/**
* Add a new environment and one EnvironmentProperty for each defined property
*
* @param application
* @param environmentName
* @return
* @throws ValidationException
*/
@Override
public Environment addEnvironment(Application application, String environmentName)
throws ValidationException {
Application app = applicationDAO.findById(application.getId());
if (app == null) {
String[] inserts = new String[] {application.getId().toString()};
throw validationException(INVALID_APPLICATION_MESSAGE, inserts);
}
for (Environment e : app.getEnvironmentList()) {
if (e.getName().equals(environmentName)) {
String[] inserts = new String[] {environmentName, app.getName()};
throw validationException(DUPLICATE_ENVIRONMENT_MESSAGE, inserts);
}
}
Environment e = new Environment();
e.setName(environmentName);
app.addEnvironment(e);
e = environmentDAO.create(e);
for (Property p : app.getPropertyList()) {
EnvironmentProperty ep = new EnvironmentProperty();
ep.setEnvironment(e);
ep.setProperty(p);
environmentPropertyDAO.create(ep);
}
return e;
}
/**
* @param application
* @param propertyName
* @return
* @throws ValidationException
*/
@Override
public Property addProperty(Application application, String propertyName)
throws ValidationException {
Application app = applicationDAO.findById(application.getId());
if (app == null) {
String[] inserts = new String[] {application.getId().toString()};
throw validationException(INVALID_APPLICATION_MESSAGE, inserts);
}
for (Property p : app.getPropertyList()) {
if (p.getName().equals(propertyName)) {
String[] inserts = new String[] {propertyName, app.getName()};
throw validationException(DUPLICATE_PROPERTY_MESSAGE, inserts);
}
}
Property p = new Property();
p.setName(propertyName);
app.addProperty(p);
p = propertyDAO.create(p);
for (Environment e : app.getEnvironmentList()) {
EnvironmentProperty ep = new EnvironmentProperty();
ep.setEnvironment(e);
ep.setProperty(p);
environmentPropertyDAO.create(ep);
}
return p;
}
@Test
public void canUserEditApplicationTest() {
// Initial setup
User user = getUser();
userService.add(user);
Organization organization = createOrganization();
Category category = createCategory(organization);
organization.getCategories().add(category);
Application application =
createApplication(category, "Test Application", AppState.GROUP_PUBLISH);
Group group = createGroup(organization);
group.getOwnedApplications().add(application);
entityManager.flush();
createUserDomain(user, group.getId(), DomainType.GROUP, UserRole.ROLE_GROUP_ADMIN);
entityManager.flush();
assertTrue(userService.canUserEditApplication(user.getId(), application.getId()));
// Reset
userService.delete(user.getId());
ReflectionTestUtils.setField(this, "user", null);
entityManager.flush();
// Test if org admin can edit application
user = getUser();
userService.add(user);
entityManager.flush();
createUserDomain(user, organization.getId(), DomainType.ORGANIZATION, UserRole.ROLE_ORG_ADMIN);
entityManager.flush();
assertTrue(userService.canUserEditApplication(user.getId(), application.getId()));
// Reset
userService.delete(user.getId());
ReflectionTestUtils.setField(this, "user", null);
entityManager.flush();
// Test user is org user
user = getUser();
userService.add(user);
entityManager.flush();
createUserDomain(user, organization.getId(), DomainType.ORGANIZATION, UserRole.ROLE_ORG_USER);
entityManager.flush();
assertFalse(userService.canUserEditApplication(user.getId(), application.getId()));
// Reset
userService.delete(user.getId());
ReflectionTestUtils.setField(this, "user", null);
entityManager.flush();
// Test user is not part of organization and not group admin
user = getUser();
userService.add(user);
entityManager.flush();
assertFalse(userService.canUserEditApplication(user.getId(), application.getId()));
}
/**
* @param application
* @return
* @throws ValidationException
*/
@Override
public List<EnvironmentProperty> getEnvironmentPropertiesForApplication(Application application)
throws ValidationException {
Query q =
em.createQuery(
"select distinct ep from EnvironmentProperty ep where ep.property.application.id=:applicationId");
q.setParameter("applicationId", application.getId());
return q.getResultList();
}
@Override
public ArrayList<ApplicationTemplate> getApplicationTemplates(Application app) {
ArrayList<ApplicationTemplate> result = new ArrayList<ApplicationTemplate>();
final StoreDB.Api api = store.getApi();
try {
final ArrayList<ApplicationTemplate> fromCache =
cacheApp.getApplicationTemplates(app.getId());
if (fromCache != null) {
return fromCache;
}
return cacheApp.putApplicationTemplates(
app.getId(), toClientApplicationTemplates(api.getAppTemplatesByApp(app.getId())));
} catch (SQLException ex) {
log.log(Level.SEVERE, ex.getLocalizedMessage(), ex);
} finally {
api.close();
}
return result;
}
@Override
@SuppressWarnings("unchecked")
public List<Vulnerability> getFalsePositiveVulnCount(Application application, boolean value) {
return sessionFactory
.getCurrentSession()
.createQuery(
"from Vulnerability vuln where vuln.application = :appId "
+ "and vuln.isFalsePositive = :fp")
.setBoolean("fp", value)
.setInteger("appId", application.getId())
.list();
}
/**
* Methode permettant de mettre l'application dans un état particulier pour se prémunir d'éventuel
* problème de concurrence au niveau métier
*/
@Override
@Transactional
public void setStatus(Application application, Status status) throws ServiceException {
try {
Application _application = applicationDAO.findOne(application.getId());
_application.setStatus(status);
application.setStatus(status);
applicationDAO.saveAndFlush(_application);
} catch (PersistenceException e) {
throw new ServiceException(e.getLocalizedMessage(), e);
}
}
