CVETool: Implement LATER

author: Alex Legler <alex@a3li.li> 2010-09-27 22:12:22 +0200
committer: Alex Legler <alex@a3li.li> 2010-09-27 22:12:22 +0200
commit: 9f884d62aea511cc65532323e60de12764cb1b14 (patch)
tree: f11395995ab1dad77d5921870573150bad9bf81d /app
parent: lib/glsamaker/xml: Allow passing of options in GLSAMAKER_XMLINDENT (diff)
download: glsamaker-9f884d62aea511cc65532323e60de12764cb1b14.tar.gz
glsamaker-9f884d62aea511cc65532323e60de12764cb1b14.tar.bz2
glsamaker-9f884d62aea511cc65532323e60de12764cb1b14.zip
4 files changed, 98 insertions, 1 deletions
diff --git a/app/controllers/cve_controller.rb b/app/controllers/cve_controller.rb
index 4281b5a..125a7b6 100644
--- a/app/controllers/cve_controller.rb
+++ b/app/controllers/cve_controller.rb
@@ -167,7 +167,18 @@ class CveController < ApplicationController
     render :text => e.message, :status => 500
   end
 
-  def commit
+  def later
+    @cves = params[:cves].split(',').map{|cve| Integer(cve)}
+    logger.debug { "LATER CVElist: " + @cves.inspect + " Reason: " + params[:reason] }
+
+    @cves.each do |cve_id|
+      CVE.find(cve_id).later(current_user, params[:reason])
+    end
+
+    render :text => "ok"
+  rescue Exception => e
+    log_error e
+    render :text => e.message, :status => 500
   end
 
 end
diff --git a/app/models/cve.rb b/app/models/cve.rb
index 0bdc2d8..bb4317d 100644
--- a/app/models/cve.rb
+++ b/app/models/cve.rb
@@ -81,6 +81,25 @@ class CVE < ActiveRecord::Base
     save!
   end
   
+  def later(user, reason = nil)
+    self.cve_changes.create!(
+      :user => user,
+      :action => 'later',
+      :object => reason
+    )
+    
+    self.state = 'LATER'
+    save!
+  end
+  
+  def add_comment(user, comment, confidential = false)
+    self.comments << CVEComment.create!(
+      :user => user,
+      :confidential => confidential,
+      :comment => comment
+    )
+  end
+  
   # Decorates the output of field with a color, depending on the status
   def colorize(field = :cve_id)
     "<span class='cvename cve-%s'>%s</span>" % [state.downcase, self[field]]
diff --git a/app/views/cve/_later.js.erb b/app/views/cve/_later.js.erb
new file mode 100644
index 0000000..0be1726
--- /dev/null
+++ b/app/views/cve/_later.js.erb
@@ -0,0 +1,65 @@
+/** Latering **/
+uki(
+  { view: 'Popup', rect: '500 300', anchors: 'left top', id: 'later-popup', hideOnClick: false, relativeTo: uki('#popup'), childViews: [
+      { view: 'Label', rect: '10 10 480 20', anchors: 'top', html: '<strong>The following CVEs will be marked as LATER:</strong>', id: 'cve-later-title'},
+      { view: 'ScrollableList', rect: '10 35 480 190', anchors: 'top left right bottom', id: 'cve-later-list' },
+      { view: 'TextField', rect: '10 235 480 22', anchors: 'left top right', placeholder: 'Add a (public) comment', id: 'later-comment' },
+      { view: 'Button', rect: '345 265 70 24', anchors: 'bottom right', id: 'cve-later-cancel', text: 'Cancel' },
+      { view: 'Button', rect: '420 265 70 24', anchors: 'bottom right', id: 'cve-later-go', text: 'Commit' }
+    ]
+  }
+);
+
+uki("#cve-mark-later").click(
+  function() {
+    var sel = uki('Table').selectedRows();
+
+    if (sel.length < 1) {
+      alert("Please select at least one CVE.");
+      return false;
+    }
+
+    var data = new Array();
+    cve_later_data = new Array();
+
+    for (var i = 0; i < sel.length; i++) {
+      data.push("(" + sel[i][1] + ") " + sel[i][2]);
+      cve_later_data.push(sel[i][0]);
+    }
+
+    uki('#cve-later-list').data(data);
+
+    uki('#later-comment').value('');
+    uki('#later-popup').show();
+
+    uki('#cve-later-go').focus();
+  }
+);
+
+uki('#cve-later-go').click(
+  function() {
+    if (cve_later_data < 1) {
+      alert("Error. Internal CVE list empty.");
+      return;
+      uki('#later-popup').hide();
+    }
+    
+    new Ajax.Request('/cve/later', {
+      parameters: { cves: cve_later_data.join(','), reason: uki('#later-comment').value() },
+      onSuccess: function(response) {
+        uki('#later-popup').hide();
+        reloadTable();
+      },
+      onFailure: function(response) {
+        alert("Could not process your request:\n\n" + response.responseText);
+      }
+    });
+  }
+);
+
+uki('#cve-later-cancel').click(
+  function() {
+    uki('#later-popup').hide();
+  }
+);
+/** Latering end **/
+\ No newline at end of file
diff --git a/app/views/cve/list.html.erb b/app/views/cve/list.html.erb
index 46955a4..d5df191 100644
--- a/app/views/cve/list.html.erb
+++ b/app/views/cve/list.html.erb
@@ -43,6 +43,8 @@ uki(
 
 <%= render :partial => 'nfu.js' %>
 
+<%= render :partial => 'later.js' %>
+
 // searchable model
 window.DummyModel = uki.newClass(Searchable, new function() {
     this.init = function(data) {
author	Alex Legler <alex@a3li.li>	2010-09-27 22:12:22 +0200
committer	Alex Legler <alex@a3li.li>	2010-09-27 22:12:22 +0200
commit	9f884d62aea511cc65532323e60de12764cb1b14 (patch)
tree	f11395995ab1dad77d5921870573150bad9bf81d /app
parent	lib/glsamaker/xml: Allow passing of options in GLSAMAKER_XMLINDENT (diff)
download	glsamaker-9f884d62aea511cc65532323e60de12764cb1b14.tar.gz glsamaker-9f884d62aea511cc65532323e60de12764cb1b14.tar.bz2 glsamaker-9f884d62aea511cc65532323e60de12764cb1b14.zip