279 - L280 were not covered by tests
rawPaginationDocument.setDocument_can_be_deleted(!securityPlatformLogos.contains(document));
return rawPaginationDocument;

Check warning on line 282 in openbas-api/src/main/java/io/openbas/rest/document/DocumentApi.java

View check run for this annotation

Codecov / codecov/patch

openbas-api/src/main/java/io/openbas/rest/document/DocumentApi.java#L282

Added line #L282 was not covered by tests
});
} else {
return buildPaginationJPA(
(Specification<Document> specification, Pageable pageable) -> this.documentRepository.findAll(
Expand All @@ -284,7 +289,11 @@ public Page<RawPaginationDocument> searchDocuments(@RequestBody @Valid final Sea
),
searchPaginationInput,
Document.class
).map(RawPaginationDocument::new);
).map((document) -> {
var rawPaginationDocument = new RawPaginationDocument(document);

Check warning on line 293 in openbas-api/src/main/java/io/openbas/rest/document/DocumentApi.java

View check run for this annotation

Codecov / codecov/patch

openbas-api/src/main/java/io/openbas/rest/document/DocumentApi.java#L292-L293

Added lines #L292 - L293 were not covered by tests
rawPaginationDocument.setDocument_can_be_deleted(!securityPlatformLogos.contains(document));
return rawPaginationDocument;

Check warning on line 295 in openbas-api/src/main/java/io/openbas/rest/document/DocumentApi.java

View check run for this annotation

Codecov / codecov/patch

openbas-api/src/main/java/io/openbas/rest/document/DocumentApi.java#L295

Added line #L295 was not covered by tests
});
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -164,7 +164,7 @@ const DocumentPopover = (props) => {
</MenuItem>
)}
{!onRemoveDocument && (
<MenuItem onClick={handleOpenDelete}>
<MenuItem onClick={handleOpenDelete} disabled={!document.document_can_be_deleted}>
{t('Delete')}
</MenuItem>
)}
Expand Down
1 change: 1 addition & 0 deletions openbas-front/src/utils/api-types.d.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2598,6 +2598,7 @@ export interface RawDocument {
}

export interface RawPaginationDocument {
document_can_be_deleted?: boolean;
document_description?: string;
document_exercises?: string[];
document_id?: string;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ public class RawPaginationDocument {
List<String> document_scenarios;
String document_type;
List<String> document_tags;
boolean document_can_be_deleted = true;

public RawPaginationDocument(final Document document) {
this.document_id = document.getId();
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package io.openbas.database.repository;

import io.openbas.database.model.Document;
import io.openbas.database.model.SecurityPlatform;
import org.springframework.data.jpa.repository.JpaSpecificationExecutor;
import org.springframework.data.jpa.repository.Query;
Expand All @@ -8,6 +9,7 @@
import org.springframework.stereotype.Repository;

import java.time.Instant;
import java.util.List;
import java.util.Optional;

@Repository
Expand All @@ -29,4 +31,9 @@ public interface SecurityPlatformRepository extends CrudRepository<SecurityPlatf
@Override
@Query("select count(distinct s) from SecurityPlatform s where s.createdAt < :creationDate")
long globalCount(@Param("creationDate") Instant creationDate);

@Query("select distinct s.logoDark from SecurityPlatform s " +
"union " +
"select distinct s.logoLight from SecurityPlatform s ")
List<Document> securityPlatformLogo();
}

0 comments on commit 9715df6

Please sign in to comment.