{% extends "base.html" %}
{% load projecttags %}

{% block extraheadcontent %}
	<style>
	/* Style the execution buttons */
	/*button.execute { height:50px;width:210px;background-color:#4CAF50;text-align:center; border:2px #f69c55;border-radius: 12px; }*/

	button:disabled {
		cursor: not-allowed;
	}

	/* Create two equal columns that floats next to each other */
	.column {
			float: left;
			width: 350px;
			padding: 10px;
	}

	/* Clear floats after the columns */
	.row:after {
			content: "";
			display: table;
			clear: both;
	}
	</style>
{% endblock %}

{% block title %} {{object.name}} - SRTool {% endblock %}
{% block pagecontent %}

<div class="row">
  <!-- Breadcrumbs -->
	<div class="col-md-12">
		<ul class="breadcrumb" id="breadcrumb">
			<li><a href="{% url 'landing' %}">Home</a></li><span class="divider">&rarr;</span>
			<li><a href="{% url 'vulnerabilities' %}">Vulnerabilities</a></li><span class="divider">&rarr;</span>
			<li>{{object.name}}</li>
		</ul>
	</div>
</div>

<!-- Begin container -->

<div class="row">
  <div class="col-md-12">
    <div class="page-header build-data">
        <span class="srt_h1">Vulnerability {{object.get_long_name}} {% if not object.public %} <font color="red">[PRIVATE]</font> {% endif %}</span>
        {% if request.user.is_creator %}
            <span style="padding-left:30px;"><button id="select-quickedit" class="btn btn-default" type="button">Edit Status...</button></span>
            <span style="padding-left:30px;"><button id="select-notification" class="btn btn-default" type="button">Create Notification ...</button></span>
            <span style="padding-left:30px;"><button id="select-delete" class="btn btn-default" type="button" x-data="{{object.id}}">Delete</button></span>
        {% endif %}
    </div>
  </div>
</div>

<!-- include SRtool Metadata/Notification -->
{% include "srtool_metadata_include.html" with default_category="VULNERABILITY" default_url="vulnerability" %}

<div class="row" style="padding-left: 25px;">
  <div class="col-md-5">
	<div>
		<h3>Description</h3>
		{{object.description}}
	</div>
	<p/>
  </div>
  <div class="col-md-5">
	<div class="well">
	  <h2>Quick Info</h2>
		<dl class="dl-horizontal">
			<dt>CVE Dictionary Entry:</dt>
			<dd>
			  {% for vc in object.vulnerability_to_cve.all %}
				{% if not forloop.first %}| {% endif %}<a href="{% url 'cve' vc.cve.name %}">{{vc.cve.name}}</a>
			  {% endfor %}
			</dd>

			<dt>Original release date:</dt>
			<dd>
			  {% for vc in object.vulnerability_to_cve.all %}
				{% if not forloop.first %}| {% endif %}{{vc.cve.publishedDate}} </a>
			  {% endfor %}
			</dd>

			<dt>Last revised:</dt>
			<dd>
			  {% for vc in object.vulnerability_to_cve.all %}
				{% if not forloop.first %}| {% endif %}{{vc.cve.lastModifiedDate}} </a>
			  {% endfor %}
			</dd>

			<dt>CVSS v3 Base Score:</dt>
			<dd>
			  {% for vc in object.vulnerability_to_cve.all %}
				{% if not forloop.first %}| {% endif %}{{vc.cve.cvssV3_baseScore}},{{vc.cve.cvssV3_baseSeverity}} </a>
			  {% endfor %}
			</dd>

			<dt>CVSS v2 Base Score:</dt>
			<dd>
			  {% for vc in object.vulnerability_to_cve.all %}
				{% if not forloop.first %}| {% endif %}{{vc.cve.cvssV2_baseScore}},{{vc.cve.cvssV2_severity}} </a>
			  {% endfor %}
			</dd>
		</dl>
	</div>
  </div>
</div>

<div class="row" style="padding-left: 25px;">
	<h3>Investigations/Products
		{% if request.user.is_creator %}
			<button id="select-addproduct" class="btn btn-default" type="button">Add product ...</button>
		{% endif %}
	</h3>

	<div id="details-addproduct" style="padding-left: 50px; display:none;">
		<p><p>
		<button class="execute" id="submit-addproduct"> Submit </button>
		<div class="row">
			<div id="all-affectedproducts" class="scrolling" style="width: 300px;">
			{% for product in products %}
				<div class="checkbox">
					<label>
					<input class="checkbox-products" name="addproduct" value="{{product.pk}}" type="checkbox">{{product.long_name}}
					</label>
					<p>
				</div>
			{% endfor %}
			</div>
		</div>
	</div>

	<table class="table table-striped table-condensed" data-testid="vuln-hyperlinks-table">
		<thead>
			<tr>
				<th>Product Name</th>
				<th>Investigation</th>
				<th>Status</th>
				<th>Outcome</th>
				<th>Defect</th>
				<th>Release Version</th>
				{% if request.user.is_creator %}
					<th>Manage</th>
				{% endif %}
			</tr>
		</thead>

		{% if object.vulnerability_investigation.all %}
		  {% for investigation in object.vulnerability_investigation.all %}
			<tr>
				<td><a href="{% url 'product' investigation.product.id %}">{{ investigation.product.long_name }}<a></td>
				<td><a href="{% url 'investigation' investigation.id %}">{{ investigation.name }}<a></td>
				<td>{{ investigation.get_status_text }}</td>
				<td>{{ investigation.get_outcome_text }}</td>
				<td>
				  {% for ij in investigation.investigation_to_defect.all %}
				    {% if not forloop.first %}| {% endif %}<a href="{% url 'defect' ij.defect.id %}">{{ij.defect.name}} </a>
				  {% endfor %}
				</td>
				<td>
				  {% for ij in investigation.investigation_to_defect.all %}
				    {% if not forloop.first %}| {% endif %}<a href="{% url 'defect' ij.defect.id %}">{{ij.defect.release_version}} </a>
				  {% endfor %}
				</td>
				{% if request.user.is_creator %}
				  <td>
					<span class="glyphicon glyphicon-trash trash-investigation" id="affected_trash_'+{{investigation.id}}+'" x-data="{{investigation.id}}"></span>
				  </td>
				{% endif %}
			</tr>
		  {% endfor %}
		{% else %}
			<tr>
				<td>No investigations found</td>
			</tr>
		{% endif %}
	</table>

</div>

<div class="row" style="padding-left: 25px;">
	<h3>Comments
		{% if request.user.is_creator %}
			<button id="select-newcomment" class="btn btn-default" type="button">Add comment ...</button>
		{% endif %}
	</h3>

<div id="input-newcomment" style="padding-left: 50px; display:none;">
	<p><input type="text" id="text-newcomment" size="40">	<button class="execute" id="submit-newcomment"> Submit </button></p>
</div>

	<table class="table table-striped table-condensed" data-testid="vuln-hyperlinks-table">
		<thead>
			<tr>
				<th>Comment</th>
				<th>Date</th>
				<th>Author</th>
				{% if request.user.is_creator %}
					<th>Manage</th>
				{% endif %}
			</tr>
		</thead>

		{% if object.vulnerability_comments.all %}
		  {% for c in object.vulnerability_comments.all %}
			<tr>
				<td>{{ c.comment }}</td>
				<td>{{ c.date }}</td>
				<td>{{ c.author }}</td>
				{% if request.user.is_creator or c.author == request.user.username %}
					<td>
						<span id="config_var_entry_'+configvars_sorted[i][2]+'" class="js-config-var-name"></span>
						<span class="glyphicon glyphicon-trash trash-comment" id="comment_trash_'+{{c.id}}+'" x-data="{{c.id}}"></span>
					</td>
				{% endif %}
			</tr>
		  {% endfor %}
		{% else %}
			<tr>
				<td>No comments found</td>
			</tr>
		{% endif %}
	</table>

</div>

<div class="row" style="padding-left: 25px;">
	<h3>Attachments
		{% if request.user.is_creator %}
			<a class="btn btn-default navbar-btn " id="select-addattachment">Add attachment ... </a>
		{% endif %}
	</h3>

	<div id="details-addattachment" style="padding-left: 50px; display:none;">
		<p><p>
		<div class="row">
			<form id="uploadbanner" enctype="multipart/form-data" method="post">{% csrf_token %}
				 <input id="fileDescription" name="fileDescription" type="text" placeholder="Enter Description" />
			   <input id="fileUpload" name="fileUpload" type="file" />
				 <input type="hidden" id="action" name="action" value="upload">
			   <input type="submit" value="submit file" id="submit-addattachment" />
			</form>
		</div>
	</div>

	<table class="table table-striped table-condensed" data-testid="vuln-hyperlinks-table">
		<thead>
			<tr>
				<th>Comment</th>
				<th>Name</th>
				<th>Size</th>
				<th>Date</th>
				<th>Author</th>
				<th>Manage</th>
			</tr>
		</thead>

		{% if object.vulnerability_uploads.all %}
		  {% for u in object.vulnerability_uploads.all %}
			<tr>
				<td>{{ u.description }}</td>
				<td>{{ u.path|basename }}</td>
				<td>{{ u.size }}</td>
				<td>{{ u.date }}</td>
				<td>{{ u.author }}</td>
				<td>
					<span id="attachment_entry_'+{{u.id}}+'" class="js-config-var-name"></span>
					<form id="downloadbanner" enctype="multipart/form-data" method="post" >{% csrf_token %}
						<input type="hidden" id="action" name="action" value="download">
						<input type="hidden" id="record_id" name="record_id" value={{u.id}}>
						<span class="glyphicon glyphicon-download-alt submit-downloadattachment" id="attachment_download_'+{{u.id}}+'" x-data="{{u.id}}"></span>
						{% if request.user.is_creator %}
							<span class="glyphicon glyphicon-trash trash-attachment" id="attachment_trash_'+{{u.id}}+'" x-data="{{u.id}}"></span>
						{% endif %}
					</form>
				</td>
			</tr>
		  {% endfor %}
		{% else %}
			<tr>
				<td>No comments found</td>
			</tr>
		{% endif %}
	</table>
</div>

<br/>

<div class="row" style="padding-left: 25px;">
	<h3>Change Notifications
		{% if request.user.is_creator %}
			<button id="select-addusernotify" class="btn btn-default" type="button">Add user notification ...</button>
		{% endif %}
	</h3>

	<div id="details-addusernotify" style="padding-left: 50px; display:none;">
  	<p><p>
    <button class="execute" id="submit-addusernotify"> Submit </button>
    <div class="row">
      <p>
      <div id="all-users" class="scrolling" style="width: 300px;">
      {% for user in users %}
  		<div class="checkbox">
  		  <label>
  			<input class="checkbox-users" name="update-users" value="{{user.pk}}" type="checkbox">{{user.name}}
  		  </label>
  		  <p>
  		</div>
  		{% endfor %}
      </div>
    </div>
  </div>

	<table class="table table-striped table-condensed" data-testid="vuln-hyperlinks-table">
		<thead>
			<tr>
				<th>User</th>
				<th>Email</th>
				{% if request.user.is_creator %}
					<th>Manage</th>
				{% endif %}
			</tr>
		</thead>

		{% if object.vulnerability_notification.all %}
		  {% for u in object.vulnerability_notification.all %}
			<tr>
				<td>{{ u.user.name }}</td>
				<td>{{ u.user.email }}</td>
				{% if request.user.is_creator or u.user.name == request.user.username %}
				  <td>
					<span id="attachment_entry_'+{{u.id}}+'" class="js-config-var-name"></span>
					<span class="glyphicon glyphicon-trash trash-usernotification" id="attachment_trash_'+{{u.id}}+'" x-data="{{u.id}}"></span>
				  </td>
				{% endif %}
			</tr>
		  {% endfor %}
		{% else %}
			<tr>
				<td>No users found</td>
			</tr>
		{% endif %}
	</table>

</div>

{% if not object.public %}
  {% if request.user.is_creator %}

	<div class="row" style="padding-left: 25px;">
		<h3>User Access
			{% if request.user.is_creator %}
				<button id="select-adduseraccess" class="btn btn-default" type="button">Add user access ...</button>
			{% endif %}
		</h3>

		<div id="details-adduseraccess" style="padding-left: 50px; display:none;">
			<p><p>
			<button class="execute" id="submit-adduseraccess"> Submit </button>
			<div class="row">
				<p>
				<div id="all-users" class="scrolling" style="width: 300px;">
				{% for user in users %}
				<div class="checkbox">
					<label>
					<input class="checkbox-users" name="access-users" value="{{user.pk}}" type="checkbox">{{user.name}}
					</label>
					<p>
				</div>
				{% endfor %}
				</div>
			</div>
		</div>

		<table class="table table-striped table-condensed" data-testid="vuln-hyperlinks-table">
			<thead>
				<tr>
					<th>User</th>
					<th>Manage</th>
				</tr>
			</thead>

			{% if object.public %}
			<tr>
				<td>All</td>
				<td>
				</td>
			</tr>
			{% endif %}

			{% if object.vulnerability_users.all %}
			  {% for u in object.vulnerability_users.all %}
				<tr>
					<td>{{ u.user.name }}</td>
					<td>
						<span id="attachment_entry_'+{{u.id}}+'" class="js-config-var-name"></span>
						<span class="glyphicon glyphicon-trash trash-useraccess" id="attachment_trash_'+{{u.id}}+'" x-data="{{u.id}}"></span>
					</td>
				</tr>
			  {% endfor %}
			{% else %}
			  {% if not object.public %}
				<tr>
					<td>No users found</td>
				</tr>
			  {% endif %}
			{% endif %}
		</table>

	</div>
  {% endif %}
{% endif %}

<div class="row" style="padding-left: 25px;">
	<h3>History</h3>
	<table class="table table-striped table-condensed" data-testid="vuln-hyperlinks-table">
		<thead>
			<tr>
				<th>Comment</th>
				<th>Date</th>
				<th>Author</th>
			</tr>
		</thead>
		{% if object.vulnerability_history.all %}
		  {% for c in object.vulnerability_history.all %}
			<tr>
				<td>{{ c.comment }}</td>
				<td>{{ c.date }}</td>
				<td>{{ c.author }}</td>
			</tr>
		  {% endfor %}
		{% else %}
			<tr>
				<td>No history found</td>
			</tr>
		{% endif %}
	</table>
</div>

<!-- Javascript support -->
<script>
	var selected_addrelatedproduct=false;
	var selected_addproduct=false;
	var selected_newcomment=false;
	var selected_addusernotify=false;
	var selected_adduseraccess=false;
	var selected_addattachment=false;

    var selected_quickedit=false;
    var selected_notifyedit=false;

	window.onload = function() {
		$("input[name=status][value=" + {{ object.status }} + "]").prop('checked', true);
		$("input[name=outcome][value=" + {{ object.outcome }} + "]").prop('checked', true);
		$("input[name=priority][value=" + {{ object.priority}} + "]").prop('checked', true);
	}

	$(document).ready(function() {
		function onCommitAjaxSuccess(data, textstatus) {
	    if (window.console && window.console.log) {
	      console.log("XHR returned:", data, "(" + textstatus + ")");
	    } else {
	      alert("NO CONSOLE:\n");
	      return;
	    }
	    if (data.error != "ok") {
	      alert("error on request:\n" + data.error);
	      return;
	    }
	    // reload the page with the updated tables
	    location.reload(true);
	  }

	  function onCommitAjaxError(jqXHR, textstatus, error) {
	    console.log("ERROR:"+error+"|"+textstatus);
	    alert("XHR errored1:\n" + error + "\n(" + textstatus + ")");
	  }

	  /* ensure cookie exists {% csrf_token %} */
	  function postCommitAjaxRequest(reqdata) {
		reqdata["vulnerability_id"] = {{ object.id }}
		var ajax = $.ajax({
	      type:"POST",
	      data: reqdata,
	      url:"{% url 'xhr_vulnerability_commit' %}",
	      headers: { 'X-CSRFToken': $.cookie("csrftoken")},
	      success: onCommitAjaxSuccess,
	      error: onCommitAjaxError,
	    })
	  }

		$('#select-addrelatedproduct').click(function(){
			if (selected_addrelatedproduct) {
				selected_addrelatedproduct=false;
				$("#details-addrelatedproduct").slideUp();
			} else {
				selected_addrelatedproduct=true;
				$("#details-addrelatedproduct").slideDown();
			}
		});

		$('#select-addproduct').click(function(){
			if (selected_addproduct) {
				selected_addproduct=false;
				$("#details-addproduct").slideUp();
			} else {
				selected_addproduct=true;
				$("#details-addproduct").slideDown();
			}
		});

		$('#submit-addproduct').click(function(){
			var product_list=[];
		    $('input[name="addproduct"]').each(function(){
				if ($(this).is(':checked')) {
					product_list.push($(this).prop('value'));
				}
			});
            product_list = product_list.join(",");
			if ("" == product_list) {
				alert("No products were selected");
				return;
			}
			postCommitAjaxRequest({
				"action" : 'submit-addproduct',
				"products" : product_list,
				});
		});

		$('.trash-investigation').click(function() {
			var result = confirm("Are you sure?");
			if (result){
				postCommitAjaxRequest({
					"action" : 'submit-trashinvestigation',
					"record_id" : $(this).attr('x-data'),
					});
			}
		});

		$('#select-newcomment').click(function(){
			if (selected_newcomment) {
				selected_newcomment=false;
				$("#input-newcomment").slideUp();
			} else {
				selected_newcomment=true;
				$("#input-newcomment").slideDown();
			}
		});

		$('#submit-newcomment').click(function(){
			var comment=$('#text-newcomment').val().trim()
			if (comment=="") {
				alert("No comment was written");
				return;
			}
			postCommitAjaxRequest({
				"action" : 'submit-newcomment',
				"comment" : comment,
			})
		});

		$('.trash-comment').click(function(){
			var result = confirm("Are you sure?");
			if (result){
				postCommitAjaxRequest({
					"action" : 'submit-trashcomment',
					"record_id" : $(this).attr('x-data'),
					});
			}
		})

		$('#select-addattachment').click(function() {
			if (selected_addattachment) {
				selected_addattachment=false;
				$("#details-addattachment").slideUp();
			} else {
				selected_addattachment=true;
				$("#details-addattachment").slideDown();
			}
		});

		$('.submit-downloadattachment').click(function() {
			$("#downloadbanner").submit();
		});

		$('.trash-attachment').click(function() {
			var result = confirm("Are you sure?");
			if (result){
				postCommitAjaxRequest({
					"action"	:	'submit-trashattachment',
					"record_id" : $(this).attr('x-data'),
				});
			}
		});

		// Open AddUserNotify Action
		$('#select-addusernotify').click(function(){
		  if (selected_addusernotify) {
			selected_addusernotify=false;
			$("#details-addusernotify").slideUp();
		  } else {
			selected_addusernotify=true;
			$("#details-addusernotify").slideDown();
		  }
		});

		$('#submit-addusernotify').click(function(){
		  var user_list=[];
		  $('input[name="update-users"]').each(function(){
			if ($(this).is(':checked')) {
			  user_list.push($(this).prop('value'));
			}
		  });
          user_list = user_list.join(",");
		  if ("" == user_list) {
			alert("No users were selected");
			return;
		  }
		  postCommitAjaxRequest({
			"action" : 'submit-addusernotify',
			"users" : user_list,
			});
		});

		$('.trash-usernotification').click(function(){
			var result = confirm("Are you sure?");
			if (result){
				postCommitAjaxRequest({
					"action" : 'submit-trashusernotification',
					"record_id" : $(this).attr('x-data'),
					});
			}
		})

		$('#select-adduseraccess').click(function(){
			if (selected_adduseraccess) {
				selected_adduseraccess=false;
				$("#details-adduseraccess").slideUp();
			} else {
				selected_adduseraccess=true;
				$("#details-adduseraccess").slideDown();
			}
		});

		$('#submit-adduseraccess').click(function(){
			var user_list=[];
		    $('input[name="access-users"]').each(function(){
				if ($(this).is(':checked')) {
					user_list.push($(this).prop('value'));
				}
			});
            user_list = user_list.join(",");
			if ("" == user_list) {
				alert("No users were selected");
				return;
			}
			postCommitAjaxRequest({
				"action" : 'submit-adduseraccess',
				"users" : user_list,
				});
		});

		$('.trash-useraccess').click(function(){
			var result = confirm("Are you sure?");
			if (result){
				postCommitAjaxRequest({
					"action" : 'submit-trashuseraccess',
					"record_id" : $(this).attr('x-data'),
					});
			}
		})


		$('#select-quickedit').click(function(){
			if (selected_quickedit) {
				selected_quickedit=false;
				$("#details-quickedit").slideUp();
				$("#display-status").slideDown();
                document.getElementById("select-quickedit").innerText = "Edit status...";
                $("#select-quickedit").removeClass("blueborder");
			} else {
				selected_quickedit=true;
				$("#display-status").slideUp();
				$("#details-quickedit").slideDown();
                document.getElementById("select-quickedit").innerText = "Close edit status...";
                $("#select-quickedit").addClass("blueborder");
                document.getElementById("select-status-state").focus();
			}
		});

		$('#submit-quickedit').click(function(){
			var note=$('#text-note').val().trim()
			var private_note=$('#text-private-note').val().trim()
            var priority=$('#select-priority-state').val();
            var status=$('#select-status-state').val();
            var outcome=$('#select-outcome-state').val();
			postCommitAjaxRequest({
				"action" 		: 'submit-quickedit',
				"note"		    : note,
				"private_note"  : private_note,
				"status" 		: status,
				"outcome" 	    : outcome,
				"priority"      : priority,
			});
		});

        $('#select-notification').click(function(){
            if (selected_notifyedit) {
                selected_notifyedit=false;
                $("#details-notify-edit").slideUp();
				$("#display-status").slideDown();
                document.getElementById("select-notification").innerText = "Create Notification ...";
                $("#select-notification").removeClass("blueborder");
            } else {
                selected_notifyedit=true;
				$("#display-status").slideUp();
                $("#details-notify-edit").slideDown();
                document.getElementById("select-notification").innerText = "Close notification";
                $("#select-notification").addClass("blueborder");
                document.getElementById("select-category-notify").focus();
            }
        });

        $('#submit-notification').click(function(){
            var category=$('#select-category-notify').val();
            var priority=$('#select-priority-notify').val();
            var note=$('#notification-note').val().trim();
            var url=$('#notification-url').val().trim();
			var user_list=[];
			$('input[name="notification-users"]').each(function(){
				if ($(this).is(':checked')) {
					user_list.push($(this).prop('value'));
				}
			});
            user_list = user_list.join(",");
			if ("" == user_list) {
				alert("No users were selected");
				return;
			}
            postCommitAjaxRequest({
                "action"        : 'submit-notification',
                "category"      : category,
                "priority"      : priority,
                "note"          : note,
                "url"           : url,
                "users"         : user_list,
                });
        });

		$("#submit-create-investigation").click(function(){
		  var xdata = $(this).attr('x-data').split(':');
          postCommitAjaxRequest({
              "action"        : 'submit-create-investigation',
              "relation"      : xdata[1],
              "product_id"    : xdata[0],
              });
		});

        $('#select-delete').click(function(){
 			var result = confirm("Are you sure?");
			if (result){
				postCommitAjaxRequest({
					"action" : 'submit-trashvulnerability',
					"record_id" : $(this).attr('x-data'),
					});
			}
        });

		/* Set the report link */
		$('#report_link').attr('href',"{% url 'report' request.resolver_match.url_name %}?record_list={{object.id}}");
	});
</script>


{% endblock %}