Class: Comment

Inherits:
Object
  • Object
show all
Includes:
DataMapper::Resource
Defined in:
models/comment.rb

Overview

Resource to store comments made within Vulnreport and attached to other Vulnreport objects

Class Method Summary (collapse)

Instance Method Summary (collapse)

Methods included from DataMapper::Resource

#make_dirty

Class Method Details

+ (Integer) author(repository = nil)

Returns ID of author User

Returns:

  • (Integer)

    ID of author User



14
# File 'models/comment.rb', line 14

property :author,		Integer

+ (String) body(repository = nil)

Returns Comment text

Returns:

  • (String)

    Comment text



20
# File 'models/comment.rb', line 20

property :body,			Text, :length => 8192, :lazy => false

+ (Array<Comments>) commentsForApp(aid, viewer_uid = nil, viewer_orgid = nil)

Get all Comments belonging to given Application

Parameters:

  • aid (Integer)

    ID of Application to get Comments for

  • viewer_uid (Intever) (defaults to: nil)

    ID of User to view as (for permissions). If nil, system is getting comments

  • viewer_orgid (Intever) (defaults to: nil)

    ID of Organization to view as (for permissions). If nil, system is getting comments

Returns:

  • (Array<Comments>)

    Comments attached to given Application, pruned for viewing permissions as needed



121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
# File 'models/comment.rb', line 121

def self.commentsForApp(aid, viewer_uid=nil, viewer_orgid=nil)
	comments = all(:what => LINK_TYPE::APPLICATION, :whatId => aid, :order => [:id.asc])

	return comments if(viewer_uid.nil? || viewer_orgid.nil?)

	#Prune for perms
	app = Application.get(aid)
	comments = comments.delete_if{|c|
		viewer_user = User.get(viewer_uid)
		if(viewer_user.admin || Organization.get(viewer_user.org).super)
			false
			next
		end

		if(c.author == viewer_uid)
			false
			next
		end
		
		testers = Array.new
		app.tests.each do |t|
			testers << t.reviewer unless testers.include?(t.reviewer)
		end

		if(c.vis_tester && (testers.include?(viewer_uid)))
			false 
			next
		end

		authOrg = User.get(c.author).org
		if(c.vis_authOrg && viewer_orgid == authOrg)
			false
			next
		end

		testerOrgs = Array.new
		testers.each do |tr|
			oid = User.get(tr).org
			testerOrgs << oid unless testerOrgs.include?(oid)
		end
		if(c.vis_testOrg && (testerOrgs.include?(viewer_orgid)))
			false
			next
		end

		true
	}

	return comments
end

+ (Array<Comments>) commentsForTest(tid, viewer_uid = nil, viewer_orgid = nil)

Get all Comments belonging to given Test

Parameters:

  • tid (Integer)

    ID of Test to get Comments for

  • viewer_uid (Intever) (defaults to: nil)

    ID of User to view as (for permissions). If nil, system is getting comments

  • viewer_orgid (Intever) (defaults to: nil)

    ID of Organization to view as (for permissions). If nil, system is getting comments

Returns:

  • (Array<Comments>)

    Comments attached to given Test, pruned for viewing permissions as needed



178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
# File 'models/comment.rb', line 178

def self.commentsForTest(tid, viewer_uid=nil, viewer_orgid=nil)
	comments = all(:what => LINK_TYPE::TEST, :whatId => tid, :order => [:id.asc])

	return comments if(viewer_uid.nil? || viewer_orgid.nil?)

	#Prune for perms
	test = Test.get(tid)
	comments = comments.delete_if{|c|
		viewer_user = User.get(viewer_uid)
		if(viewer_user.admin || Organization.get(viewer_user.org).super)
			false
			next
		end

		if(c.author == viewer_uid)
			false
			next
		end
		
		tester = test.reviewer
		if(c.vis_tester && (tester == viewer_uid))
			false 
			next
		end

		authOrg = User.get(c.author).org
		if(c.vis_authOrg && viewer_orgid == authOrg)
			false
			next
		end

		testerOrg = User.get(tester).org
		if(c.vis_testOrg && viewer_orgid == testerOrg)
			false
			next
		end

		true
	}

	return comments
end

+ (Array<Comments>) commentsForVuln(vid, viewer_uid = nil, viewer_orgid = nil)

Get all Comments belonging to given Vulnerability

Parameters:

  • vid (Integer)

    ID of Vulnerability to get Comments for

  • viewer_uid (Intever) (defaults to: nil)

    ID of User to view as (for permissions). If nil, system is getting comments

  • viewer_orgid (Intever) (defaults to: nil)

    ID of Organization to view as (for permissions). If nil, system is getting comments

Returns:

  • (Array<Comments>)

    Comments attached to given Vulnerability, pruned for viewing permissions as needed



227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
# File 'models/comment.rb', line 227

def self.commentsForVuln(vid, viewer_uid=nil, viewer_orgid=nil)
	comments = all(:what => LINK_TYPE::VULN, :whatId => vid, :order => [:id.asc])

	return comments if(viewer_uid.nil? || viewer_orgid.nil?)

	#Prune for perms
	vuln = Vulnerability.get(vid)
	comments = comments.delete_if{|c|
		viewer_user = User.get(viewer_uid)
		if(viewer_user.admin || Organization.get(viewer_user.org).super)
			false
			next
		end

		if(c.author == viewer_uid)
			false
			next
		end
		
		tester = vuln.test.reviewer
		if(c.vis_tester && (tester == viewer_uid))
			false 
			next
		end

		authOrg = User.get(c.author).org
		if(c.vis_authOrg && viewer_orgid == authOrg)
			false
			next
		end

		testerOrg = User.get(tester).org
		if(c.vis_testOrg && viewer_orgid == testerOrg)
			false
			next
		end

		true
	}

	return comments
end

+ (DateTime) created_at(repository = nil)

Returns Date/Time Comment created (DM Handled)

Returns:

  • (DateTime)

    Date/Time Comment created (DM Handled)



22
# File 'models/comment.rb', line 22

property :created_at, 	DateTime

+ (Integer) id(repository = nil)

Returns Primary Key

Returns:

  • (Integer)

    Primary Key



13
# File 'models/comment.rb', line 13

property :id,			Serial

+ (DateTime) updated_at(repository = nil)

Returns Date/Time Comment last updated (DM Handled)

Returns:

  • (DateTime)

    Date/Time Comment last updated (DM Handled)



23
# File 'models/comment.rb', line 23

property :updated_at, 	DateTime

+ (Array<Integer>) views(repository = nil)

Returns IDs of Users who have viewed this Comment

Returns:

  • (Array<Integer>)

    IDs of Users who have viewed this Comment



21
# File 'models/comment.rb', line 21

property :views,		Object, :default => []

+ (Boolean) vis_authOrg(repository = nil)

Returns True if comment is visible to author User's Organization

Returns:



17
# File 'models/comment.rb', line 17

property :vis_authOrg,	Boolean, :default => true

+ (Boolean) vis_tester(repository = nil)

Returns True if comment is visible to reviewer User

Returns:

  • (Boolean)

    True if comment is visible to reviewer User



18
# File 'models/comment.rb', line 18

property :vis_tester,	Boolean, :default => true

+ (Boolean) vis_testOrg(repository = nil)

Returns True if comment is visible to reviewer User's Organization

Returns:



19
# File 'models/comment.rb', line 19

property :vis_testOrg,	Boolean, :default => true

+ (LINK_TYPE) what(repository = nil)

Returns Type of resource this comment is attached to

Returns:

  • (LINK_TYPE)

    Type of resource this comment is attached to



15
# File 'models/comment.rb', line 15

property :what,			Integer

+ (Integer) whatId(repository = nil)

Returns ID of resource this comment is attached to

Returns:

  • (Integer)

    ID of resource this comment is attached to



16
# File 'models/comment.rb', line 16

property :whatId,		Integer

Instance Method Details

- (Integer) author

Returns ID of author User

Returns:

  • (Integer)

    ID of author User



14
# File 'models/comment.rb', line 14

property :author,		Integer

- (Integer) author=(value)

Returns ID of author User

Returns:

  • (Integer)

    ID of author User



14
# File 'models/comment.rb', line 14

property :author,		Integer

- (String) body

Returns Comment text

Returns:

  • (String)

    Comment text



20
# File 'models/comment.rb', line 20

property :body,			Text, :length => 8192, :lazy => false

- (String) body=(value)

Returns Comment text

Returns:

  • (String)

    Comment text



20
# File 'models/comment.rb', line 20

property :body,			Text, :length => 8192, :lazy => false

- (DateTime) created_at

Returns Date/Time Comment created (DM Handled)

Returns:

  • (DateTime)

    Date/Time Comment created (DM Handled)



22
# File 'models/comment.rb', line 22

property :created_at, 	DateTime

- (DateTime) created_at=(value)

Returns Date/Time Comment created (DM Handled)

Returns:

  • (DateTime)

    Date/Time Comment created (DM Handled)



22
# File 'models/comment.rb', line 22

property :created_at, 	DateTime

- (Integer) id

Returns Primary Key

Returns:

  • (Integer)

    Primary Key



13
# File 'models/comment.rb', line 13

property :id,			Serial

- (Integer) id=(value)

Returns Primary Key

Returns:

  • (Integer)

    Primary Key



13
# File 'models/comment.rb', line 13

property :id,			Serial

- (Boolean) isUnseen?(uid)

Check if given User has viewed this Comment

Parameters:

  • uid (Integer)

    ID of User to check seen state for

Returns:

  • (Boolean)

    True if given User has viewed Comment



274
275
276
# File 'models/comment.rb', line 274

def isUnseen?(uid)
	return (!self.views.include?(uid))
end

- (Void) markSeen(uid)

Mark comment as seen by given User

Parameters:

  • uid (Integer)

    ID of User to mark as having seen Comment

Returns:

  • (Void)


282
283
284
285
286
287
288
289
290
# File 'models/comment.rb', line 282

def markSeen(uid)
	v = Array.new
	self.views.map{|x| v << x}
	if(!v.include?(uid))
		v << uid
	end
	self.views = v
	self.save
end

- (Void) notify

Before the Comment is created, create the appropriate Notifications so that Users are alerted to view the Comment.

If Application, notify previous commenters and reviewer for active Tests if one/they exist(s). Notify approvers of those Tests if they were contractor tests.

If Test, notify previous commenters and approver if Test was a contractor test

If Vulnerability, notify previous commenters and reviewer of Test attached to. Notify approvers of those Tests if they were contractor tests.

Returns:

  • (Void)


39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
# File 'models/comment.rb', line 39

def notify
	toNotify_reply = Array.new
	toNotify_owner = Array.new
	toNotify_approver = Array.new
	comments = nil

	if(self.what == LINK_TYPE::APPLICATION)
		comments = Comment.commentsForApp(self.whatId)
		
		#App has no "owner", so notify tester for active test if one exists
		app = Application.get(self.whatId)
		app.tests.each do |t|
			toNotify_owner << t.reviewer unless toNotify_owner.include?(t.reviewer)

			if(t.contractor_test && !t.approved_by.nil?)
				toNotify_approver << t.approved_by
			end
		end
	elsif(self.what == LINK_TYPE::TEST)
		comments = Comment.commentsForTest(self.whatId)

		#test owner
		test = Test.get(self.whatId)
		toNotify_owner << test.reviewer

		if(test.contractor_test && !test.approved_by.nil? && test.approved_by > 0)
			toNotify_approver << test.approved_by
		end
	elsif(self.what == LINK_TYPE::VULN)
		comments = Comment.commentsForVuln(self.whatId)

		#test owner
		vuln = Vulnerability.get(self.whatId)
		toNotify_owner << vuln.test.reviewer

		if(vuln.test.contractor_test && !vuln.test.approved_by.nil? && vuln.test.approved_by > 0)
			toNotify_approver << vuln.test.approved_by
		end
	end

	comments.each do |c|
		toNotify_reply << c.author unless toNotify_reply.include?(c.author)
	end

	toNotify_owner.each do |u|
		next if toNotify_reply.include?(u)
		next if u == self.author

		if(self.what == LINK_TYPE::APPLICATION)
			Notification.create(:uidToNotify => u, :what => self.what, :whatId => self.whatId, :notifClass => NOTIF_CLASS::COMMENT_APP)
		elsif(self.what == LINK_TYPE::TEST)
			Notification.create(:uidToNotify => u, :what => self.what, :whatId => self.whatId, :notifClass => NOTIF_CLASS::COMMENT_TEST)
		elsif(self.what == LINK_TYPE::VULN)
			Notification.create(:uidToNotify => u, :what => self.what, :whatId => self.whatId, :notifClass => NOTIF_CLASS::COMMENT_VULN)
		end
	end

	toNotify_approver.each do |u|
		next if toNotify_reply.include?(u)
		next if u == self.author

		if(self.what == LINK_TYPE::APPLICATION)
			Notification.create(:uidToNotify => u, :what => self.what, :whatId => self.whatId, :notifClass => NOTIF_CLASS::COMMENT_APP_APPROVER)
		elsif(self.what == LINK_TYPE::TEST)
			Notification.create(:uidToNotify => u, :what => self.what, :whatId => self.whatId, :notifClass => NOTIF_CLASS::COMMENT_TEST_APPROVER)
		elsif(self.what == LINK_TYPE::VULN)
			Notification.create(:uidToNotify => u, :what => self.what, :whatId => self.whatId, :notifClass => NOTIF_CLASS::COMMENT_VULN_APPROVER)
		end
	end

	toNotify_reply.each do |u|
		next if u == self.author
		Notification.create(:uidToNotify => u, :what => self.what, :whatId => self.whatId, :notifClass => NOTIF_CLASS::REPLY_TO_COMMENT)
	end
end

- (DateTime) updated_at

Returns Date/Time Comment last updated (DM Handled)

Returns:

  • (DateTime)

    Date/Time Comment last updated (DM Handled)



23
# File 'models/comment.rb', line 23

property :updated_at, 	DateTime

- (DateTime) updated_at=(value)

Returns Date/Time Comment last updated (DM Handled)

Returns:

  • (DateTime)

    Date/Time Comment last updated (DM Handled)



23
# File 'models/comment.rb', line 23

property :updated_at, 	DateTime

- (Array<Integer>) views

Returns IDs of Users who have viewed this Comment

Returns:

  • (Array<Integer>)

    IDs of Users who have viewed this Comment



21
# File 'models/comment.rb', line 21

property :views,		Object, :default => []

- (Array<Integer>) views=(value)

Returns IDs of Users who have viewed this Comment

Returns:

  • (Array<Integer>)

    IDs of Users who have viewed this Comment



21
# File 'models/comment.rb', line 21

property :views,		Object, :default => []

- (Boolean) vis_authOrg

Returns True if comment is visible to author User's Organization

Returns:



17
# File 'models/comment.rb', line 17

property :vis_authOrg,	Boolean, :default => true

- (Boolean) vis_authOrg=(value)

Returns True if comment is visible to author User's Organization

Returns:



17
# File 'models/comment.rb', line 17

property :vis_authOrg,	Boolean, :default => true

- (Boolean) vis_tester

Returns True if comment is visible to reviewer User

Returns:

  • (Boolean)

    True if comment is visible to reviewer User



18
# File 'models/comment.rb', line 18

property :vis_tester,	Boolean, :default => true

- (Boolean) vis_tester=(value)

Returns True if comment is visible to reviewer User

Returns:

  • (Boolean)

    True if comment is visible to reviewer User



18
# File 'models/comment.rb', line 18

property :vis_tester,	Boolean, :default => true

- (Boolean) vis_testOrg

Returns True if comment is visible to reviewer User's Organization

Returns:



19
# File 'models/comment.rb', line 19

property :vis_testOrg,	Boolean, :default => true

- (Boolean) vis_testOrg=(value)

Returns True if comment is visible to reviewer User's Organization

Returns:



19
# File 'models/comment.rb', line 19

property :vis_testOrg,	Boolean, :default => true

- (String) visibility_str

Returns A human-readable/UI string representing view permissions for this Comment

Returns:

  • (String)

    A human-readable/UI string representing view permissions for this Comment



294
295
296
297
298
299
300
301
302
303
# File 'models/comment.rb', line 294

def visibility_str
	return "Visible to All" if(vis_authOrg && vis_tester && vis_testOrg)
	return "Visible to Only Me" if(!vis_authOrg && !vis_tester && !vis_testOrg)
	
	v = []
	v << "Tester" if(vis_tester)
	v << "Author's Org" if(vis_authOrg)
	v << "Tester's Org" if(vis_testOrg)
	return "Visible to " + v.join(", ")
end

- (LINK_TYPE) what

Returns Type of resource this comment is attached to

Returns:

  • (LINK_TYPE)

    Type of resource this comment is attached to



15
# File 'models/comment.rb', line 15

property :what,			Integer

- (LINK_TYPE) what=(value)

Returns Type of resource this comment is attached to

Returns:

  • (LINK_TYPE)

    Type of resource this comment is attached to



15
# File 'models/comment.rb', line 15

property :what,			Integer

- (Integer) whatId

Returns ID of resource this comment is attached to

Returns:

  • (Integer)

    ID of resource this comment is attached to



16
# File 'models/comment.rb', line 16

property :whatId,		Integer

- (Integer) whatId=(value)

Returns ID of resource this comment is attached to

Returns:

  • (Integer)

    ID of resource this comment is attached to



16
# File 'models/comment.rb', line 16

property :whatId,		Integer