Source Code of com.denimgroup.threadfix.webapp.controller.AddApplicationController

////////////////////////////////////////////////////////////////////////
//
//     Copyright (c) 2009-2014 Denim Group, Ltd.
//
//     The contents of this file are subject to the Mozilla Public License
//     Version 2.0 (the "License"); you may not use this file except in
//     compliance with the License. You may obtain a copy of the License at
//     http://www.mozilla.org/MPL/
//
//     Software distributed under the License is distributed on an "AS IS"
//     basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
//     License for the specific language governing rights and limitations
//     under the License.
//
//     The Original Code is ThreadFix.
//
//     The Initial Developer of the Original Code is Denim Group, Ltd.
//     Portions created by Denim Group, Ltd. are Copyright (C)
//     Denim Group, Ltd. All Rights Reserved.
//
//     Contributor(s): Denim Group, Ltd.
//
////////////////////////////////////////////////////////////////////////
package com.denimgroup.threadfix.webapp.controller;

import com.denimgroup.threadfix.data.entities.*;
import com.denimgroup.threadfix.data.enums.FrameworkType;
import com.denimgroup.threadfix.logging.SanitizedLogger;
import com.denimgroup.threadfix.remote.response.RestResponse;
import com.denimgroup.threadfix.service.*;
import com.denimgroup.threadfix.service.util.PermissionUtils;
import com.denimgroup.threadfix.webapp.config.FormRestResponse;
import com.denimgroup.threadfix.webapp.validator.BeanValidator;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.WebDataBinder;
import org.springframework.web.bind.annotation.*;

import javax.validation.Valid;
import java.util.List;
import java.util.Map;

import static com.denimgroup.threadfix.CollectionUtils.newMap;

@Controller
@RequestMapping("/organizations/{orgId}/modalAddApp")
@SessionAttributes("application")
public class AddApplicationController {

    @Autowired
  private OrganizationService organizationService = null;
    @Autowired
  private ApplicationService applicationService = null;
    @Autowired
  private DefectTrackerService defectTrackerService = null;
    @Autowired
  private WafService wafService = null;
    @Autowired
  private ApplicationCriticalityService applicationCriticalityService = null;
    @Autowired(required = false)
    private LicenseService licenseService;
    @Autowired
    private TagService tagService;

  private final SanitizedLogger log = new SanitizedLogger(AddApplicationController.class);

  @InitBinder
  public void setAllowedFields(WebDataBinder dataBinder) {
    dataBinder.setAllowedFields("name", "url", "defectTracker.id", "uniqueId",
                "userName", "password", "waf.id", "projectName", "applicationCriticality.id",
                "frameworkType", "repositoryUrl", "repositoryBranch",
                "repositoryUserName", "repositoryPassword", "repositoryFolder", "skipApplicationMerge", "tags[*].id", "tags[*].name");
  }

  public AddApplicationController(){}

  @ModelAttribute
  public List<DefectTracker> populateDefectTrackers() {
    return defectTrackerService.loadAllDefectTrackers();
  }

  @ModelAttribute
  public List<ApplicationCriticality> populateApplicationCriticalities() {
    return applicationCriticalityService.loadAll();
  }

  @ModelAttribute
  public List<Waf> populateWafs() {
    return wafService.loadAll();
  }

  @InitBinder
  public void initBinder(WebDataBinder dataBinder) {
    dataBinder.setValidator(new BeanValidator());
  }

    @RequestMapping(method = RequestMethod.POST, consumes="application/x-www-form-urlencoded",
            produces="application/json")
    public @ResponseBody Object submit(@PathVariable("orgId") int orgId,
                                       @Valid @ModelAttribute Application application, BindingResult result,
                                      Model model) {
        if (!PermissionUtils.isAuthorized(Permission.CAN_MANAGE_APPLICATIONS, orgId, null)) {
            return RestResponse.failure("You don't have permissions to add a new application.");
        }

        if (licenseService != null && !licenseService.canAddApps()) {
            return RestResponse.failure("The current license does not allow the creation of any more applications.");
        }

        Organization team = organizationService.loadById(orgId);

        if (team == null) {
            log.warn(ResourceNotFoundException.getLogMessage("Organization", orgId));
            throw new ResourceNotFoundException();
        }

        String submitResult = submitApp(orgId, application,result,model);

        if (submitResult.equals("Success")) {
            log.info("Successfully created application " + application.getName() + " in team " + team.getName());

            model.addAttribute("application", new Application());

            Map<String, Object> map = newMap();

            map.put("application", application);
            map.put("uploadScan", PermissionUtils.isAuthorized(Permission.CAN_UPLOAD_SCANS, orgId,
                    application.getId()));

            return RestResponse.success(map);
        } else {
            model.addAttribute("organization", team);

            return FormRestResponse.failure(submitResult, result);
        }
    }

    public String submitApp(int orgId, @Valid @ModelAttribute Application application,
                            BindingResult result, Model model) {

        if (!PermissionUtils.isAuthorized(Permission.CAN_MANAGE_APPLICATIONS, orgId, null)) {
            return "403";
        }
        Organization org;
        if (application.getOrganization() == null) {
            org = organizationService.loadById(orgId);
            if (org != null) {
                application.setOrganization(org);
            }
        } else {
            org = application.getOrganization();
        }

        applicationService.validateAfterCreate(application, result);

        if (result.hasErrors()) {
            PermissionUtils.addPermissions(model, null, null, Permission.CAN_MANAGE_DEFECT_TRACKERS,
                    Permission.CAN_MANAGE_WAFS);

            model.addAttribute("org",org);
            model.addAttribute("applicationTypes", FrameworkType.values());
            model.addAttribute("tags", tagService.loadAll());
            model.addAttribute("canSetDefectTracker", PermissionUtils.isAuthorized(
                    Permission.CAN_MANAGE_DEFECT_TRACKERS, orgId, null));

            model.addAttribute("canSetWaf", PermissionUtils.isAuthorized(
                    Permission.CAN_MANAGE_WAFS, orgId, null));

            model.addAttribute("contentPage", "applications/forms/newApplicationForm.jsp");

            return "ajaxFailureHarness";
        } else {

            applicationService.storeApplication(application);

            String user = SecurityContextHolder.getContext().getAuthentication().getName();
            log.debug("User " + user + " has created an Application with the name " + application.getName() +
                    ", the ID " + application.getId() +
                    ", and the Organization " + application.getOrganization().getName());

            return "Success";
        }
    }
}