Rename organizationId by organization; check organization before crea…

…te/update an user
pitapit45456 · Feb 9, 2018 · bc6df89 · bc6df89
1 parent 88362c0
commit bc6df89
Show file tree

Hide file tree

Showing 5 changed files with 30 additions and 15 deletions.
diff --git a/app/org/thp/cortex/controllers/JobCtrl.scala b/app/org/thp/cortex/controllers/JobCtrl.scala
@@ -68,7 +68,7 @@ class JobCtrl @Inject() (
       for {
         job ← jobSrv.get(jobId)
         organization ← userSrv.getOrganizationId(request.userId)
-        _ ← if (job.organizationId() == organization) jobSrv.delete(jobId)
+        _ ← if (job.organization() == organization) jobSrv.delete(jobId)
         else Future.failed(NotFoundError(s"job $jobId not found"))
       } yield NoContent
   }

diff --git a/app/org/thp/cortex/controllers/UserCtrl.scala b/app/org/thp/cortex/controllers/UserCtrl.scala
@@ -11,7 +11,7 @@ import play.api.libs.json.{ JsObject, Json }
 import play.api.mvc._
 
 import org.thp.cortex.models.Roles
-import org.thp.cortex.services.UserSrv
+import org.thp.cortex.services.{ OrganizationSrv, UserSrv }
 
 import org.elastic4play.models.JsonFormat.baseModelEntityWrites
 import org.elastic4play.services.JsonFormat.queryReads
@@ -23,6 +23,7 @@ import org.elastic4play.{ AuthorizationError, MissingAttributeError, Timed }
 class UserCtrl @Inject() (
     userSrv: UserSrv,
     authSrv: AuthSrv,
+    organizationSrv: OrganizationSrv,
     authenticated: Authenticated,
     renderer: Renderer,
     fieldsBodyParser: FieldsBodyParser,
@@ -33,7 +34,12 @@ class UserCtrl @Inject() (
 
   @Timed
   def create: Action[Fields] = authenticated(Roles.admin).async(fieldsBodyParser) { implicit request ⇒
-    userSrv.create(request.body)
+    // Check if organization is valid
+    request.body.getString("organization")
+      .fold(Future.successful(())) { organizationId ⇒
+        organizationSrv.get(organizationId).map(_ ⇒ ())
+      }
+      .flatMap { _ ⇒ userSrv.create(request.body) }
       .map(user ⇒ renderer.toOutput(CREATED, user))
   }
 
@@ -58,10 +64,17 @@ class UserCtrl @Inject() (
       else if (request.body.contains("status") && !request.authContext.roles.contains(Roles.admin)) {
         Future.failed(AuthorizationError("You are not permitted to change user status"))
       }
+      else if (request.body.contains("organization") && !request.authContext.roles.contains(Roles.admin)) {
+        Future.failed(AuthorizationError("You are not permitted to change user organization"))
+      }
       else {
-        userSrv.update(id, request.body.unset("password").unset("key")).map { user ⇒
-          renderer.toOutput(OK, user)
-        }
+        // Check if organization is valid
+        request.body.getString("organization")
+          .fold(Future.successful(())) { organizationId ⇒
+            organizationSrv.get(organizationId).map(_ ⇒ ())
+          }
+          .flatMap { _ ⇒ userSrv.update(id, request.body.unset("password").unset("key")) }
+          .map { user ⇒ renderer.toOutput(OK, user) }
       }
     }
     else {

diff --git a/app/org/thp/cortex/models/Job.scala b/app/org/thp/cortex/models/Job.scala
@@ -19,7 +19,7 @@ trait JobAttributes { _: AttributeDef ⇒
   val analyzerDefinitionId = attribute("analyzerDefinitionId", F.stringFmt, "Analyzer definition id", O.readonly)
   val analyzerId = attribute("analyzerId", F.stringFmt, "Analyzer id", O.readonly)
   val analyzerName = attribute("analyzerName", F.stringFmt, "Analyzer name", O.readonly)
-  val organizationId = attribute("organizationId", F.stringFmt, "Organization ID", O.readonly)
+  val organization = attribute("organization", F.stringFmt, "Organization ID", O.readonly)
   val status = attribute("status", F.enumFmt(JobStatus), "Status of the job")
   val startDate = optionalAttribute("startDate", F.dateFmt, "Analysis start date")
   val endDate = optionalAttribute("endDate", F.dateFmt, "Analysis end date")
@@ -38,6 +38,8 @@ trait JobAttributes { _: AttributeDef ⇒
 class JobModel @Inject() () extends ModelDef[JobModel, Job]("job", "Job", "/job") with JobAttributes with AuditedModel {
 
   override val removeAttribute: JsObject = Json.obj("status" -> JobStatus.Deleted)
+
+  override def defaultSortBy: Seq[String] = Seq("-createdAt")
 }
 
 class Job(model: JobModel, attributes: JsObject) extends EntityDef[JobModel, Job](model, attributes) with JobAttributes {

diff --git a/app/org/thp/cortex/services/JobSrv.scala b/app/org/thp/cortex/services/JobSrv.scala
@@ -93,7 +93,7 @@ class JobSrv(
     }
     else {
       val futureSource = userSrv.getOrganizationId(authContext.userId).map { organizationId ⇒
-        findSrv[M, E](m, queryDef("organizationId" ~= organizationId), range, sortBy)
+        findSrv[M, E](m, queryDef("organization" ~= organizationId), range, sortBy)
       }
       val source = Source.fromFutureSource(futureSource.map(_._1)).mapMaterializedValue(_ ⇒ NotUsed)
       source -> futureSource.flatMap(_._2)
@@ -130,7 +130,7 @@ class JobSrv(
 
   def findForOrganization(organizationId: String, queryDef: QueryDef, range: Option[String], sortBy: Seq[String]): (Source[Job, NotUsed], Future[Long]) = {
     import org.elastic4play.services.QueryDSL._
-    find(and("organizationId" ~= organizationId, queryDef), range, sortBy)
+    find(and("organization" ~= organizationId, queryDef), range, sortBy)
   }
 
   def stats(queryDef: QueryDef, aggs: Seq[Agg]): Future[JsObject] = findSrv(jobModel, queryDef, aggs: _*)
@@ -244,7 +244,7 @@ class JobSrv(
             "analyzerDefinitionId" -> analyzer.analyzerDefinitionId(),
             "analyzerId" -> analyzer.id,
             "analyzerName" -> analyzer.name(),
-            "organizationId" -> analyzer.parentId,
+            "organization" -> analyzer.parentId,
             "status" -> JobStatus.Waiting,
             "dataType" -> dataType,
             "tlp" -> tlp,

diff --git a/www/src/app/pages/jobs/components/jobs.list.html b/www/src/app/pages/jobs/components/jobs.list.html
@@ -24,7 +24,7 @@
           <h4 class="media-heading text-primary">
              <strong>[{{job.dataType}}]</strong> {{(isFile ? job.filename : job.data) | fang | limitTo:200}}
           </h4>
-          <div class="row mt-xs text-muted">            
+          <div class="row mt-xs text-muted">
             <div class="col-sm-3">
               <strong>Analyzer:</strong>
               <span>{{job.analyzerName}}</span>
@@ -39,14 +39,14 @@ <h4 class="media-heading text-primary">
             </div>
             <div class="col-sm-3">
               <strong>Organization:</strong>
-              <span>{{job.organizationId}}</span>
-            </div>            
+              <span>{{job.organization}}</span>
+            </div>
           </div>
           <div ng-if="job.status === 'Failure'" class="row mt-xs text-danger wrap">
             <div class="col-sm-12">
               <i class="fa fa-exclamation-triangle"></i> {{job.message}}
-            </div>            
-          </div>                    
+            </div>
+          </div>
         </div>
         <div class="flex-col flex-icon">
           <a class="text-primary" ui-sref="main.job-report({id: job.id})">