def mutate(self, info, finding_id, **parameters):
user_email = util.get_jwt_content(info.context)['user_email']
project_name = get_project_name(finding_id)
if parameters['treatment'] == 'IN PROGRESS':
if parameters.get('treatment_manager'):
project_users = [user[0]
for user in integrates_dao.get_project_users(project_name)
if user[1] == 1]
customer_roles = ["customer", "customeradmin"]
customer_users = [user
for user in project_users
if integrates_dao.get_role_dao(user) in customer_roles]
if parameters.get('treatment_manager') not in customer_users:
raise GraphQLError('Invalid treatment manager')
else:
raise GraphQLError('Invalid treatment manager')
elif parameters['treatment'] == 'ACCEPTED':
parameters['treatment_manager'] = user_email
success = update_treatment(finding_id, parameters, user_email)
if success:
util.cloudwatch_log(info.context, 'Security: Updated treatment in\
finding {id} succesfully'.format(id=finding_id))
else:
util.cloudwatch_log(info.context, 'Security: Attempted to update \
treatment in finding {id}'.format(id=finding_id))
ret = UpdateTreatment(success=success,
finding=Finding(finding_id))
util.invalidate_cache(finding_id)
util.invalidate_cache(project_name)
return ret
def mutate(self, info, **parameters):
project_name = parameters.get('project_name').lower()
email = util.get_jwt_content(info.context)["user_email"]
current_time = datetime.now().strftime('%Y-%m-%d %H:%M:%S')
comment_id = int(round(time.time() * 1000))
comment_data = {
'user_id': comment_id,
'content': parameters.get('content'),
'created': current_time,
'fullname':
str.join(' ', [info.context.session['first_name'],
info.context.session['last_name']]),
'modified': current_time,
'parent': int(parameters.get('parent'))
}
success = add_comment(project_name, email, comment_data)
if success:
util.cloudwatch_log(info.context, 'Security: Added comment to \
{project} project succesfully'.format(project=project_name))
else:
util.cloudwatch_log(info.context, 'Security: Attempted to add \
comment in {project} project'.format(project=project_name))
ret = AddProjectComment(success=success, comment_id=comment_id)
util.invalidate_cache(project_name)
return ret
def mutate(self, info, **parameters):
if parameters.get('type') in ['comment', 'observation']:
user_data = util.get_jwt_content(info.context)
if parameters.get('type') == 'observation' and user_data['user_role'] not in \
['analyst', 'admin']:
util.cloudwatch_log(info.context, 'Security: \
Unauthorized role attempted to add observation')
raise GraphQLError('Access denied')
user_email = user_data['user_email']
comment_id = int(round(time() * 1000))
success = add_comment(
user_email=user_email,
user_fullname=str.join(' ', [info.context.session['first_name'],
info.context.session['last_name']]),
parent=parameters.get('parent'),
content=parameters.get('content'),
comment_type=parameters.get('type'),
comment_id=comment_id,
finding_id=parameters.get('finding_id'),
is_remediation_comment=False
)
else:
raise GraphQLError('Invalid comment type')
if success:
util.cloudwatch_log(info.context, 'Security: Added comment in\
finding {id} succesfully'.format(id=parameters.get('finding_id')))
else:
util.cloudwatch_log(info.context, 'Security: Attempted to add \
comment in finding {id}'.format(id=parameters.get('finding_id')))
ret = AddFindingComment(success=success, comment_id=comment_id)
util.invalidate_cache(parameters.get('finding_id'))
return ret
def resolve_observations(self, info):
""" Resolve observations attribute """
self.observations = list_comments(
user_email=util.get_jwt_content(info.context)['user_email'],
comment_type='observation',
finding_id=self.id
)
return self.observations
def resolve_projects(self, info):
jwt_content = util.get_jwt_content(info.context)
user_email = jwt_content.get('user_email')
for project in integrates_dao.get_projects_by_user(user_email):
self.projects.append(
Project(project_name=project[0], description=project[1]))
return self.projects
def resolve_role(self, info, project_name=None):
jwt_content = util.get_jwt_content(info.context)
role = jwt_content.get('user_role')
if project_name and role == 'customer':
email = jwt_content.get('user_email')
role = 'customeradmin' if is_customeradmin(project_name,
email) else 'customer'
self.role = role
return self.role
def resolve_users(self, info):
""" Resolve project users """
init_emails = integrates_dao.get_project_users(self.name)
init_email_list = [user[0] for user in init_emails if user[1] == 1]
user_email_list = util.user_email_filter(init_email_list,
util.get_jwt_content(info.context)['user_email'])
self.users = [User(self.name, user_email) for user_email in user_email_list]
return self.users
def mutate(self, info, **parameters):
user_email = util.get_jwt_content(info.context)['user_email']
success = verify_finding(
finding_id=parameters.get('finding_id'),
user_email=user_email
)
util.cloudwatch_log(info.context, 'Security: Verified the finding_id:\
{id}'.format(id=parameters.get('finding_id')))
ret = VerifyFinding(success=success)
util.invalidate_cache(parameters.get('finding_id'))
return ret
def mutate(self, info, remember):
user_email = get_jwt_content(info.context)["user_email"]
is_registered = integrates_dao.is_registered_dao(user_email) == '1'
if is_registered:
integrates_dao.update_legal_remember_dynamo(user_email, remember)
success = True
else:
success = False
info.context.session['accept_legal'] = success
return AcceptLegal(success=success)
def mutate(self, info, finding_id, justification):
user_email = util.get_jwt_content(info.context)['user_email']
success = request_verification(
finding_id=finding_id,
user_email=user_email,
user_fullname=str.join(' ',
[info.context.session['first_name'],
info.context.session['last_name']]),
justification=justification
)
util.cloudwatch_log(info.context, 'Security: Verified a request in finding_id:\
{id}'.format(id=finding_id))
ret = RequestVerification(success=success)
util.invalidate_cache(finding_id)
return ret
def mutate(self, info, finding_id):
reviewer_email = util.get_jwt_content(info.context)['user_email']
try:
project_name = get_project_name(finding_id)
success = reject_draft(finding_id, reviewer_email, project_name)
util.invalidate_cache(finding_id)
util.invalidate_cache(project_name)
except KeyError:
raise GraphQLError('DRAFT_NOT_FOUND')
if success:
util.cloudwatch_log(info.context, 'Security: Deleted draft in\
finding {id} succesfully'.format(id=finding_id))
else:
util.cloudwatch_log(info.context, 'Security: Attempted to delete \
draft in finding {id}'.format(id=finding_id))
return DeleteDraft(success=success)
def update_event(event_id, affectation, info):
"""Update an event associated to a project."""
request = info.context
event_data = {}
has_error = False
updated = False
if affectation.isdigit():
if int(affectation) >= 0:
event_data['event_status'] = 'SOLVED'
else:
rollbar.report_message(
'Error: Affectation can not be a negative number', 'error',
request)
has_error = True
else:
rollbar.report_message('Error: Affectation must be a number', 'error',
request)
has_error = True
if has_error:
# Couldn't update the eventuality because it has error
pass
else:
event_data['affectation'] = affectation
primary_keys = ['event_id', event_id]
table_name = 'fi_events'
closer = util.get_jwt_content(info.context)['user_email']
event_data['closer'] = closer
event_migrated = integrates_dao.add_multiple_attributes_dynamo(
table_name, primary_keys, event_data)
if event_migrated:
updated = True
else:
rollbar.report_message('Error: An error ocurred updating event',
'error', request)
has_error = True
if has_error and not updated:
resp = False
else:
resp = True
return resp
def resolve_comments(self, info):
self.comments = list_comments(
user_email=util.get_jwt_content(info.context)['user_email'],
project_name=self.name)
return self.comments
