From 22d233dcc865326ff9b04726ef3c5f32a414dda4 Mon Sep 17 00:00:00 2001
From: Max Magorsch <arzano@gentoo.org>
Date: Mon, 20 Apr 2020 13:57:08 +0200
Subject: Add permission for manually creating CVEs

Signed-off-by: Max Magorsch <arzano@gentoo.org>
---
 pkg/app/handler/admin/edit.go                   |  2 ++
 pkg/app/handler/cvetool/new.go                  |  2 +-
 pkg/app/utils.go                                |  1 +
 pkg/models/users/user.go                        |  1 +
 web/templates/admin/components/permissions.tmpl | 20 ++++++++++++++++++--
 5 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/pkg/app/handler/admin/edit.go b/pkg/app/handler/admin/edit.go
index 8cf9291..c618678 100644
--- a/pkg/app/handler/admin/edit.go
+++ b/pkg/app/handler/admin/edit.go
@@ -152,6 +152,7 @@ func EditPermissions(w http.ResponseWriter, r *http.Request) {
 		cveView := getArrayParam("cve-view", r)
 		cveUpdateCVEs := getArrayParam("cve-updateCVEs", r)
 		cveComment := getArrayParam("cve-comment", r)
+		cveAddCVE := getArrayParam("cve-addCVE", r)
 		cveAddPackage := getArrayParam("cve-addPackage", r)
 		cveChangeState := getArrayParam("cve-changeState", r)
 		cveAssignBug := getArrayParam("cve-assignBug", r)
@@ -181,6 +182,7 @@ func EditPermissions(w http.ResponseWriter, r *http.Request) {
 					View:        containsInt(cveView, changedUser.Id),
 					UpdateCVEs:  containsInt(cveUpdateCVEs, changedUser.Id),
 					Comment:     containsInt(cveComment, changedUser.Id),
+					AddCVE:      containsInt(cveAddCVE, changedUser.Id),
 					AddPackage:  containsInt(cveAddPackage, changedUser.Id),
 					ChangeState: containsInt(cveChangeState, changedUser.Id),
 					AssignBug:   containsInt(cveAssignBug, changedUser.Id),
diff --git a/pkg/app/handler/cvetool/new.go b/pkg/app/handler/cvetool/new.go
index 782efd7..10a1f23 100644
--- a/pkg/app/handler/cvetool/new.go
+++ b/pkg/app/handler/cvetool/new.go
@@ -16,7 +16,7 @@ func New(w http.ResponseWriter, r *http.Request) {
 
 	user := utils.GetAuthenticatedUser(r)
 
-	if !user.Permissions.Glsa.View {
+	if !user.Permissions.CVETool.AddCVE {
 		authentication.AccessDenied(w, r)
 		return
 	}
diff --git a/pkg/app/utils.go b/pkg/app/utils.go
index 9d66c13..e442d12 100644
--- a/pkg/app/utils.go
+++ b/pkg/app/utils.go
@@ -27,6 +27,7 @@ func defaultAdminPermissions() users.Permissions {
 			View:        true,
 			UpdateCVEs:  true,
 			Comment:     true,
+			AddCVE:      true,
 			AddPackage:  true,
 			ChangeState: true,
 			AssignBug:   true,
diff --git a/pkg/models/users/user.go b/pkg/models/users/user.go
index b8a60d6..e4b4e4b 100644
--- a/pkg/models/users/user.go
+++ b/pkg/models/users/user.go
@@ -111,6 +111,7 @@ type CVEToolPermissions struct {
 	View        bool
 	UpdateCVEs  bool
 	Comment     bool
+	AddCVE      bool
 	AddPackage  bool
 	ChangeState bool
 	AssignBug   bool
diff --git a/web/templates/admin/components/permissions.tmpl b/web/templates/admin/components/permissions.tmpl
index 32b7dc6..b3b3cf4 100644
--- a/web/templates/admin/components/permissions.tmpl
+++ b/web/templates/admin/components/permissions.tmpl
@@ -11,7 +11,7 @@
                     <tr>
                         <td style="border-top:none;"></td>
                         <th colspan="11" class="border-0">GLSA</th>
-                        <th colspan="6" class="border-0">CVE</th>
+                        <th colspan="7" class="border-0">CVE</th>
                         <th colspan="4" class="border-0">Admin</th>
                     </tr>
                     <tr>
@@ -60,6 +60,9 @@
                         <th title="Add comments to CVEs">
                             <i class="fa fa-commenting-o" aria-hidden="true"></i>
                         </th>
+                        <th title="Manually create CVEs">
+                            <i class="fa fa-plus" aria-hidden="true"></i>
+                        </th>
                         <th title="Add packages to CVEs">
                             <i class="fa fa-hdd-o" aria-hidden="true"></i>
                         </th>
@@ -188,6 +191,13 @@
                                         <i class="fa fa-times" style="color: darkred;" aria-hidden="true"></i>
                                     {{end}}
                                 </td>
+                                <td>
+                                    {{if .Permissions.CVETool.AddCVE}}
+                                        <i class="fa fa-check" style="color: green;" aria-hidden="true"></i>
+                                    {{else}}
+                                        <i class="fa fa-times" style="color: darkred;" aria-hidden="true"></i>
+                                    {{end}}
+                                </td>
                                 <td>
                                     {{if .Permissions.CVETool.AddPackage}}
                                         <i class="fa fa-check" style="color: green;" aria-hidden="true"></i>
@@ -265,7 +275,7 @@
                         <tr>
                             <td style="border-top:none;"></td>
                             <th colspan="11" class="border-0">GLSA</th>
-                            <th colspan="6" class="border-0">CVE</th>
+                            <th colspan="7" class="border-0">CVE</th>
                             <th colspan="4" class="border-0">Admin</th>
                         </tr>
                         <tr>
@@ -314,6 +324,9 @@
                             <th title="Add comments to CVEs">
                                 <i class="fa fa-commenting-o" aria-hidden="true"></i>
                             </th>
+                            <th title="Manually create CVEs">
+                                <i class="fa fa-plus" aria-hidden="true"></i>
+                            </th>
                             <th title="Add packages to CVEs">
                                 <i class="fa fa-hdd-o" aria-hidden="true"></i>
                             </th>
@@ -389,6 +402,9 @@
                                 <td>
                                     <input name="cve-comment" type="checkbox" value="{{.Id}}" {{if .Permissions.CVETool.Comment}}checked{{end}}/>
                                 </td>
+                                <td>
+                                    <input name="cve-addCVE" type="checkbox" value="{{.Id}}" {{if .Permissions.CVETool.AddCVE}}checked{{end}}/>
+                                </td>
                                 <td>
                                     <input name="cve-addPackage" type="checkbox" value="{{.Id}}" {{if .Permissions.CVETool.AddPackage}}checked{{end}}/>
                                 </td>
-- 
cgit v1.2.3-65-gdbad