benoit@0: # -*- encoding: utf-8 -*- benoit@0: # Description: benoit@7: # The Document Blueprint benoit@0: # benoit@0: # Authors: benoit@0: # BenoƮt Allard benoit@0: # benoit@0: # Copyright: benoit@0: # Copyright (C) 2014 Greenbone Networks GmbH benoit@0: # benoit@0: # This program is free software; you can redistribute it and/or benoit@0: # modify it under the terms of the GNU General Public License benoit@0: # as published by the Free Software Foundation; either version 2 benoit@0: # of the License, or (at your option) any later version. benoit@0: # benoit@0: # This program is distributed in the hope that it will be useful, benoit@0: # but WITHOUT ANY WARRANTY; without even the implied warranty of benoit@0: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the benoit@0: # GNU General Public License for more details. benoit@0: # benoit@0: # You should have received a copy of the GNU General Public License benoit@0: # along with this program; if not, write to the Free Software benoit@0: # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. benoit@0: benoit@7: from flask import (Blueprint, render_template, abort, redirect, request, benoit@66: url_for, flash) benoit@0: benoit@62: from farolluz.cvrf import (CVRFNote, CVRFReference, CVRFPublisher, benoit@62: CVRFTracking, CVRFTrackingID, CVRFGenerator, CVRFRevision, benoit@7: CVRFAggregateSeverity) benoit@7: from farolluz.renderer import utcnow benoit@0: benoit@60: from .controller import (update_note_from_request, create_note_from_request, benoit@61: update_reference_from_request, create_reference_from_request, benoit@63: update_acknowledgment_from_request, create_acknowledgment_from_request, benoit@127: split_fields, parseDate, parseVersion) benoit@7: from .session import document_required, get_current benoit@0: benoit@7: benoit@7: document = Blueprint('document', __name__) benoit@7: benoit@7: @document.route('/') benoit@0: @document_required benoit@7: def view(): benoit@0: cvrf = get_current() benoit@7: return render_template('document/view.j2', cvrf=cvrf) benoit@0: benoit@7: @document.route('/title/edit', methods=['GET', 'POST']) benoit@0: @document_required benoit@0: def edit_title(): benoit@0: if request.method != 'POST': benoit@7: return render_template('document/edit_title.j2', title = get_current()._title, _type = get_current()._type) benoit@0: benoit@0: benoit@0: get_current()._title = request.form['title'] benoit@0: get_current()._type = request.form['type'] benoit@7: return redirect(url_for('.view')) benoit@0: benoit@7: @document.route('/publisher/edit', methods=['GET', 'POST']) benoit@0: @document_required benoit@0: def edit_publisher(): benoit@0: if request.method != 'POST': benoit@7: return render_template('document/edit_publisher.j2', publisher = get_current()._publisher or CVRFPublisher(''), types=CVRFPublisher.TYPES) benoit@0: benoit@0: publisher = CVRFPublisher(request.form['type'], request.form['vendorid'] or None) benoit@0: publisher.setContact(request.form['contact'] or None) benoit@0: publisher.setAuthority(request.form['authority'] or None) benoit@0: get_current().setPublisher(publisher) benoit@7: return redirect(url_for('.view')) benoit@0: benoit@7: @document.route('/tracking/edit', methods=['GET', 'POST']) benoit@0: @document_required benoit@0: def edit_tracking(): benoit@0: wasNone = False benoit@0: tracking = get_current()._tracking benoit@0: if tracking is None: benoit@0: wasNone = True benoit@66: tracking = CVRFTracking(CVRFTrackingID(''), 'Draft', (0,0), utcnow(), utcnow()) benoit@0: generator = tracking._generator benoit@0: if not tracking._generator: benoit@0: generator = CVRFGenerator() benoit@0: if request.method != 'POST': benoit@7: return render_template('document/edit_tracking.j2', tracking=tracking, version='.'.join('%s'%v for v in tracking._version), generator=generator, now=utcnow(), statuses=tracking.STATUSES) benoit@0: benoit@0: tracking._identification._id = request.form['id'] benoit@63: aliases = split_fields(request.form['id_aliases']) benoit@0: tracking._identification._aliases = aliases benoit@0: tracking._status = request.form['status'] benoit@127: version = parseVersion(request.form['version']) benoit@127: if version is None: benoit@127: flash('Cannot parse Version field: "%s"' % request.form['version'], 'warning') benoit@127: else: benoit@127: tracking._version = version benoit@0: tracking._initialDate = parseDate(request.form['initial']) benoit@0: tracking._currentDate = parseDate(request.form['current']) benoit@0: if wasNone: benoit@0: get_current().setTracking(tracking) benoit@0: if (not request.form['gen_engine']) and (not request.form['gen_date']): benoit@0: generator = None benoit@0: else: benoit@0: generator._engine = request.form['gen_engine'] or None benoit@0: if request.form['gen_date']: benoit@0: generator._date = parseDate(request.form['gen_date']) benoit@0: else: benoit@0: generator._date = None benoit@0: tracking.setGenerator(generator) benoit@7: return redirect(url_for('.view')) benoit@0: benoit@7: @document.route('/revision//edit', methods=['GET', 'POST']) benoit@0: @document_required benoit@0: def edit_revision(index): benoit@0: cvrf = get_current() benoit@0: if cvrf._tracking is None: benoit@0: abort(404) benoit@0: try: benoit@0: revision = cvrf._tracking._history[index] benoit@0: except IndexError: benoit@0: abort(404) benoit@0: if request.method != 'POST': benoit@7: return render_template('document/edit_revision.j2', number='.'.join('%s'%v for v in revision._number), date=revision._date, description=revision._description, action='Update') benoit@0: benoit@127: version = parseVersion(request.form['number']) benoit@127: if version is None: benoit@127: flash('Cannot parse Revision Number: %s' % request.form['number']) benoit@127: else: benoit@127: revision._number = version benoit@0: revision._date = parseDate(request.form['date']) benoit@0: revision._description = request.form['description'] benoit@7: return redirect(url_for('.view')) benoit@0: benoit@7: @document.route('/revision/add', methods=['GET', 'POST']) benoit@0: @document_required benoit@0: def add_revision(): benoit@0: tracking = get_current()._tracking benoit@0: if request.method != 'POST': benoit@66: if tracking is None: benoit@66: flash('The tracking information should be set first to be able to add a revision.', 'danger') benoit@66: return redirect(url_for('.edit_tracking')) benoit@0: version = tracking._version benoit@0: version = version[:-1] + (version[-1] + 1,) benoit@7: return render_template('document/edit_revision.j2', number='.'.join("%d"%v for v in version), date=utcnow(), action='Add') benoit@0: benoit@0: version = parseVersion(request.form['number']) benoit@127: if version is None: benoit@127: flash('Cannot parse Revision Number: "%s", assuming "0.0"' % request.form['number']) benoit@127: version = (0,0) benoit@0: date = parseDate(request.form['date']) benoit@0: revision = CVRFRevision(version, date, request.form['description']) benoit@0: tracking.addRevision(revision) benoit@0: if 'update_tracking' in request.form: benoit@0: tracking._version = version benoit@0: tracking._currentDate = date benoit@7: return redirect(url_for('.view')) benoit@0: benoit@73: @document.route('/revision//del', methods=['POST']) benoit@67: @document_required benoit@73: def del_revision(index): benoit@68: history = get_current()._tracking._history benoit@68: if not (0 <= index < len(history)): benoit@68: flash('Revision not found', 'danger') benoit@68: abort(404) benoit@68: del history[index] benoit@67: return redirect(url_for('.view')) benoit@67: benoit@7: @document.route('/distribution/edit', methods=['GET', 'POST']) benoit@0: @document_required benoit@0: def edit_distribution(): benoit@0: if request.method != 'POST': benoit@7: return render_template('document/edit_distribution.j2', distribution=get_current()._distribution) benoit@0: benoit@0: get_current().setDistribution(request.form['distribution']) benoit@7: return redirect(url_for('.view')) benoit@0: benoit@7: @document.route('/severity/edit', methods=['GET', 'POST']) benoit@0: @document_required benoit@0: def edit_severity(): benoit@0: severity = get_current()._aggregateseverity benoit@0: if severity is None: benoit@0: severity = CVRFAggregateSeverity('') benoit@0: if request.method != 'POST': benoit@7: return render_template('document/edit_severity.j2', severity=severity) benoit@0: if not request.form['severity']: benoit@0: severity = None benoit@0: else: benoit@0: severity._severity = request.form['severity'] benoit@0: severity.setNamespace(request.form['namespace'] or None) benoit@0: get_current().setAggregateSeverity(severity) benoit@7: return redirect(url_for('.view')) benoit@0: benoit@7: @document.route('/note/') benoit@0: @document_required benoit@0: def view_note(ordinal): benoit@0: note = get_current().getNote(ordinal) benoit@0: if note is None: benoit@0: abort(404) benoit@7: return render_template('document/view_note.j2', note=note) benoit@0: benoit@7: @document.route('/note//edit', methods=['GET', 'POST']) benoit@0: @document_required benoit@0: def edit_note(ordinal): benoit@0: note = get_current().getNote(ordinal) benoit@0: if note is None: benoit@0: abort(404) benoit@0: if request.method != 'POST': benoit@7: return render_template('document/edit_note.j2', note=note, types = note.TYPES) benoit@0: benoit@58: update_note_from_request(note) benoit@7: return redirect(url_for('.view_note', ordinal=note._ordinal )) benoit@0: benoit@0: benoit@7: @document.route('/note/add', methods=['GET', 'POST']) benoit@0: @document_required benoit@0: def add_note(): benoit@0: if request.method != 'POST': benoit@0: next_ordinal = 1 benoit@0: notes = get_current()._notes benoit@0: if notes: benoit@0: next_ordinal = notes[-1]._ordinal + 1 benoit@7: return render_template('document/edit_note.j2', ordinal=next_ordinal, types=CVRFNote.TYPES, action='Add') benoit@0: benoit@58: note = create_note_from_request() benoit@0: get_current().addNote(note) benoit@7: return redirect(url_for('.view')) benoit@0: benoit@73: @document.route('/note//del', methods=['POST']) benoit@70: @document_required benoit@73: def del_note(ordinal): benoit@70: cvrf = get_current() benoit@70: note = cvrf.getNote(ordinal) benoit@70: if note is None: benoit@70: flash('Note not found', 'danger') benoit@70: abort(404) benoit@73: cvrf._notes.remove(note) benoit@70: return redirect(url_for('.view')) benoit@70: benoit@7: @document.route('/reference//edit', methods=['GET', 'POST']) benoit@0: @document_required benoit@0: def edit_reference(index): benoit@0: try: benoit@0: ref = get_current()._references[index] benoit@0: except IndexError: benoit@0: abort(404) benoit@0: if request.method != 'POST': benoit@7: return render_template('document/edit_reference.j2', _type=ref._type, url=ref._url, description=ref._description, types=('',) + ref.TYPES) benoit@0: benoit@61: update_reference_from_request(ref) benoit@7: return redirect(url_for('.view')) benoit@0: benoit@0: benoit@7: @document.route('/reference/add', methods=['GET', 'POST']) benoit@0: @document_required benoit@0: def add_reference(): benoit@0: if request.method != 'POST': benoit@7: return render_template('document/edit_reference.j2', action='Add', types=('',) + CVRFReference.TYPES) benoit@0: benoit@61: ref = create_reference_from_request() benoit@0: get_current().addReference(ref) benoit@7: return redirect(url_for('.view')) benoit@0: benoit@73: @document.route('/reference//del', methods=['POST']) benoit@72: @document_required benoit@73: def del_reference(index): benoit@72: refs = get_current()._references benoit@72: if not (0 <= index < len(refs)): benoit@72: flash('Reference not found', 'danger') benoit@72: abort(404) benoit@72: del refs[index] benoit@72: return redirect(url_for('.view')) benoit@72: benoit@7: @document.route('/acknowledgment/') benoit@0: @document_required benoit@0: def view_acknowledgment(index): benoit@0: try: benoit@0: ack = get_current()._acknowledgments[index] benoit@0: except IndexError: benoit@0: abort(404) benoit@7: return render_template('document/view_acknowledgment.j2', acknowledgment=ack, index=index, action='Update') benoit@0: benoit@7: @document.route('/acknowledgment//edit', methods=['GET', 'POST']) benoit@0: @document_required benoit@0: def edit_acknowledgment(index): benoit@0: try: benoit@0: ack = get_current()._acknowledgments[index] benoit@0: except IndexError: benoit@0: abort(404) benoit@0: if request.method != 'POST': benoit@64: return render_template('document/edit_acknowledgment.j2', benoit@64: names=ack._names, organizations=ack._organizations, benoit@64: description=ack._description, url=ack._url, benoit@64: action='Update') benoit@0: benoit@60: update_acknowledgment_from_request(ack) benoit@7: return redirect(url_for('.view')) benoit@0: benoit@7: @document.route('/acknowledgment/add', methods=['GET', 'POST']) benoit@0: @document_required benoit@0: def add_acknowledgment(): benoit@0: if request.method != 'POST': benoit@64: return render_template('document/edit_acknowledgment.j2', benoit@64: action='Add') benoit@0: benoit@60: ack = create_acknowledgment_from_request() benoit@0: get_current().addAcknowledgment(ack) benoit@7: return redirect(url_for('.view')) benoit@74: benoit@74: @document.route('/acknowledgment//del', methods=['POST']) benoit@74: @document_required benoit@74: def del_acknowledgment(index): benoit@74: acks = get_current()._acknowledgments benoit@74: if not( 0 <= index < len(acks)): benoit@74: flash('Acknowledgment not found', 'danger') benoit@74: abort(404) benoit@74: del acks[index] benoit@74: return redirect(url_for('.view'))