diff options
Diffstat (limited to 'lib/srtgui/templates/cve.html')
-rw-r--r-- | lib/srtgui/templates/cve.html | 188 |
1 files changed, 180 insertions, 8 deletions
diff --git a/lib/srtgui/templates/cve.html b/lib/srtgui/templates/cve.html index c3cfcac5..e3fe0ca0 100644 --- a/lib/srtgui/templates/cve.html +++ b/lib/srtgui/templates/cve.html @@ -1,6 +1,6 @@ {% extends "base.html" %} -{% load projecttags %} +{% load jobtags %} {% block title %} {{object.name}} - SRTool {% endblock %} @@ -29,8 +29,11 @@ <div class="col-md-12"> <div class="page-header build-data"> <span id="cve-name-container"> - <span id="cve-name" class="srt_h1">{{object.name}} {% if not object.public %} <font color="red">[PRIVATE]</font> {% endif %}</span> - {% if object.is_local and request.user.is_contributor %}<span class="glyphicon glyphicon-edit" id="cve-change-form-toggle"></span>{% endif %} + + <span id="cve-name" class="srt_h1">{{object.name}} + {% if object.is_local and request.user.is_contributor %} <span class="glyphicon glyphicon-edit" id="cve-change-form-toggle"></span>{% endif %} + {% if not object.public %} <font color="red" >[PRIVATE]</font> {% endif %} + </span> {% if request.user.is_creator %} <span style="padding-left:30px;"><button id="select-quickedit" class="btn btn-default" type="button">Edit Status...</button></span> <span style="padding-left:30px;"><button id="select-notification" class="btn btn-default" type="button">Create Notification ...</button></span> @@ -41,6 +44,9 @@ <span style="padding-left:30px;"><button id="select-cveedit" class="btn btn-default" type="button">Edit CVE Data ...</button></span> {% endif %} <span style="padding-left:30px;"><button id="submit-delete-cve" class="btn btn-default" type="button">Delete CVE</button></span> + {% if object.is_local %} + <span style="padding-left:30px;"><button id="select-merge-cve" class="btn btn-default" type="button">Merge CVE</button></span> + {% endif %} {% endif %} </span> {% if not is_edit %} @@ -59,13 +65,26 @@ <!-- include SRtool Metadata/Notification --> {% include "srtool_metadata_include.html" with default_category="CVE" default_url="cve" %} +<!-- CVE Merge --> +{% if object.is_local %} + <div id="details-cve-merge" style="display:none;padding-left:25px;"> + <fieldset style="border: 1px solid Blue; background-color:LightBlue; padding-left: 25px; padding-right: 20px;"> <!-- class="fieldset-auto-width" --> + <p><p> + <button class="btn btn-primary btn-lg" id="submit-merge-cve"> Submit Merge </button> + <p>Target CVE: <input type="text" placeholder="CVE Number" id="target-cve-name" size="40" ></p> + </fieldset> + <p> + <p> + </div> +{% endif %} + <div class="row"> <div class="col-md-12 tabbable"> <ul class="nav nav-tabs"> - {% for details,state,id,cve_html in cve_list_table %} + {% for details,state,id,cve_html,ds_id in cve_list_table %} <li class="{{state}}"> <a href="#{{id}}" data-toggle="tab"> - {{id}} + {{id}}{% if request.user.is_admin %}({{ds_id}}){% endif %} <span class="glyphicon glyphicon-question-sign get-help" title="{{id}} CVE data"></span> </a> </li> @@ -73,7 +92,7 @@ </ul> <div class="tab-content"> - {% for details,state,id,cve_html in cve_list_table %} + {% for details,state,id,cve_html,ds_id in cve_list_table %} <div class="tab-pane {{state}}" id="{{id}}"> {% if 'Local' == id %} @@ -95,6 +114,73 @@ </form>{% csrf_token %} {% endif %} +{% if not object.public %} + {% if request.user.is_creator %} + + <div class="row" style="padding-left: 25px;"> + <h3>User Access + {% if request.user.is_creator %} + <button id="select-adduseraccess" class="btn btn-default" type="button">Add user access ...</button> + {% endif %} + </h3> + + <div id="details-adduseraccess" style="padding-left: 50px; display:none;"> + <p><p> + <button class="execute" id="submit-adduseraccess"> Submit </button> + <div class="row"> + <p> + <div id="all-users" class="scrolling" style="width: 300px;"> + {% for user in users %} + <div class="checkbox"> + <label> + <input class="checkbox-users" name="access-users" value="{{user.pk}}" type="checkbox">{{user.name}} + </label> + <p> + </div> + {% endfor %} + </div> + </div> + </div> + + <table class="table table-striped table-condensed" data-testid="vuln-hyperlinks-table"> + <thead> + <tr> + <th>User</th> + <th>Manage</th> + </tr> + </thead> + + {% if object.public %} + <tr> + <td>All</td> + <td> + </td> + </tr> + {% endif %} + + {% if object.cve_users.all %} + {% for u in object.cve_users.all %} + <tr> + <td>{{ u.user.username }}</td> + <td> + <span id="attachment_entry_'+{{u.id}}+'" class="js-config-var-name"></span> + <span class="glyphicon glyphicon-trash trash-useraccess" id="attachment_trash_'+{{u.id}}+'" x-data="{{u.id}}"></span> + </td> + </tr> + {% endfor %} + {% else %} + {% if not object.public %} + <tr> + <td>No users found</td> + </tr> + {% endif %} + {% endif %} + </table> + + </div> + {% endif %} +{% endif %} + <div class="row" style="padding-left: 25px;"> <h3>History</h3> @@ -129,6 +215,8 @@ Created={{object.srt_created}} Updated={{object.srt_updated}} <script> var selected_quickedit=false; var selected_notifyedit=false; + var selected_adduseraccess=false; + var selected_mergecve=false; /* CVE Name change support */ var cveNameForm = $("#cve-name-change-form"); @@ -154,7 +242,7 @@ Created={{object.srt_created}} Updated={{object.srt_updated}} if (('new_name' in data) && (0 == data.new_name.indexOf("url:"))) { window.location.replace(data.new_name.replace("url:","")); } else if (('new_name' in data) && ("" != data.new_name)) { - var new_url = "{% url 'cve' object.name %}".replace("{{object.name}}",data.new_name); + var new_url = "{% url 'cve' 123 %}".replace("123",data.new_name); window.location.replace(new_url); } else { location.reload(true); @@ -190,7 +278,7 @@ Created={{object.srt_created}} Updated={{object.srt_updated}} selected_quickedit=true; $("#display-status").slideUp(); $("#details-quickedit").slideDown(); - document.getElementById("select-quickedit").innerText = "Close edit status..."; + document.getElementById("select-quickedit").innerText = "Cancel edit status..."; $("#select-quickedit").addClass("blueborder"); document.getElementById("select-status-state").focus(); } @@ -206,14 +294,31 @@ Created={{object.srt_created}} Updated={{object.srt_updated}} var tags=$('#text-tags').val().trim(); var priority=$('#select-priority-state').val(); var status=$('#select-status-state').val(); + var public=$('#select-public-state').val(); var publish_state=$('#select-publish-state').val(); var publish_date=$('#select-publish-date').val(); var acknowledge_date=$('#text-acknowledge-date').val(); var affected_components=$('#text-affected-components').val(); + /* Double check any public status changes */ + {% if object.public %} + if ("0" == public) { + if (! confirm("Are you sure you want to make this CVE and all its children as PRIVATE?")) { + return + } + } + {% endif %} + {% if not object.public %} + if ("1" == public) { + if (! confirm("Are you sure you want to make this CVE and all its children as PUBLIC?")) { + return + } + } + {% endif %} postCommitAjaxRequest({ "action" : 'submit-quickedit', "priority" : priority, "status" : status, + "public" : public, "note" : note, "private_note" : private_note, "tags" : tags, @@ -301,6 +406,16 @@ Created={{object.srt_created}} Updated={{object.srt_updated}} "vul_name" : $("#vulnerability_name").val(), }); }); + $('.detach-vulnerability').click(function() { + var result = confirm("Are you sure you want to detach this Vulnerability?"); + if (result){ + postCommitAjaxRequest({ + "action" : 'submit-detach-vulnerability', + "record_id" : $(this).attr('x-data'), + }); + } + }); + $("#submit-delete-cve").click(function(){ var result = confirm("Are you sure you want to permamently delete '{{object.name}}' and all its related records?"); @@ -311,7 +426,64 @@ Created={{object.srt_created}} Updated={{object.srt_updated}} } }); + $('#select-merge-cve').click(function(){ + if (selected_mergecve) { + selected_mergecve=false; + $("#details-cve-merge").slideUp(); + document.getElementById("select-merge-cve").innerText = "Merge CVE"; + $("#select-merge-cve").removeClass("blueborder"); + } else { + selected_mergecve=true; + $("#details-cve-merge").slideDown(); + document.getElementById("select-merge-cve").innerText = "Close merge CVE"; + $("#select-merge-cve").addClass("blueborder"); + document.getElementById("target-cve-name").focus(); + } + }); + $("#submit-merge-cve").click(function(){ + postCommitAjaxRequest({ + "action" : 'submit-merge-cve', + "cve_merge_name" : $("#target-cve-name").val(), + }); + }); + $('#select-adduseraccess').click(function(){ + if (selected_adduseraccess) { + selected_adduseraccess=false; + $("#details-adduseraccess").slideUp(); + } else { + selected_adduseraccess=true; + $("#details-adduseraccess").slideDown(); + } + }); + + $('#submit-adduseraccess').click(function(){ + var user_list=[]; + $('input[name="access-users"]').each(function(){ + if ($(this).is(':checked')) { + user_list.push($(this).prop('value')); + } + }); + user_list = user_list.join(","); + if ("" == user_list) { + alert("No users were selected"); + return; + } + postCommitAjaxRequest({ + "action" : 'submit-adduseraccess', + "users" : user_list, + }); + }); + + $('.trash-useraccess').click(function(){ + var result = confirm("Are you sure?"); + if (result){ + postCommitAjaxRequest({ + "action" : 'submit-trashuseraccess', + "record_id" : $(this).attr('x-data'), + }); + } + }) /* Set the report link */ $('#report_link').attr('href',"{% url 'report' request.resolver_match.url_name %}?record_list={{object.id}}"); |